Skip to content

.htaccess deny code execution not working for Apache + php-fpm #6766

New issue
New issue
Closed
Closed
.htaccess deny code execution not working for Apache + php-fpm#6766
Assignees
BaDos
Labels
Component: SetupIssue: Ready for WorkGate 4. Acknowledged. Issue is added to backlog and ready for developmentbug report
@magenx

Description

@magenx
magenx
opened on Sep 27, 2016
  1. Magento 2.1.1
  2. cPanel EasyApache 4 (edge)
  3. apache 2.4 + php-fpm

Steps to reproduce

  1. upload php file to pub/media/
  2. execute in browser

Expected result

  1. code execution in some folders must be denied

Actual result

  1. php files executed and working good

as a quick test, this works for any handler:

<FilesMatch \.(ph.+|sh.+|htm.+|cgi|[aj]sp|p[ly])$>
Order allow,deny
Deny from all
</FilesMatch>

Metadata

Metadata

Assignees

Labels

Component: SetupIssue: Ready for WorkGate 4. Acknowledged. Issue is added to backlog and ready for developmentbug report

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions