Hello all. I have a working site where I'd need to make a SMB share available in a subfolder. The export itself is not a problem and works even too well: users are able to create php files in their exported folders and these files gets interpreted by php-fpm. I tried adding a section like: Code: # Do not execute PHP files in users directories <Directory "{DOCROOT_CLIENT}/users/"> <ifModule mod_security2.c> SecRuleRemoveById 960015 SecRuleRemoveById 960032 </ifModule> <Files "*"> SetHandler None SetHandler default-handler Options -ExecCGI RemoveHandler .php </Files> AllowOverride AuthConfig Indexes Limit Options Require all granted <FilesMatch "^\.ht"> Require all denied </FilesMatch> </Directory> to the "Options" tab (copied from the section that should disable php for webdav folders, and trying many variations for "Files" section), but the only "solution" that seems to work is having a "Require all denied" line (using Files "*.php" or a FilesMatch like the one in webdav section). I first tried {DOCROOT}/users/ for Directory, but it didn't match the requests. I also tried restarting php7.4-fpm process just to be sure. What am I doing wrong or missing? I'm quite sure that's something easy, but can't find it Tks, Diego
RemoveHanlder should do it, try putting it outside <Files>. Something like: Code: <Directory "{DOCROOT_CLIENT}/users/"> DirectoryIndex index.html <IfModule mod_mime.c> RemoveHandler .php .phtml .php3 .php4 .php5 RemoveType .php .phtml .php3 .php4 .php5 AddType text/plain .php </IfModule> <IfModule mod_php5.c> php_flag engine off </IfModule> ...other stuff... </Directory> If that doesn't work, try using the exact FilesMatch which the SetHandler uses, '<FilesMatch "\.php[345]?$">' for the RemoveHandler (or SetHandler None); I don't know what match takes precedence offhand.
Tks, but it still interprets php files. I tried your snippet, then tried removing ifmodule (making RemoveHandler a direct child of Directory). Same result. I tried putting a <FilesMatch "\.php[345]?$"> Require all denied </FilesMatch> just before </Directory> to check (again) that I'm working on the correct path. Then tried changing DOCROOT_CLIENT to DOCROOT and it stopped blocking access to php files, as expected. So I think DOCROOT_CLIENT is the correct one for <Directory>. It seems that "RemoveHandler .php" (I'm testing with info.php) and "SetHandler None" gets ignored and the file gets passed to php-fpm anyway... I can't understand why.
try this. Code: <FilesMatch ".+\.*$"> SetHandler ! </FilesMatch> the page i found this on said to put it in .htaccess, but you should be able to include it within your directory section in the sites options.
Tks, but it doesn't work. I already tried it (from stackexchange, IIRC), but rechecked just to be sure. I don't understand what's happening, and hate it!
