The only solution is to remove the FileInfo override, and merge all the
changes in your vhost. Users should not be allowed to override the vhost
configuration.
Yes, that means they also cannot add their own mod_rewrite recipes, but
that is a good thing.
On Thu, 6 Oct 2022 at 09:07, William Edwards <wedwa...@cyberfusion.nl>
wrote:
>
> Op 6 okt. 2022 om 13:50 heeft Patrik Peng <patrik.p...@hostpoint.ch> het
> volgende geschreven:
>
>
>
> Hi there
>
> I'm trying to create a multi user setup with Apache/2.4.54, mod_proxy_fcgi
> and PHP-FPM on a FreeBSD machine.
> I already got a working solution with php-fpm running and the following
> config in the user's .htaccess:
>
> ---8<---
> <If "%{REQUEST_FILENAME} =~ /\.php$/ && -f %{REQUEST_FILENAME}">
> SetHandler "proxy:unix:/var/run/php-fpm/user1-php81.sock|fcgi://user1"
> </If>
> ---8<---
>
> But now there's the issue, that user1 can edit his htaccess file to
> something like this:
>
> SetHandler "proxy:unix:/var/run/php-fpm/user2-php81.sock|fcgi://user2"
>
> and run his PHP code with a different user. How can I prevent this?
>
> - Denying the usage of "SetHandler/AddHandler" in .htaccess and moving
> the above config into the virtualhost config would not be desired
> as there are lots of pre existing user installations using these
> directives in their installations.
>
> - Changing the permissions on the fpm unix socket doesn't work as
> apache always accesses it with its www user.
>
> Maybe someone can help me further.
>
>
> You already have the solution. What do you need help with? :D
>
> Regards,
> Patrik
>
>
