Question 387872 in PHP Question posted in
Official manual can be found here.

.htaccess deny file access does work for all types but not for php files

I’m on an apache2 installation and want to deny access to a specific php file with a .htaccess file

<Files test.php>
  Require all denied
</Files>

Which does not work. However, denying access to a different file type does work as expected

<Files test.html>
  Require all denied
</Files>

I’ve tried with various file types, all work as expected, except for php files. What do I miss here? I’m using php-fpm.

Tags:

2

Answers


  1. 0

    My Test Environment

    Ubuntu 20.04

    Install Apache 2 And Php

    sudo apt update
sudo apt upgrade
sudo apt install apache2
sudo apt install php libapache2-mod-php php-mysql

    Start Apache

    sudo systemctl start apache2
sudo systemctl enable apache2
sudo systemctl status apache2

    modify /etc/hosts

    append demoweb and demoweb.local into 127.0.0.1

    127.0.0.1       localhost demoweb demoweb.local

    test demoweb.local

    ping demoweb.local

    Create My Domain – demoweb

    Create Domain Directory

    sudo mkdir -p /var/www/demoweb

    Create Domain index.html

    /var/www/demoweb/index.html

    <html>
<head>
<title>Welcome to demo.local</title>
</head>
<body>
<h1>Success! The demoweb.local server block is working!</h1>
</body>
</html>

    Create Domain Config

    /etc/apache2/sites-available/demoweb.conf

    <VirtualHost *:80>
    ServerAdmin webmaster@demoweb
    ServerName demoweb
    ServerAlias demoweb.local
    DocumentRoot /var/www/demoweb
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

  <Directory "/var/www/demoweb">
         AllowOverride All
  </Directory>

</VirtualHost>

    Very Important

      <Directory "/var/www/demoweb">
         AllowOverride All
  </Directory>

    Enable your Domain

    sudo a2ensite demoweb.conf
sudo systemctl reload apache2

    Create your .htaccess

    /var/www/demoweb/.htaccess

    <Files info.php>
  Require all denied
</Files>

    Create Test php

    /var/www/demoweb/info.php

    <?php
phpinfo();
?>

    /var/www/demoweb/info2.php

    <?php
phpinfo();
?>

    Restart Apache

    sudo systemctl restart apache2

    Test 1

    use Firefox or curl open http://demoweb.local/info2.php

    Test 2

    use Firefox or curl open http://demoweb.local/info.php

    will get error:

    403 Forbidden

You don't have permission to access this resource.
Apache/2.4.41 (Ubuntu) Server at demoweb.local Port 80

    IMPORTANT:

    if test all ok , delete /var/www/demoweb/info2.php and /var/www/demoweb/info.php

    Summary

    I am test all steps OK in my ubuntu 20.4

    Login or Signup to reply.
  2. 0

    Apache 2 + php-fpm

    My Test Environment

    Ubuntu 20.04

    Install Apache 2 And Php

    sudo apt update
sudo apt upgrade -y 
sudo apt install apache2 -y
sudo apt install php php-fpm -y
sudo apt install libapache2-mod-fcgid -y

    Enable Necessary Apache Modules

    sudo a2enmod proxy_fcgi setenvif

    Configure Apache to Use PHP-FPM

    sudo nano /etc/apache2/sites-available/000-default.conf

    Within the <VirtualHost *:80> block, add the following lines:

    <VirtualHost *:80>
    ...
    
    # PHP-FPM Configuration
    <FilesMatch .php$>
        SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>

    <Files "info.php">
        Require all denied
    </Files>
    ...
</VirtualHost>

    Note: Ensure to replace php7.4-fpm.sock with the actual socket path for your PHP version. You can check this by looking into the /run/php/ directory.

    Note: No .htaccess , I put it in /etc/apache2/sites-available/000-default.conf

    Restart Apache and PHP-FPM Services

    sudo systemctl restart apache2
sudo systemctl restart php7.4-fpm

    Create Test php

    sudo nano /var/www/html/info.php

    Add the following content:

    <?php
phpinfo();
?>

    sudo nano /var/www/html/info2.php

    Add the following content:

    <?php
phpinfo();
?>

    Test 1

    use Firefox or curl open http://localhost/info2.php

    Test 2

    use Firefox or curl open http://localhost/info.php

    will get error:

    403 Forbidden

You don't have permission to access this resource.
Apache/2.4.41 (Ubuntu) Server at localhost Port 80

    IMPORTANT:

    if test all ok , delete /var/www/html/info.php and /var/www/html/info2.php

    Summary

    I am test all steps OK in my ubuntu 20.4

    My test environment always starts with re-copying a cleanly initialized Ubuntu VM.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search