I recently upgraded my cPanel server to EasyApache4 and all is working well until recently when an EasyApache4 auto-update caused the PHP config AddHandler in all of my .htaccess files (3 of them) to all be over written with a default configuration causing my websites to break. I fixed everything, and then it just happened again last night. How can I set/configure things so the server still gets the auto-updates but doesn't overwrite/reset components of the htaccess files? Or at least adds the .html extension back to the PHP Addhandler.
Specifically this:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .html .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Is being defaulted back to this (removing the .html extension) after the updates:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
I have same issue also.
I move my custom AddHandler out of the cPanel comments
# php -- BEGIN cPanel-generated handler, do not edit
....
# php -- END cPanel-generated handler, do not edit
I manually change the PHP version by MultiPHP, all contents within the comments are changed to default setting but my custom AddHandler still remain unchanged. At last there are two AddHandler in .htaccess, not sure whether any potential issue.
Related
Recently I changed my hosting provider and I noticed strange lines of code in my public_html .htaccess file. The lines are:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Can somebody tell me what does are and can I get rid of them without something breaking out.
Thanks you for your time!
This directive is or "might"*1 be required in order to process .php files with the appropriate PHP handler - in this case PHP version 7.3.
The fact this directive is in .htacccess allows you to configure (through cPanel) which version of PHP you want to use. So you can still run PHP that might require a specific/older version.
*1 Without this directive in .htaccess then your .php files will be processed using the server default - which maybe a different version of PHP. So it "may" still "work" without, or you may get some PHP errors/warnings/notices depending on your code base.
I'm not good with .htaccess stuff at all, our client installed his server and he needed to add this to the .htaccess in order to make the php execute
Action php-cgi /~devoaas1/cgi-bin/.ht_bin/php5.cgi
addHandler php-cgi .php
But this seems to give some problems when I turn on the RewriteEngine, I'm not sure how to explain, but it's a problem.
Is there a way to create an ignore rule for the Action php-cgi?
I have a files directory for my image storage in my web root folder, i want to know how to secure that folder. i prevent people from uploading scripts to that folder, i check file extensions, if it is not an image then it will not save to that folder.
but faking extensions are done easily, what happens if someone manage to upload a script to my files directory and access that from the browser
so i need a way to prevent scripts from running inside that folder and only allow images to run.
i know htaccess can do that but i dont know how to set it up. my .htaccess file is like this:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
ForceType application/octet-stream
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
</FilesMatch>
Options All -Indexes
but it is not working, i saved a php file in that folder then tried to accessed it from the browser and i can still access it. do you know how to make this work? or if you have more secure approach to this, please tell me.
thank you
I think that it isn't working because you have only added an extra handler, you haven't removed the other handlers.
It is easiest to put another .htaccess file in the folder you want to protect (rather than messing with the match directive) that contains:
# Fix PHP, you should do matching commands for JSP and ASP, & html
RemoveType application/x-httpd-php php
# .... add the other remove-handler statements here .... #
# Optionally make these equivalent to text files.
# UPDATE: Taken this out as you dont want people to see PHP files at all
#AddType text/html php
# To disable cgi and server side includes & indexes
# You need to check the setup of Apache, some of the file types
# listed should already be handled as CGI (.pl, .py, .sh)
Options -ExecCGI -Includes -Indexes
# Completely block access to PHP files
<FilesMatch "\.(php|phps|html|htm|jsp|asp)$">
Order allow,deny
Deny from all
</Files>
# Add in any additional types to block
That covers PHP and CGI, you should do matching commands for JSP and ASP
UPDATE: Added code to completely block access to PHP files - sorry, thought initially that you simply didn't want them executing. Also note that I've commented out the line that turns PHP files into text files.
Was wondering is this possible in .htaccess?
I'm currently caching .js, .css and all image files via PHP (and providing the cached only if the file has not been modified by checking the filemtime()).
However someone suggested it's possible via .htaccess and much faster, so was hoping maybe someone can shed some light...I've looked around and found various snippets but none which cover what I'm after.
If you've got mod_expires installed on your apache server you can put something like this in your .htaccess file. This example is PHP orientated (actually grabbed from the Drupal 7 .htaccess file) but should serve as a good starting point.
FileETag MTime Size
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior.
ExpiresActive Off
</FilesMatch>
</IfModule>
My main site script uses php4, and it works fine with the AddHandler. Since the server is configured or php5.3 by default I assume when adding another script to a subdirectory all i would have to do is use one of the following Addhandler/AddType below but, it does not work. When I added anyone of the 3 lines before the pages are sent to the browser as a download so it doesn't process the file for display at all. my htaccess is completely blank expect for the Addhandler. Also this is on a dedicated server.
AddType application/php5-script php html tpl
AddHandler application/x-httpd-php5 .php .php4 .php3 .phtml .tpl .html
AddHandler application/x-httpd-php53 .php .php4 .php3 .phtml .tpl .html
to explain better..
1. www.site.com is run php4 (script req. it)
2. www.site.com/newscript/ needs php5
3. i put a .htaccess in the www.site.com/newscript/ folder with
Addhandler for php5 but it doesn't work
Am a bit confused by your question, do you mean you are running php 4 and 5 on the same server and want some parts of the site to run php4, some php5?
If it's a new server and you can't get the posted code to work have you tried
AddType application/x-httpd-php .php .php4 .php3 .phtml .tpl .html
Server needs to be running latest PHP 5.3, you can downgrade with .htaccess to PHP 4 but if server is not running at least PHP 5.3 you can not make it do so with .htaccess. Got it?