I'm trying to set up my .htaccess file correctly and I'm having an issue.
The only thing my .htaccess file at the moment is:
AddType application/x-httpd-php .php .html .htm
This is included because my server is not parsing php in my html files.
However when this is included in my .htaccess file, when I open a page in my browser, the user is prompted to save or open the file locally.
I believe the answer to my issues is setting up an action to be done (run with php) however I cannot find out the path to my php files.
Any help is appreciated.
You will need to edit the configuration for enabled modules. On a Debian/Ubuntu type system this will be in /etc/apache2/mods-enabled The file you are looking for is php5.conf
So far all you have done is specify that (dot) htm, html or php files should be served -by default- as application/x-httpd-php, and to my knowledge there is not a single web browser that would attempt to interpret such content -- hence the save-as dialog.
Either you could fix your .htaccess file not to be broken (it is broken behaviour to serve html files as application/x-httpd-php), or you could manually output the correct HTTP headers using the PHP header() function.
Unfortunately, everyone seems to love abusing AddType (and then complain e.g. that MultiViews is broken). See this article, please.
This is not supposed to work in all cases. It depends on the AllowOverride directive of the web server.
You shoud specify the AddType in the serveur config file rather than in the htaccess.
Related
for a certain folder on my local Apache-Server (running with Ubuntu) I'd like that all *php-files will be displayed as if they were plain text-files. I need this since I only want to see the source code of these files and NOT run them.
While searching, I found that most people have the opposite problem :-) and couldn't really find a solution for me.
What would I need to include in the .htacces-file of my folder?
THANKS!
THE ANSWER:
in .htaccess-file type
php_flag engine off
#This will prevent apache from executing *.php-files
AddType text/plain php
#this wil display php-files in browser (if not, browser will want to download file!)
Thanks to Brad!
My Godaddy setup wont allow me to edit the httpd.conf files, and the php_flag command doesn't work due to how they've implemented php for me.
I was able to use this in my .htaccess file:
SetHandler default-handler
AddType text/plain php
I put this in the directory above where my FTP user is allowed to access, which forces all PHP files in that directory, as well as all sub-directories to show php as plain text.
This will work for other file types as well. All you need to do is add another line with whatever extension of file you want to be forced to display in plain text. AddType text/plain cgi for example
Look at your httpd.conf file for the AddType of .php extension, and change it fortext/plain, and php_flag engine to the offvalue just as sait by Sam Bisbee.
But prefer do these change in the httpd.conf, the .htaccess are useless if you have a dedicated server, and lowing your perfs.
But you can also just change the extensions of your PHP scripts...
Two solutions off the top of my head...
Change their file name extensions to .phps. Ex., index.phps.
Change the Content-type for them in the .htaccess file. AddType text/plain .php uses mod_mime to do this. More info at http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addtype
Turn off the the PHP module in apache? (if you won't be needing php execution, of course)
I would really like my index.html to be able to have a PHP script work on it. I read that you can do this through the htaccess file. I only have access to a subdomain website directory, where I can upload my files through FTP.
The directory did not have a htaccess file, so I created one using notepad: .htaccess and added this to the file:
AddType application/x-httpd-php .html
The problem is, instead of loading the index.html page, it downloads it as a file...would I need to add something extra to the htaccess file? :S
You don't need to name the file index.html to have it served by default. You can change the default document using your with an entry in your .htaccess file like this:
DirectoryIndex index.php
Then when you navigate to http://yoursubdomain.example.com you will be served index.php instead of index.html.
If really do want PHP to interpret your .html documents then the entry you had in your question will work when PHP is running as an Apache module. If your host is running PHP as CGI, you want:
AddHandler application/x-httpd-php .html
If it still doesn't work, then this web page has some more suggestions:
http://www.velvetblues.com/web-development-blog/how-to-parse-html-files-as-php/
The directive you have sets the content-type of files with a .html file extension.
If the server has PHP installed and enabled, that content-type will cause it to be run though the PHP engine and then the output from that sent to the client.
If it doesn't have PHP installed, then the file will just be served up to the client with that content-type. Since browsers don't handle PHP scripts themselves, they will then just save the file.
You need to install and enable PHP as well as setting the content-type.
Presumably your hosting is supporting PHP?
