Refer to this article [http://filext.com/faq/fake_file_extensions.php][1]. I have a website which runs in apache (PHP and mysql). I want to display url with .fake extension instead of .php . I want apache to process all the requests with .fake extension as it do with .php. Is it possible by write something into .htaccess file?
You can do this in two ways.
Rewrite URL's to their php counter-part. The files on the server end with .php. You use mod_rewrite to internally rewrite the urls
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)\.fake$ $1.php [L]
Add a php handler for the fake extension. The files reside with a .fake extension on your server and you tell apache to use the php application to process these files. You send them with the text/html mime type back to the client.
AddHandler application/x-httpd-php .fake
AddType text/html .fake
There is no real reason to do the second approach, unless you want to confuse fellow developers.
Related
I am writing a web application in php using Apache server. What I would like to do is have the index.php (and other files) display as *.aspx files, to confuse potential hackers.
Can this be done by editing the .htaccess file, and if so, what are the relevant lines to edit?
Serving the wrong file extension is not how you would achieve security, as it would not be enough to fool potential hackers. It might not even be enough to fool the guys at builtwith.com.
Instead of researching how to mislead the hackers with simple tricks, research on ways to secure your application better. You can start that at PHP.net and Stack Overflow.
If you insist, you can use Apache mod_rewrite for that.
Something along this line (not tested):
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.aspx -f
RewriteRule ^(.+).aspx$ /$1.php [L,QSA]
Otherwise, you can also add mime-type in Apache to serve *aspx files as PHP.
AddType application/x-httpd-php .aspx
According to this answer, you should add the following to your .htaccess :
AddType application/x-httpd-php .aspx
You can find more info about the AddType directive in the Apache documentation.
Is it possible to configure Apache in order not to show a file extension?
For example: Say I have domain.com/page.php but want to have domain.com/page as the url.
Any Ideas?
Put this is your .htaccess file
#turn on url rewriting
RewriteEngine on
#remove the need for .php extention
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
This allows you to access .php files without the extension, so your links should read
href="/somepage"
and this will direct to
href="/somepage.php"
There is also MultiViews as a vhost or .htaccess configuration option. See http://httpd.apache.org/docs/2.2/content-negotiation.html#multiviews
From that page:
The effect of MultiViews is as follows: if the server receives a request for /some/dir/foo, if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one of them by name. It then chooses the best match to the client's requirements.
This is called URL rewriting. I had to use it for the first time recently and i used this tutorial to learn it, hope you'll find it great too :
Put this is your .htaccess file
RewriteEngine On
RewriteRule ^page?$ page.php
page
You want a web server feature called URL rewriting - every web server application (apache, IIS, nginx) supports this. As the name suggests, it takes the requested URL and rewrites it into a specific format that you define.
There are many guides available on the www, even if you are using shared hosting solution you can still add/modify the .htaccess file to do this.
So, when I put in my .htaccess file which contains the following:
# Use PHP5 php.ini as default
AddHandler application/x-httpd-php5 .php
AcceptPathInfo On
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L,QSA]
The server tries to download the PHP file instead of executing it. When I remove the .htaccess file, everything works fine and the PHP files execute.
I'd remove the AddHandler directive. Leave this to the server config.
Everything else looks fine.
It could very well be the AddHandler application/x-httpd-php5 .php
Are you including this because your server is setup to not run PHP5 by default?
I found the issue in the end, I had the entire thing set up correctly. There is a bug in PHP5, that had happened due to some of the discontinuing support of $_SERVER['ORIG_PATH_INFO']. This is not true in windows servers, however in PHP 5.4.2 (Linux Distro) ORIG_PATH_INFO is not supported any more, only PATH_INFO. A report has been made about this. But all is up and running. Thanks for your guys' help and responses.
Does a webpage need to end in ".php" in order to run php code? Is there a way a file ending in ".html" can run php code?
If you're using the Apache web server you can add this line to its configuration:
AddType application/x-httpd-php .html
it tells the the server that files with a .html extension have to be considered as PHP files. I don't recommend this though, as it forces the PHP engine on every file (even static html pages).
Alternatively you can rewrite (some) .html URLs to their PHP version via mod_rewrite.
No a webpage doesn't need to end in .php to be parsed as PHP.
Yes you can use any extension you want depending on your web server, for example the below code placed in the Apache configuration would parse files with a .htm, .html or .php extension as PHP if running on an Apache server.
AddType application/x-httpd-php .htm .html .php
And you may also try this with regular expressions to better match specific criteria:
<FilesMatch "\.(htm|html|php)$">
SetHandler application/x-httpd-php
</FilesMatch>
You can have PHP parse any file type, as long as you tell it to.
In .htaccess:
AddType application/x-httpd-php .php .html
This tells PHP to parse .php and .html files.
You could also eliminate the extension altogether with this.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^([^/]+)/$ $1.php
So now
http://www.test.com/mypage.php
will be http://www.test.com/mypage
I suggest you look into URL Rewriting instead of messing up the .html configuration in Apache. This way you can have php pages end in anything you want or even not have any extension at all. Extensionless SEO friendly URLs are always better than any existing filenames with extension.
Just my 2 coins :)
Yes, there is a way: associate the .html extension with PHP in the Apache/other webserver config.
However, it's not recommended to make PHP pages look like HTML, it's better to crop the extension as is.
Yes, you can do that with .htaccess:
RewriteEngine on
RewriteBase /
RewriteRule ^(.*)\.html$ $1.php [L]
The change you make to your .htaccess file can vary by host.
On mediatemple, for example, you add this ::
SetHandler php-script
See mediatemple documentation on this topic here
What handles the disabling of the extension? Is it APACHE or the PHP install? How would one go about configuring the web server where the .php extension is not required? Is there an option that would make both www.example.com/page.php and www.example.com/page work as the URL?
It's URL rewriting through Apache:
http://www.addedbytes.com/apache/url-rewriting-for-beginners/
Apache also has a setting called MultiViews that will serve domain.com/index.* as domain.com/index, domain.com/example.* as domain.com/example, etc.
I've occasionally run into issues where MultiViews beats out mod_rewrite rules, so I tend to turn it off.
Check out some articles from A List Apart on this topic: You use Apache (in your case) to setup ReWriteRule's and then you have PHP parse the url to fetch the correct information. (again, in your case. You can do this with many languages and http servers)
http://www.alistapart.com/articles/succeed/
http://www.alistapart.com/articles/urls/
brianreavis is correct. Here's an example for your .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
I just throw it all at PHP and parse it however I want in there:
.htaccess
RewriteEngine On
RewriteRule !\.(js|ico|gif|jpg|png|css)$ #frontend.php
I use this in my .htaccess
<Files ~ "^[^.]+$">
ForceType application/x-httpd-php5
</Files>
That way I can remove all extensions (.php) from my files, and it will still work.
I use $_SERVER['PATH_INFO'] to retrieve the remainder of the path as parameters. E.g. /page/param1/param2 where page is an actual php file.