I'm trying to set up a server that parses .HTML file for PHP.
Operating System: Amazon Linux 2
PHP version: 8.0.8
Apache version: 2.4.51
/etc/httpd/conf.d/php.conf
#
# Allow php to handle Multiviews
#
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php index.html
#
# Redirect to local php-fpm (no mod_php in default configuration)
#
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(. )" HTTP_AUTHORIZATION=$1
<FilesMatch \.(php|phar)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
The change I'm making is adding HTML to the FilesMatch clause here:
<FilesMatch \.(php|phar|html)$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>
When I do that I see these errors:
[proxy_fcgi:debug] [pid 20974] mod_proxy_fcgi.c(1063): [client 1.1.1.1:49893] AH01078: serving URL fcgi://localhost/home/web-system-sites/dev.example.com/index.html
[proxy:debug] [pid 20974] proxy_util.c(2528): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 20974] proxy_util.c(2583): [client 1.1.1.1:49893] AH00944: connecting fcgi://localhost/home/web-system-sites/dev.example.com/index.html to localhost:8000
[proxy:debug] [pid 20974] proxy_util.c(2620): [client 1.1.1.1:49893] AH02545: fcgi: has determined UDS as /run/php-fpm/www.sock
[proxy:debug] [pid 20974] proxy_util.c(2806): [client 1.1.1.1:49893] AH00947: connected /home/web-system-sites/dev.example.com/index.html to httpd-UDS:0
[proxy:debug] [pid 20974] proxy_util.c(3177): AH02823: FCGI: connection established with Unix domain socket /run/php-fpm/www.sock (*)
[proxy_fcgi:error] [pid 20974] [client 1.1.1.1:49893] AH01071: Got error 'Access to the script '/home/web-system-sites/dev.example.com/index.html' has been denied (see security.limit_extensions)'
CodePudding user response:
After reading my error messages a second time I saw this, "see security.limit_extensions" and then I added .HTML here:
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php .html
and it works like a charm