Hi thereI'm trying to create a multi user setup with Apache/2.4.54, mod_proxy_fcgi and PHP-FPM on a FreeBSD machine. I already got a working solution with php-fpm running and the following config in the user's .htaccess:
---8<---
<If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}">
SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1"
</If>
---8<---
But now there's the issue, that user1 can edit his htaccess file to
something like this:
SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2" and run his PHP code with a different user. How can I prevent this? * Denying the usage of "SetHandler/AddHandler" in .htaccess and moving the above config into the virtualhost config would not be desired as there are lots of pre existing user installations using these directives in their installations. * Changing the permissions on the fpm unix socket doesn't work as apache always accesses it with its www user. Maybe someone can help me further. Regards, Patrik
OpenPGP_signature
Description: OpenPGP digital signature