If so, then you need to rename your file from index.html to index.php
I am with new web host. The public_html folder of each domain I create is auto generated with an .htaccess that has the following line:
AddHandler php5-script .php
What is this for?
This just instructs PHP to handle files ending in .php by passing them to the PHP5 interpreter. Without this configuration in place, the web server may serve the files to the end-user's web browser as raw PHP code, rather than executing the code. That raises the dangerous possibility of exposing database login credentials or, or other secrets.
Using the same mechanism, you could configure the web server to parse files with other extensions besides .php as PHP scripts and hand them to the PHP interpreter. This is occasionally done to mask PHP scripts by naming them with .html extensions, for example.
# Interpret both .php & .html as PHP:
AddHandler php5-script .php .html
It tells php to handle any file with .php in the filename, even if it's not at the end. A file named smile.php.gif will be interpereted as a php file, which is bad if you are going to be using an upload script. This is because Apache allows multiple extensions in any order, so gif.php.jpg is the same as gif.jpg.php. I have heard the best way to select the handler is with FilesMatch. Of course if your web host has this in their httpd.conf you would have to 'remove' it using your htaccess before using the FilesMatch if you don't have access to httpd.conf.
The answer is that the htaccess tells the webserver to handle the php as php5-script and execute it.
Regarding the first answer, you will achieve your goal but it is a really bad practice and you should not allow html files to be executed as php due to huge security concerns.
I have a habit of making file backups by adding the .bak extension (file.ext.bak).
Imagine if I have a config in PHP, config.php and I want to backup that file by adding the .bak extension, will the file get parsed or will you see the source code if a client accidentally end up at that url? Is it server dependent?
I've tried some tests on a MAMP server but it seems to be parsing
It depends on the server configuration. It is a bad habit to keep those files accessible by browsers anyway, but should you want to, check your httpd.conf for these lines:
<IfModule mod_php5.c>
AddType application/x-httpd-php .php .phtml .php3
AddType application/x-httpd-php-source .phps
</IfModule>
This will tell the webserver that .php files actually contain code to be executed.
You could add the .bak file there (but it remains a bad habit).
Another workaround would be to just rename the file to file.bak.ext
instead).
The best solution remains moving the files to somewhere where the
browser can't access them, out of the document root and other
mappings.
will the file get parsed or will you see the source code if a client accidentally end up at that url?
Usually, you will see the source code because the .bak extension is not registered to be parsed with PHP. Needless to say, this is very dangerous!
Is it server dependent?
Yes. It is possible to configure the server to parse those files, but it's not part of any default configuration I know.
The better solution is to do it the other way round: filename.bak.php
for a certain folder on my local Apache-Server (running with Ubuntu) I'd like that all *php-files will be displayed as if they were plain text-files. I need this since I only want to see the source code of these files and NOT run them.
While searching, I found that most people have the opposite problem :-) and couldn't really find a solution for me.
What would I need to include in the .htacces-file of my folder?
THANKS!
THE ANSWER:
in .htaccess-file type
php_flag engine off
#This will prevent apache from executing *.php-files
AddType text/plain php
#this wil display php-files in browser (if not, browser will want to download file!)
Thanks to Brad!
My Godaddy setup wont allow me to edit the httpd.conf files, and the php_flag command doesn't work due to how they've implemented php for me.
I was able to use this in my .htaccess file:
SetHandler default-handler
AddType text/plain php
I put this in the directory above where my FTP user is allowed to access, which forces all PHP files in that directory, as well as all sub-directories to show php as plain text.
This will work for other file types as well. All you need to do is add another line with whatever extension of file you want to be forced to display in plain text. AddType text/plain cgi for example
Look at your httpd.conf file for the AddType of .php extension, and change it fortext/plain, and php_flag engine to the offvalue just as sait by Sam Bisbee.
But prefer do these change in the httpd.conf, the .htaccess are useless if you have a dedicated server, and lowing your perfs.
But you can also just change the extensions of your PHP scripts...
Two solutions off the top of my head...
Change their file name extensions to .phps. Ex., index.phps.
Change the Content-type for them in the .htaccess file. AddType text/plain .php uses mod_mime to do this. More info at http://httpd.apache.org/docs/2.2/mod/mod_mime.html#addtype
Turn off the the PHP module in apache? (if you won't be needing php execution, of course)