From c6c9e6103e34ff515afbb5e7b763b233ea7cacda Mon Sep 17 00:00:00 2001 From: Pierre Bourdin Date: Wed, 31 Aug 2022 16:14:52 +0200 Subject: [PATCH] [enh] deny dotfiles in Apache2 with PHP conf in Vhost --- apache2/php56-fpm.conf | 7 ++++++- apache2/php70-fpm.conf | 7 ++++++- apache2/php71-fpm.conf | 7 ++++++- apache2/php72-fpm.conf | 5 +++++ apache2/php73-fpm.conf | 7 ++++++- apache2/php74-fpm.conf | 5 +++++ 6 files changed, 34 insertions(+), 4 deletions(-) diff --git a/apache2/php56-fpm.conf b/apache2/php56-fpm.conf index 70a7275..84b377d 100644 --- a/apache2/php56-fpm.conf +++ b/apache2/php56-fpm.conf @@ -4,7 +4,12 @@ AssignUserId #%%UID%% #%%GID%% SetEnv LOGIN "%%UID%%-%%LOGIN%%" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + + # Deny all dot files expect .well-known + + Require all denied + + SetHandler "proxy:unix:/run/php/php5.6-%%LOGIN%%.sock|fcgi://localhost" diff --git a/apache2/php70-fpm.conf b/apache2/php70-fpm.conf index 60ac76d..f3b3d30 100644 --- a/apache2/php70-fpm.conf +++ b/apache2/php70-fpm.conf @@ -4,7 +4,12 @@ AssignUserId #%%UID%% #%%GID%% SetEnv LOGIN "%%UID%%-%%LOGIN%%" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + + # Deny all dot files expect .well-known + + Require all denied + + SetHandler "proxy:unix:/run/php/php7.0-%%LOGIN%%.sock|fcgi://localhost" diff --git a/apache2/php71-fpm.conf b/apache2/php71-fpm.conf index c6a7e25..e4f5588 100644 --- a/apache2/php71-fpm.conf +++ b/apache2/php71-fpm.conf @@ -4,7 +4,12 @@ AssignUserId #%%UID%% #%%GID%% SetEnv LOGIN "%%UID%%-%%LOGIN%%" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + + # Deny all dot files expect .well-known + + Require all denied + + SetHandler "proxy:unix:/run/php/php7.1-%%LOGIN%%.sock|fcgi://localhost" diff --git a/apache2/php72-fpm.conf b/apache2/php72-fpm.conf index 51649cc..dce1eb7 100644 --- a/apache2/php72-fpm.conf +++ b/apache2/php72-fpm.conf @@ -5,6 +5,11 @@ SetEnv LOGIN "%%UID%%-%%LOGIN%%" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + # Deny all dot files expect .well-known + + Require all denied + + SetHandler "proxy:unix:/run/php/php7.2-%%LOGIN%%.sock|fcgi://localhost" diff --git a/apache2/php73-fpm.conf b/apache2/php73-fpm.conf index 21354e2..dc90d79 100644 --- a/apache2/php73-fpm.conf +++ b/apache2/php73-fpm.conf @@ -4,7 +4,12 @@ AssignUserId #%%UID%% #%%GID%% SetEnv LOGIN "%%UID%%-%%LOGIN%%" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - + + # Deny all dot files expect .well-known + + Require all denied + + SetHandler "proxy:unix:/run/php/php7.3-%%LOGIN%%.sock|fcgi://localhost" diff --git a/apache2/php74-fpm.conf b/apache2/php74-fpm.conf index 695abe1..5b4fde4 100644 --- a/apache2/php74-fpm.conf +++ b/apache2/php74-fpm.conf @@ -5,6 +5,11 @@ SetEnv LOGIN "%%UID%%-%%LOGIN%%" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + # Deny all dot files expect .well-known + + Require all denied + + SetHandler "proxy:unix:/run/php/php7.4-%%LOGIN%%.sock|fcgi://localhost"