packages: php/php-mod_php.conf - match only *.php for added security by avo...

Mon May 4 11:26:04 CEST 2009

Author: glen                         Date: Mon May  4 09:26:04 2009 GMT
Module: packages                      Tag: HEAD
---- Log message:
- match only *.php for added security by avoiding multiple extensions match
  http://isc.sans.org/diary.html?storyid=6139

---- Files affected:
packages/php:
   php-mod_php.conf (1.9 -> 1.10) 

---- Diffs:

================================================================
Index: packages/php/php-mod_php.conf
diff -u packages/php/php-mod_php.conf:1.9 packages/php/php-mod_php.conf:1.10

--- packages/php/php-mod_php.conf:1.9	Tue Feb 28 11:17:09 2006
+++ packages/php/php-mod_php.conf	Mon May  4 11:25:59 2009
@@ -1,12 +1,22 @@
 LoadModule php5_module modules/libphp5.so
 
 <IfModule mod_php5.c>
-
-AddType application/x-httpd-php .php
-AddType application/x-httpd-php .php3
-AddType application/x-httpd-php .php4
-AddType application/x-httpd-php .php5
-AddType application/x-httpd-php .inc
-AddType application/x-httpd-php .phtml
-
+	<Files *.php>
+		AddType application/x-httpd-php .php
+	</Files>
+	<Files *.php3>
+		AddType application/x-httpd-php .php3
+	</Files>
+	<Files *.php4>
+		AddType application/x-httpd-php .php4
+	</Files>
+	<Files *.php5>
+		AddType application/x-httpd-php .php5
+	</Files>
+	<Files *.inc>
+		AddType application/x-httpd-php .inc
+	</Files>
+	<Files *.phtml>
+		AddType application/x-httpd-php .phtml
+	</Files>
 </IfModule>
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/php/php-mod_php.conf?r1=1.9&r2=1.10&f=u

