[ale] file name extension per Apache

Jerry Yu jjj863 at gmail.com
Wed Jan 24 09:54:39 EST 2007


yes, both are mod_php (modules/libphp5.so and modules/libphp4.so for FC6 and
CentOS4, respectively). Do you mean mod_php was too aggressive instead of
Apache on matching file extension (.php) ?  To me, Apache should be the one
to determine whether a file's name extension satisfies what specified in the
'AddHandler' directive before passing the ball mod_php to handle it.

On these two test servers, files w/o extension or containing no (.php) at
all will be displayed as text/plain. Maybe the do-less-harm security rule
kicked in?  It is hard to choose between revealing your source code (from
important.php.old) and executing an obsolete copy of important.php?



On 1/24/07, Warren Myers <volcimaster at gmail.com> wrote:
>
> Your Apache conf is probably set to read .php* through mod_php. I've
> noticed some installs of Apache will even just guess if you put in filename
> (no extension) and run the filename.ext.
>
> WMM
>
>  On 1/24/07, Jerry Yu <jjj863 at gmail.com> wrote:
> >
> >  I did a backup of a PHP file under Apache's DocumentRoot. To my
> > surprise, both  Apache 2.0/CentOS4 (AddType) and Apache 2.2/FC6
> > (AddHandler) executes the backup file (test.php.20070123). Thus comes a
> > question, what is considered to be the extension for a name like
> > a.b.c.d.e.f  Should it be b|b.c|b.c.d|b.c.d.e|b.c.d.e.f or either?
> >
> > http://localhost/test.php.20070123
> >
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >
>
>
> --
> http://warrenmyers.com
> "God may not play dice with the universe, but something strange is going
> on with the prime numbers." --Paul Erd?s
> "It's not possible. We are the type of people who have everything in our
> favor going against us." --Ben Jarhvi, Short Circuit 2
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list