Apache2's mod autoindex allows to include a header and a readme files, that I configured this way in the directory's .htaccess:
ReadMeName footer.html
HeaderName header.php
For some obscure reason, the header file is not read if it is a .php. I renamed it to header.html and in the htaccess too:
HeaderName header.html
and it worked perfectly (even when in .html it included <?php ?> markups)
Why does apache do hat, and is there a way to fix it?
Per the manual on mod_autoindex / HeaderName directive:
Filename must resolve to a document with a major content type of
text/* (e.g., text/html, text/plain, etc.). This means that filename
may refer to a CGI script if the script's actual file type (as opposed
to its output) is marked as text/html...
...while a .php file's content-type is defined as application/x-httpd-php, even if the script's output is by default text/html. However, there's hope yet. You can actually get the PHP parsed by adding the following combo into your .htaccess before your HeaderName directive:
AddHandler application/x-httpd-php .php
AddType text/html .php
Neither of the two on their own will do the job. I presume that here Apache (tested on 2.4) first sets a handler and parses the .php file, and then agrees to understand that the output type is majorly text/html indeed. I'm calling this quirky, but it's working!
Related
I've got Apache setup to run PHP through FPM and I want to be able to get .js files passed through FPM as well as .php files.
On my dev box I can do this:
AddType application/x-httpd-php .js
But on my live box, which is locked down more I get this error in the browser:
Refused to execute script from 'https://blah/test.js' because its MIME type ('application/x-httpd-php') is not executable, and strict MIME type checking is enabled.
I've tried adding a handler with:
AddHandler php-fastcgi .js
I've tried setting a handler with these and other variations:
<FilesMatch \.js$>
SetHandler php7-fastcgi
#SetHandler php7-fcgi
</FilesMatch>
But none of them works. What do I need to do?
I found it, the handler I needed to add is:
SetHandler "proxy:unix:/run/php/php7.0-fpm.sock|fcgi://localhost/"
Still needs some touch-ups on the content type that is served with it, but at least my JavaScript file is now going through PHP and I can add my dynamic content.
You also need to edit this line in /etc/php/7.0/fpm/pool.d/www.conf to allow FPM to handle .js files, otherwise the requests will be rejected.
security.limit_extensions = .php .js
My current hack to fix the MIME type is to add this in the PHP part of the file, but I've got a feeling I can fix it through Apache, but as the main problem is solved, I'm going to worry about that later.
header ("content-type: text/javascript");
for a certain folder on my local Apache-Server (running with Ubuntu) I'd like that all *php-files will be displayed as if they were plain text-files. I need this since I only want to see the source code of these files and NOT run them.
While searching, I found that most people have the opposite problem :-) and couldn't really find a solution for me.
What would I need to include in the .htacces-file of my folder?
THANKS!
THE ANSWER:
in .htaccess-file type
php_flag engine off
#This will prevent apache from executing *.php-files
AddType text/plain php
#this wil display php-files in browser (if not, browser will want to download file!)
Thanks to Brad!
My Godaddy setup wont allow me to edit the httpd.conf files, and the php_flag command doesn't work due to how they've implemented php for me.
I was able to use this in my .htaccess file:
SetHandler default-handler
AddType text/plain php
I put this in the directory above where my FTP user is allowed to access, which forces all PHP files in that directory, as well as all sub-directories to show php as plain text.
This will work for other file types as well. All you need to do is add another line with whatever extension of file you want to be forced to display in plain text. AddType text/plain cgi for example
Look at your httpd.conf file for the AddType of .php extension, and change it fortext/plain, and php_flag engine to the offvalue just as sait by Sam Bisbee.
But prefer do these change in the httpd.conf, the .htaccess are useless if you have a dedicated server, and lowing your perfs.
But you can also just change the extensions of your PHP scripts...
Two solutions off the top of my head...
Change their file name extensions to .phps. Ex., index.phps.
Change the Content-type for them in the .htaccess file. AddType text/plain .php uses mod_mime to do this. More info at http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addtype
Turn off the the PHP module in apache? (if you won't be needing php execution, of course)
I have a very interesting problem related to Deflate Compression, Apache (htaccess), and CSS files.
I have two CSS files on my server. One is called styles.php and has dynamic values added based on database values through mod_rewrite in the styles/ directory (it is rewritten from styles.php to site.css and there is a text/css header at the beginning of the file). I also have a regular old css file with static content that doesn't change in the same directory called styles.css.
