php.htaccessapache2

.htaccess deny file access does work for all types but not for php files

I'm on an apache2 installation and want to deny access to a specific php file with a .htaccess file

<Files test.php>
  Require all denied
</Files>

Which does not work. However, denying access to a different file type does work as expected

<Files test.html>
  Require all denied
</Files>

I've tried with various file types, all work as expected, except for php files. What do I miss here? I'm using php-fpm.

Solution

Got it working now, the solution from @life888888 down below guided me to the right direction. The main issue was, that there's an entry in my site config, which got added by the webpanel I'm using

ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9000/var/www/vhosts/example.com/httpdocs/$1

Commenting out this line and adding

<FilesMatch \.php$>
  SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

instead solved it. Now calls to php scripts are still using PFP-FPM, but htaccess and other directives are working now as expected!

Thanks again so much for all the help and comments, especially from @life888888

Solution

  • Apache 2 + php-fpm

    My Test Environment

    Ubuntu 20.04

    Install Apache 2 And Php

    sudo apt update
sudo apt upgrade -y 
sudo apt install apache2 -y
sudo apt install php php-fpm -y
sudo apt install libapache2-mod-fcgid -y

    Enable Necessary Apache Modules

    sudo a2enmod proxy_fcgi setenvif

    Configure Apache to Use PHP-FPM

    sudo nano /etc/apache2/sites-available/000-default.conf

    Within the <VirtualHost *:80> block, add the following lines:

    <VirtualHost *:80>
    ...
    
    # PHP-FPM Configuration
    <FilesMatch \.php$>
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>

    <Files "info.php">
        Require all denied
    </Files>
    ...
</VirtualHost>

    Note: Ensure to replace php7.4-fpm.sock with the actual socket path for your PHP version. You can check this by looking into the /run/php/ directory.

    Note: No .htaccess , I put it in /etc/apache2/sites-available/000-default.conf

    Restart Apache and PHP-FPM Services

    sudo systemctl restart apache2
sudo systemctl restart php7.4-fpm

    Create Test php

    sudo nano /var/www/html/info.php

    Add the following content:

    <?php
phpinfo();
?>

    sudo nano /var/www/html/info2.php

    Add the following content:

    <?php
phpinfo();
?>

    Test 1

    use Firefox or curl open http://localhost/info2.php

    Test 2

    use Firefox or curl open http://localhost/info.php

    will get error:

    403 Forbidden

You don't have permission to access this resource.
Apache/2.4.41 (Ubuntu) Server at localhost Port 80

    IMPORTANT:

    if test all ok , delete /var/www/html/info.php and /var/www/html/info2.php

    Summary

    I am test all steps OK in my ubuntu 20.4

    My test environment always starts with re-copying a cleanly initialized Ubuntu VM.