Preventing viewing of PHP

Forum Moderators: phranque

Message Too Old, No Replies

Preventing viewing of PHP

isorg

1:02 pm on Mar 30, 2009 (gmt 0)

I have PHP-based sites which have been working fine.

The file extensions are .html, which Apache parses as PHP, as specified in httpd.conf ("AddType application/x-httpd-php .html" in a VirtualHost directive)

Today I noticed to my horror that if I access my site as

http: //00.00.00.00/~accountname/page.html

... the page is served as plain text (i.e. you can see unparsed PHP by looking at "View source") (!)

How do I prevent this happening?!

This happens with sites I've coded, but doesn't happen with my sites running Wordpress, so I'm guessing it's something simple but pretty fundamental that I've left out :-)

Caterham

1:12 pm on Mar 30, 2009 (gmt 0)

- Don't set MIME-types (AddType) when you're tying to invoke a handler (use AddHandler instead)
- make sure there's a handler for handling application/x-httpd-php, i.e., the module mod_php is loaded or there's some other action defined (action directive, fastcgi or whatever).

isorg

1:23 pm on Mar 30, 2009 (gmt 0)

But would this explain the difference between:

- viewing the page normally (e.g. http: //www.sitename.com - which works)

- viewing it by IP address (e.g. http: //00.00.00.00/~accountname/page.html - where the PHP isn't parsed)?

Caterham

3:36 pm on Mar 30, 2009 (gmt 0)

Other configuration/virtual host? Serving from the main server?