Preventing apache from serving unknown file types (e.g. myfile.php~)

Discussion in 'Installation/Configuration' started by FadeOUT, Apr 29, 2007.

  1. FadeOUT

    FadeOUT New Member

    I have a habit of using Kate to edit files in webspace directly, which creates temporary files in the format filename~ - e.g. myfile.php~. The problem with this is that apache then serves these files as text, so the contents of any php pages (potentially including sensitive information) are dumped straight to the browser.

    What is the best method for getting ISPconfig to tighten up on this? Or should I go directly to the Apache config files?

    Thanks..!
     
  2. Leszek

    Leszek New Member

    You should configure Kate not to save backups of edited files.
     
  3. FadeOUT

    FadeOUT New Member

    Yes, that would make sense, but I'm partly just thinking that for security generally it would make more sense to include only specific file types.
     
  4. Leszek

    Leszek New Member

    In case of an unrecognized file type Your browser will ask what would You like to do with it.You can specify a new filetype in /etc/mime.types but this would concern only the specified type.
    It would be ok if wildcards could be used there.That would solve the problem but I don't know if they can be used.
     
  5. jnsc

    jnsc rotaredoM Moderator

    You can also configure kate in order to prefix the bakup file instead of suffix. Something like bak_myfile.php or .myfile.php this should also solve your problem.
     
  6. FadeOUT

    FadeOUT New Member

    Mmm... That is pretty sensible, too. :)
     
  7. jnsc

    jnsc rotaredoM Moderator

    Not really as the file will be interpreted be php.
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    Or you might add the filetype .php~ to addtype lines that ISPConfig adds to your vhosts. The lines where written in the file /root/ispconfig/scripts/lib/config.lib.php in the function make_vhost
     

Share This Page