https://stackoverflow.com/questions/20106745
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIt's not insecure anymore. There's a new config parameter for php-fpm (since 5.3.9), security.limit_extensions, that defaults to '.php' so php-fpm will only run files with these extensions. It won't run the .jpg in that example.
Secure config for Apache2.4 + PHP-FPM?
-
03-08-2022 - |
Question
Very rusty with PHP and Apache so hopefully this will be an easy question. The Apache Wiki has a page on setting up PHP-FPM with Apache 2.4, but the specified ProxyPassMatch method of forwarding requests for .php files to the php-fpm module is insecure. Is there a standard/canonical setup that is secure?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