I've wanted to add compression to my site so I added the following line to start compressing my css and js files. I added this to the root_directory for my website.
<ifModule mod_deflate.c>
<filesMatch "\.(js|css)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
Well initially that didn't work. So I changed this line in the root htaccess file from this to the next thing. (this code below is located at the top of the file)
AddType application/x-httpd-php5 .html .php
AddType application/x-httpd-php5 .html .php .js .css
Then my js and one of the css files started to be compressed (verified with YSlow.....yay!). The odd thing was the css file that was being rewritten was being compressed (the styles.php file) but the styles.css file (the static one) was no longer being read by the browser. As soon as I deleted ".css" from that AddType line the browser started reading the file again and my css returned to normal, however it was no longer being compressed through apache.
Any thoughts on why a static css file is not being read by the browser if I add the type? I tried it with just text/css instead of .css and it was not compressing the file (but the browser interpreted it).
UPDATE:
I added this to the root htaccess file. We have compressed, interpretted sweetness now.
<filesMatch "\.css$">
FileETag None
<ifModule mod_headers.c>
Header set Content-type "text/css"
</ifModule>
</filesMatch>
When you run a CSS file through the PHP pre-processor, PHP will automatically output it as a text/html file, via default headers, since you're not manually specifying it. So really, your browser is receiving a file with a .css extension which has headers claiming it's an HTML file, so it's trying to interpret it as HTML rather than CSS.
If your CSS file actually needs to be run as PHP and there is PHP in it, you need to re-issue the appropriate file type so when it output, it's still CSS:
<?php
header('Content-type: text/css');
?>
You can't just send a CSS file through PHP and expect it to work exactly the same. If you're not actually pre-processing it with PHP, then you shouldn't be sending it through there.
As for the deflation issue, I could never actually get mod_deflate to work personally (no idea why). I had to use mod_gzip instead.
I added the following line to .htaccess:
AddType application/x-httpd-php .html .htm
When I try to load any page on the side, my browser tries to DOWNLOAD the page! What am I doing wrong?
Thanks!
Most likely; you don't have the PHP module loaded for your webserver. This means that then the server finds a application/x-httpd-php file, it passes it directly to the client instead of running it through a PHP interpretor (which would run any PHP code and output a text/html content type). Since browsers don't include PHP interpretors, they treat it as any other unknown content type, and offer to save it to disc.
HTML documents should be served to browser as text/html. Change your MIME type.
AddType text/html .html .htm
If you're trying to execute HTML files as PHP, you should change the file extension to *.phtml.
*.html - HTML content
*.php - PHP content
*.phtml - HTML content with embedded PHP scripts
If you're trying to force the PHP parser to work on these file types, you should be editing the httpd.conf file on Apache to include the application/x-httpd-php MIME type for those file extensions.
for a certain folder on my local Apache-Server (running with Ubuntu) I'd like that all *php-files will be displayed as if they were plain text-files. I need this since I only want to see the source code of these files and NOT run them.
While searching, I found that most people have the opposite problem :-) and couldn't really find a solution for me.
What would I need to include in the .htacces-file of my folder?
THANKS!
THE ANSWER:
in .htaccess-file type
php_flag engine off
#This will prevent apache from executing *.php-files
AddType text/plain php
#this wil display php-files in browser (if not, browser will want to download file!)
Thanks to Brad!
My Godaddy setup wont allow me to edit the httpd.conf files, and the php_flag command doesn't work due to how they've implemented php for me.
I was able to use this in my .htaccess file:
SetHandler default-handler
AddType text/plain php
I put this in the directory above where my FTP user is allowed to access, which forces all PHP files in that directory, as well as all sub-directories to show php as plain text.
This will work for other file types as well. All you need to do is add another line with whatever extension of file you want to be forced to display in plain text. AddType text/plain cgi for example
Look at your httpd.conf file for the AddType of .php extension, and change it fortext/plain, and php_flag engine to the offvalue just as sait by Sam Bisbee.
But prefer do these change in the httpd.conf, the .htaccess are useless if you have a dedicated server, and lowing your perfs.
But you can also just change the extensions of your PHP scripts...
Two solutions off the top of my head...
Change their file name extensions to .phps. Ex., index.phps.
Change the Content-type for them in the .htaccess file. AddType text/plain .php uses mod_mime to do this. More info at http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addtype
Turn off the the PHP module in apache? (if you won't be needing php execution, of course)