htaccess and AddType/Addhandler - .htaccess

My main site script uses php4, and it works fine with the AddHandler. Since the server is configured or php5.3 by default I assume when adding another script to a subdirectory all i would have to do is use one of the following Addhandler/AddType below but, it does not work. When I added anyone of the 3 lines before the pages are sent to the browser as a download so it doesn't process the file for display at all. my htaccess is completely blank expect for the Addhandler. Also this is on a dedicated server.
AddType application/php5-script php html tpl
AddHandler application/x-httpd-php5 .php .php4 .php3 .phtml .tpl .html
AddHandler application/x-httpd-php53 .php .php4 .php3 .phtml .tpl .html
to explain better..
1. www.site.com is run php4 (script req. it)
2. www.site.com/newscript/ needs php5
3. i put a .htaccess in the www.site.com/newscript/ folder with
Addhandler for php5 but it doesn't work

Am a bit confused by your question, do you mean you are running php 4 and 5 on the same server and want some parts of the site to run php4, some php5?
If it's a new server and you can't get the posted code to work have you tried
AddType application/x-httpd-php .php .php4 .php3 .phtml .tpl .html

Server needs to be running latest PHP 5.3, you can downgrade with .htaccess to PHP 4 but if server is not running at least PHP 5.3 you can not make it do so with .htaccess. Got it?

Related

Strange .htaccess config on new hosting

Recently I changed my hosting provider and I noticed strange lines of code in my public_html .htaccess file. The lines are:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Can somebody tell me what does are and can I get rid of them without something breaking out.
Thanks you for your time!
This directive is or "might"*1 be required in order to process .php files with the appropriate PHP handler - in this case PHP version 7.3.
The fact this directive is in .htacccess allows you to configure (through cPanel) which version of PHP you want to use. So you can still run PHP that might require a specific/older version.
*1 Without this directive in .htaccess then your .php files will be processed using the server default - which maybe a different version of PHP. So it "may" still "work" without, or you may get some PHP errors/warnings/notices depending on your code base.

EasyApache4 updates overwriting htaccess files

I recently upgraded my cPanel server to EasyApache4 and all is working well until recently when an EasyApache4 auto-update caused the PHP config AddHandler in all of my .htaccess files (3 of them) to all be over written with a default configuration causing my websites to break. I fixed everything, and then it just happened again last night. How can I set/configure things so the server still gets the auto-updates but doesn't overwrite/reset components of the htaccess files? Or at least adds the .html extension back to the PHP Addhandler.
Specifically this:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .html .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Is being defaulted back to this (removing the .html extension) after the updates:
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php73” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php73 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
I have same issue also.
I move my custom AddHandler out of the cPanel comments
# php -- BEGIN cPanel-generated handler, do not edit
....
# php -- END cPanel-generated handler, do not edit
I manually change the PHP version by MultiPHP, all contents within the comments are changed to default setting but my custom AddHandler still remain unchanged. At last there are two AddHandler in .htaccess, not sure whether any potential issue.

How can I prevent scripts from running inside a directory?

I have a files directory for my image storage in my web root folder, i want to know how to secure that folder. i prevent people from uploading scripts to that folder, i check file extensions, if it is not an image then it will not save to that folder.
but faking extensions are done easily, what happens if someone manage to upload a script to my files directory and access that from the browser
so i need a way to prevent scripts from running inside that folder and only allow images to run.
i know htaccess can do that but i dont know how to set it up. my .htaccess file is like this:
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
ForceType application/octet-stream
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
ForceType none
</FilesMatch>
Options All -Indexes
but it is not working, i saved a php file in that folder then tried to accessed it from the browser and i can still access it. do you know how to make this work? or if you have more secure approach to this, please tell me.
thank you
I think that it isn't working because you have only added an extra handler, you haven't removed the other handlers.
It is easiest to put another .htaccess file in the folder you want to protect (rather than messing with the match directive) that contains:
# Fix PHP, you should do matching commands for JSP and ASP, & html
RemoveType application/x-httpd-php php
# .... add the other remove-handler statements here .... #
# Optionally make these equivalent to text files.
# UPDATE: Taken this out as you dont want people to see PHP files at all
#AddType text/html php
# To disable cgi and server side includes & indexes
# You need to check the setup of Apache, some of the file types
# listed should already be handled as CGI (.pl, .py, .sh)
Options -ExecCGI -Includes -Indexes
# Completely block access to PHP files
<FilesMatch "\.(php|phps|html|htm|jsp|asp)$">
Order allow,deny
Deny from all
</Files>
# Add in any additional types to block
That covers PHP and CGI, you should do matching commands for JSP and ASP
UPDATE: Added code to completely block access to PHP files - sorry, thought initially that you simply didn't want them executing. Also note that I've commented out the line that turns PHP files into text files.

What is the difference between AddHandler and AddType in htaccess files

Can someone explain what the difference is between AddType and AddHandler in htaccess files? I want to make the settings such that I can have a javascript file (.js) be run through the server as though it were a php file (application/x-httpd-php5) but then sent to the user's browser as a (text/javascript) file. How might i configure this?
AddHandler http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addhandler tells the server how to handle the file type. AddType http://httpd.apache.org/docs/2.0/mod/mod_mime.html#addtype tells the server what MIME type to give the client.
I doesn't sound like a great idea to parse all .js files as php. I would suggest using a .htaccess Rewrite directive to map the .js files in question, to your php script.
RewriteRule /phpjs/.* /phpjs/js.php
Then add
header("Content-Type: text/javascript");
to your php output.

How do I assign file extensions a particular parser using htaccess?

Suppose I wanted to have all files named ".myexcellentpage" to be parsed with PHP, or with Perl, or as HTML, or what have you. What do I have to do in htaccess to achieve this?
AddType application/x-httpd-php5 .mybogusextension
AddHandler cgi-script .myotherextension
For PHP, the following AddType should work:
AddType application/x-httpd-php .myexcellentpage
(You can specify php4 or php5 explicitly if desired.)
For other things, like Perl CGI, the AddHandler directive can be used to specify the handler.

Resources