php.htaccessapache2

.htaccess deny file access does work for all types but not for php files


I'm on an apache2 installation and want to deny access to a specific php file with a .htaccess file

<Files test.php>
  Require all denied
</Files>

Which does not work. However, denying access to a different file type does work as expected

<Files test.html>
  Require all denied
</Files>

I've tried with various file types, all work as expected, except for php files. What do I miss here? I'm using php-fpm.

Solution

Got it working now, the solution from @life888888 down below guided me to the right direction. The main issue was, that there's an entry in my site config, which got added by the webpanel I'm using

ProxyPassMatch ^(.*\.php)$ fcgi://127.0.0.1:9000/var/www/vhosts/example.com/httpdocs/$1

Commenting out this line and adding

<FilesMatch \.php$>
  SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

instead solved it. Now calls to php scripts are still using PFP-FPM, but htaccess and other directives are working now as expected!

Thanks again so much for all the help and comments, especially from @life888888


Solution

  • Apache 2 + php-fpm

    My Test Environment

    Ubuntu 20.04

    Install Apache 2 And Php

    sudo apt update
    sudo apt upgrade -y 
    sudo apt install apache2 -y
    sudo apt install php php-fpm -y
    sudo apt install libapache2-mod-fcgid -y
    

    Enable Necessary Apache Modules

    sudo a2enmod proxy_fcgi setenvif
    

    Configure Apache to Use PHP-FPM

    sudo nano /etc/apache2/sites-available/000-default.conf
    

    Within the <VirtualHost *:80> block, add the following lines:

    <VirtualHost *:80>
        ...
        
        # PHP-FPM Configuration
        <FilesMatch \.php$>
            SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
        </FilesMatch>
    
        <Files "info.php">
            Require all denied
        </Files>
        ...
    </VirtualHost>
    

    Note: Ensure to replace php7.4-fpm.sock with the actual socket path for your PHP version. You can check this by looking into the /run/php/ directory.

    Note: No .htaccess , I put it in /etc/apache2/sites-available/000-default.conf

    Restart Apache and PHP-FPM Services

    sudo systemctl restart apache2
    sudo systemctl restart php7.4-fpm
    

    Create Test php

    sudo nano /var/www/html/info.php
    

    Add the following content:

    <?php
    phpinfo();
    ?>
    
    sudo nano /var/www/html/info2.php
    

    Add the following content:

    <?php
    phpinfo();
    ?>
    

    Test 1

    use Firefox or curl open http://localhost/info2.php

    Test 2

    use Firefox or curl open http://localhost/info.php

    will get error:

    403 Forbidden
    
    You don't have permission to access this resource.
    Apache/2.4.41 (Ubuntu) Server at localhost Port 80
    

    IMPORTANT:

    if test all ok , delete /var/www/html/info.php and /var/www/html/info2.php

    Summary

    I am test all steps OK in my ubuntu 20.4

    My test environment always starts with re-copying a cleanly initialized Ubuntu VM.