I am creating a dummy handler for .php and .html files called helloworld. The handler contains this:
static int helloworld_handler(request_rec *r){
ap_rprintf(r, "hello world!");
return OK;
}
I have got this in apache2.conf:
<Directory /var/www/html>
AddHandler helloworld .php .html
</Directory>
The handler "helloworld" is working for .html files, but it is not working for .php files. I think it is mostly because the default php handler overrides the helloworld handler for .php files. How do I make "helloworld" handler work for .php files?
If there is any extra information required please ask.
You might want to try SetHandler instead
<FilesMatch \.php$>
SetHandler helloworld
</FilesMatch>
SetHandler will remove any previously set handler. To get the option for your handler to run first then run the default PHP handler when your handler returns DECLINE you need to set yours first, then add PHP
<FilesMatch \.html$>
SetHandler helloworld .html
</FilesMatch>
<FilesMatch \.php$>
SetHandler helloworld .php
AddHandler php5-script .php
</FilesMatch>
Note that this has the effect of clearing any handlers previously setup for .html files
You can only have one handler handle any file type per request. If you always want the PHP interpreter to run first and then your handler to run second you could consider AddOutputFilter directive.
Most phases are terminated by the first module that handles them; however, for logging, `fixups', and non-access authentication checking, all handlers always run (barring an error).
Apache API reference
AddOutputFilter docs
You need to restart your Apache server after adding handler.
Check also if extension will actually be interpreted by the server the way you want it to work. You can check that sort of info from system admin of your hosting provider. Many sysadmins disable some features to improve security.
Related
What can i do to stop Apache execute code in files that have .php prepended before extension ex: .php.txt , php.pdf , i do not know if this is related to webuzo admin panel n/or apache in general ?
Apache version 2.2.34
Opened thread on webuzo forum ,if anyone else has this issue , it might be related :
https://www.softaculous.com/board/index.php?tid=17642
This is reasonably standard behaviour - files can have multiple extensions on Apache. (As they can on other OS / filesystems.)
However, this behaviour can be avoided.
Whether files that end in .php.txt or .php.pdf are processed for PHP is dependent on how PHP is enabled on the server.
For example, if you simply use AddHandler then any file that contains a .php extension (like .php.txt) will be processed by the PHP handler:
AddHandler application/x-httpd-php .php
However, if you only call SetHandler on the specific file pattern, ie. when .php occurs at the end of the filename, then this behaviour can be avoided.
<FilesMatch "\.php$">
SetHandler application/x-httpd-php
</FilesMatch>
NB: This is not a copy/pastable solution - it really depends on how PHP is implemented on your Apache web server.
Depending on your requirements you could potentially block requests to files that contain a .php extension, but not at the end of the URL-path. For example:
<FilesMatch "\.php\.">
Order Allow,Deny
Deny from all
</FilesMatch>
NB: This is Apache 2.2 syntax (as stated in the question). If you are on Apache 2.4 then you'd use Require all denied instead of the Order and Deny directives in the last block.
When researching how to use php-fpm with mod_proxy, you get lots of code like this:
<FilesMatch \.php$>
# Apache 2.4.10+ can proxy to unix socket
SetHandler "proxy:unix:/var/run/php/php5.6-fpm.sock|fcgi://localhost/"
</FilesMatch>
I've also seen configurations where you use define to name a variable to use in AddHandler and SetHandler
Define php5-fpm "proxy:unix:/var/run/php-fpm/www.sock|fcgi://localhost"
AddHandler ${php5-fpm} .php
However, I've yet to find a way to make a new named handler, as opposed to a placeholder variable. I've yet to find a way to make a new handler named application/x-httpd-php
For example, we have a number of applications with .htaccess files with blocks like this:
<Files foo_php_file>
SetHandler application/x-httpd-php
</Files>
To change a file named foo_php_file to be run as a PHP script. Instead of having to change every one of these .htaccess files to use a ${php5-fpm} or ${php-fpm} define, I'd like to be able to create the application/x-httpd-php so the .htaccess files can be used as is.
Is there a way to make a new named handler like this, so an fpm fastcgi setup can be backwards compatible with old .htaccess files that expected mod_php?
I am trying to run a PHP script on an html page and I have figured out that I need to add the following to my htaccess file:
AddHandler application/x-httpd-php .html
So I did that and it allowed the PHP script to run as needed, but it also blocked another AddHandler from running, which I use for html include files such as sitewide navigation and ads.
This is what my htaccess file looks like:
Options +Includes
AddHandler server-parsed .html
AddHandler application/x-httpd-php .html
For whatever reason the Options +Includes AddHandler gets blocked when I add the PHP AddHandler, which means the sitewide include files do not display as they usually do.
Is there a way to have both AddHandler commands running without one blocking the other?
Thanks for any help...
This must be a simple errror...
I have certain php files in a Drupal site. I can execute them from inside Drupal, but when I need to execute some of them when I submit a form, I get "You don't have permission...". I added a .htaccess file in teh specific directory with this content
<FilesMatch "test\.php$">
Satisfy Any
Allow from all
</FilesMatch>
Now I am able to access the file, but the browser display the content instead of parsing it.
What am I doing wrong?
Seems like php is not enabled in that directory. Enable it by AddType
<FilesMatch "test\.php$">
Satisfy Any
Allow from all
AddType text/html .php .phps
</FilesMatch>
Thanks for all relplies.
It turned out that Drupal create a .htacces file in my directory with the following code after one of their security updates:
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
Options None
Options +SymLinksifOwnerMatch
</Files>
That was the cause of the problem.
I want to render a .phtml file through Apache, however when I try, it renders the page as text and not as html.
In my vhost configuration, if I try to render an index.php, it executes properly. But when I change the DirectoryIndex to index.phtml and try to render the index.phtml present in the public directory it just renders text.
The vhost Config is:
code
ServerName parminder.com
DocumentRoot "C:/workspace/parminder_local_net/public"
ErrorLog logs/parmindercom.log
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
DirectoryIndex index.phtml
*
What else do I need to configure for this to work? Do I need to use .htaccess?
What is the basic concept?
htaccess file
root folder --> folders -->html pages & subfolders
Try adding this to it:
AddHandler php-script .php .php5 .php4 .php3 .html .htm .phtml
You need to configure Apache so it knows that you want .phtml files to be treated as PHP. See step 8 of the PHP install guide.
<FilesMatch "\.ph(p[2-6]?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>
... but .phtml is the file extension used for PHP 2. You should probably audit them, bring them up to modern PHP coding practises and rename them to follow current conventions.
After installing the apache server, you need to mention which all files will be read by the apache parser,
which is done by mentioning the types of files.
like
**
> <FilesMatch \.php$>
> SetHandler application/x-httpd-php </FilesMatch>
**
and in order to allow .php, .php2, .php3, .php4, .php5, .php6, and .phtml files to be executed as PHP, use below one
<FilesMatch "\.ph(p[2-6]?|tml)$">
SetHandler application/x-httpd-php
</FilesMatch>