Related

Product App Platform: Run PHP apps without managing servers Product
Unable to send puch notification on IOS Question Question
Can't install php-soap to my PHP 7.0 centos Question Question

Question

htaccess folder protection + php7.0-fpm/fastcgi : .php files still accessible

Posted February 14, 2016 3.5k views
UbuntuApachePHPConfiguration Management

Hello,

I’ve setup a small droplet with php7.0-fpm/fastcgi, apache 2.4 on a Ubuntu 14.04.
Everything runs smoothly, except one small detail :

The thing is I want to protect a folder via a classic .htaccess protection, nothing fancy.

But, if I go to “my-droplet-ip/my-protected-folder/my-file.php”, I still can access it, even with an htaccess configured.

If I go to “my-droplet-ip/my-protected-folder”, the login/pass prompt shows up like expected.
Same normal behavior for “my-droplet-ip/my-protected-folder/a-file.(html/png/ini…)”

I’ve read many things, like the fact that fastcgi could “process” php files before htaccess, but I can’t really figure why/how.

Any idea?

Thanks!

Jehan

Add a comment
jehan
By:
jehan

Related

Product App Platform: Run PHP apps without managing servers Product
Unable to send puch notification on IOS Question Question
Can't install php-soap to my PHP 7.0 centos Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer
jehan February 16, 2016

Eureka.

Short story, don’t use :

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/$1

to handle php files with FastCGI, because it seems that ProxyPassMatch directives are evaluated before the .htaccess.

Better use :

<FilesMatch \.php$>
    SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

More details over there.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help