[ale] file name extension per Apache
Jerry Yu
jjj863 at gmail.com
Wed Jan 24 09:54:39 EST 2007
yes, both are mod_php (modules/libphp5.so and modules/libphp4.so for FC6 and
CentOS4, respectively). Do you mean mod_php was too aggressive instead of
Apache on matching file extension (.php) ? To me, Apache should be the one
to determine whether a file's name extension satisfies what specified in the
'AddHandler' directive before passing the ball mod_php to handle it.
On these two test servers, files w/o extension or containing no (.php) at
all will be displayed as text/plain. Maybe the do-less-harm security rule
kicked in? It is hard to choose between revealing your source code (from
important.php.old) and executing an obsolete copy of important.php?
On 1/24/07, Warren Myers <volcimaster at gmail.com> wrote:
>
> Your Apache conf is probably set to read .php* through mod_php. I've
> noticed some installs of Apache will even just guess if you put in filename
> (no extension) and run the filename.ext.
>
> WMM
>
> On 1/24/07, Jerry Yu <jjj863 at gmail.com> wrote:
> >
> > I did a backup of a PHP file under Apache's DocumentRoot. To my
> > surprise, both Apache 2.0/CentOS4 (AddType) and Apache 2.2/FC6
> > (AddHandler) executes the backup file (test.php.20070123). Thus comes a
> > question, what is considered to be the extension for a name like
> > a.b.c.d.e.f Should it be b|b.c|b.c.d|b.c.d.e|b.c.d.e.f or either?
> >
> > http://localhost/test.php.20070123
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
>
>
> --
> http://warrenmyers.com
> "God may not play dice with the universe, but something strange is going
> on with the prime numbers." --Paul Erd?s
> "It's not possible. We are the type of people who have everything in our
> favor going against us." --Ben Jarhvi, Short Circuit 2
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Ale
mailing list