Search code examples
phpapachefpm

AH00894: declining URL fcgi

I'm trying to set up a server that parses .HTML file for PHP.

Operating System: Amazon Linux 2
PHP version: 8.0.8
Apache version: 2.4.51

/etc/httpd/conf.d/php.conf

#
# Allow php to handle Multiviews
#
AddType text/html .php

#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php index.html

#
# Redirect to local php-fpm (no mod_php in default configuration)
#
# Enable http authorization headers
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1

<FilesMatch \.(php|phar)$>
    SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>

The change I'm making is adding HTML to the FilesMatch clause here:

<FilesMatch \.(php|phar|html)$>
    SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>

When I do that I see these errors:


[proxy_fcgi:debug] [pid 20974] mod_proxy_fcgi.c(1063): [client 1.1.1.1:49893] AH01078: serving URL fcgi://localhost/home/web-system-sites/dev.example.com/index.html
[proxy:debug] [pid 20974] proxy_util.c(2528): AH00942: FCGI: has acquired connection for (*)
[proxy:debug] [pid 20974] proxy_util.c(2583): [client 1.1.1.1:49893] AH00944: connecting fcgi://localhost/home/web-system-sites/dev.example.com/index.html to localhost:8000
[proxy:debug] [pid 20974] proxy_util.c(2620): [client 1.1.1.1:49893] AH02545: fcgi: has determined UDS as /run/php-fpm/www.sock
[proxy:debug] [pid 20974] proxy_util.c(2806): [client 1.1.1.1:49893] AH00947: connected /home/web-system-sites/dev.example.com/index.html to httpd-UDS:0
[proxy:debug] [pid 20974] proxy_util.c(3177): AH02823: FCGI: connection established with Unix domain socket /run/php-fpm/www.sock (*)
[proxy_fcgi:error] [pid 20974] [client 1.1.1.1:49893] AH01071: Got error 'Access to the script '/home/web-system-sites/dev.example.com/index.html' has been denied (see security.limit_extensions)'
Solution

  • After reading my error messages a second time I saw this, "see security.limit_extensions" and then I added .HTML here:

    
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
security.limit_extensions = .php .html

    and it works like a charm