Op 6 okt. 2022 om 13:50 heeft Patrik Peng <patrik.peng@xxxxxxxxxxxx> het volgende geschreven:Hi there
I'm trying to create a multi user setup with Apache/2.4.54, mod_proxy_fcgi and PHP-FPM on a FreeBSD machine.
I already got a working solution with php-fpm running and the following config in the user's .htaccess:---8<--- <If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}"> SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1" </If> ---8<---But now there's the issue, that user1 can edit his htaccess file to something like this:
SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2"and run his PHP code with a different user. How can I prevent this?
- Denying the usage of "SetHandler/AddHandler" in .htaccess and moving the above config into the virtualhost config would not be desired
as there are lots of pre existing user installations using these directives in their installations.
- Changing the permissions on the fpm unix socket doesn't work as apache always accesses it with its www user.
Maybe someone can help me further.
You already have the solution. What do you need help with? :D
Regards,
Patrik
|