On 13 June 2015 at 22:48, Barry <[email protected]> wrote:
>
> php -r "phpinfo();" and 'php -i' on the command line both work.
>
> Alterations I have made to httpd.conf are as follows..............
> Listen 127.0.0.1:80
> Include conf/modules.d/*.conf (includes modules.d/70_mod_php.conf)
> Options All
> AddHandler php5-script .php .html .htm
> AddHandler php .php
> AddType text/html .php
> AddOutputFilter INCLUDES .shtml .html .php .php5
Surely, some of those lines are redundant, already provided by 70_mod_php.conf?
Additionally, for security reasons, the following notation is preferred:
<FilesMatch "\.(php|php5|phtml)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.phps$">
SetHandler application/x-httpd-php-source
</FilesMatch>
Because the standard AddHandler matches /anywhere in the filename/ (
which is a vulnerability if people have upload rights to your box )
I suspect what's happened is :
> AddHandler php5-script .php .html .htm
> AddHandler php .php
note you have '.php' there twice. I'm not sure which one is firing.
I also find the part "AddHandler php" in its own suspicious, because
I can't find examples of that being used in the real world.
Start simple, don't worry about anything other than getting .php files working.
When you get them working, then consider more advanced things.
--
Kent
KENTNL - https://metacpan.org/author/KENTNL
_______________________________________________
Linux-users mailing list
[email protected]
http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
