PDA

View Full Version : Apache + PHP


lola
25th April 2005, 13:35
I found out that if I disable the PHP module in my Apache Apache delivers all PHP pages in plain text so that everyone can read secret information like database passwords, etc. I have enabled the PHP module again, and it's working fine, but what if the module fails for some reason? Is there a way to tell Apache to not deliver PHP pages at all if the PHP module is not available?

lola

jojo
25th April 2005, 14:41
I had to set up a Wikimedia Wiki once, and it needs the same feature for certain directories for security reasons. I had to put the following lines in the virtual host container in my httpd.conf:

<IfModule !mod_php4.c>
<Files ~ '.php$'>
Order allow,deny
Deny from all
Allow from none
</Files>
<Files ~ '.phps'>
Order deny,allow
Allow from all
</Files>
</IfModule>

That's for Apche 1.3 and PHP4. If you use Apache 2.0, use

<IfModule !sapi_apache2.c>

instead of

<IfModule !mod_php4.c>

And don't forget to restart your Apache! ;)

jojo