Server Information:
osTicket Version: v1.18.3
Operating System: RHEL 8.10
Web Server: Apache (Event MPM + proxy_fcgi)
PHP Version: 8.4 (Remi Repo)
PHP Handler: FPM/FastCGI
Problem Description:
I have successfully migrated my environment to FastCGI (PHP-FPM) on RHEL 8.10, and phpinfo() confirms the Server API is FPM/FastCGI. However, I am struggling to properly enforce file upload restrictions.
I need to configure osTicket so that ONLY the following file types are permitted, and all others are blocked across the entire system:
Images: .png, .jpeg, .jpg
Documents: .txt, .doc, .docx, .pdf
Spreadsheets: .xls, .xlsx
Email Files: .eml, .msg
Archives: .zip, .gz
Database: .sql
I need help with two specific scenarios:
Ticket Creation: How can I ensure these are the only file types allowed when a user first opens a ticket?
Comments/Updates: How can I prevent users or agents from uploading unauthorized file types (anything not in the list above) when adding a comment or updating an existing ticket?
Current Environment & Checks Run:
Verified Apache is using mpm_event_module and proxy_fcgi_module.
PHP-FPM is listening on the Unix socket: /var/opt/remi/php84/run/php-fpm/www.sock.
Socket permissions are set via ACLs for the apache user.
The php_value settings for sessions and SOAP have been moved from the Apache config to the PHP-FPM pool config (www.conf).
Questions for the Forum:
Is it better to use a "Whitelist" (Allowed) approach in Admin Panel > Settings > Tickets > Ticket Attachment Settings to cover both creation and updates?
Does osTicket distinguish between "Initial Ticket Attachments" and "Thread Entry Attachments" for these restrictions?
Are there any known issues with PHP 8.4 and the file validation logic in v1.18.3 that I should be aware of?
Thank you for your guidance!
