PhpRiot
News Archive
PhpRiot Newsletter
Your Email Address:

More information

Ilia Alshanetsky's Blog: Beware of the default Apache 2 config for PHP

Note: This article was originally published at PHPDeveloper on 1 September 2010.
PHPDeveloper

Ilia Alshanetsky has a suggestion for those setting up PHP and Apache2 for the first time - beware of the default configuration!

About a week ago, I was doing some upgrades on my development machine and came across a rather nasty issue when it comes to how .php(s) files are associated with PHP in Apache. It seems that a number of distros including Gentoo (which is what I was using) are using the [same] configuration directive to make the PHP module parse PHP files

The problem comes from their use of "AddHandler" versus "AddType" when telling Apache which files to parse as PHP. The first allows anything with ".php" in its filename to be parsed while the second limits it to just files ending in ".php". Check your configuration to ensure you're not open to this issue, especially if there's scripts/files outside of your control.