Fwd: packages: php/php-mod_php.conf - match only *.php for added security by avo...

Arkadiusz Miskiewicz arekm at maven.pl
Tue Jun 2 15:02:21 CEST 2009


On Monday 04 of May 2009, Tomasz Pala wrote:
> On Mon, May 04, 2009 at 20:57:36 +0200, Patryk Zawadzki wrote:
> > but putting php_* inside a Perl or Python tool is a no-no. glen
>
> I'd suggest using:
>
> RemoveType .php
> RemoveType .php3
> [...]
> Options None
> AllowOverride None
>
> then (upload dirs of non-PHP apps, where IfModule mod_php5.c directive
> would be ugly).
>
> > suggested something like "SetHandler DoNothing" (that's what Drupal
>
> That would break handlers like watch-info or cband-status.

Current php-mod_php.conf state breaks MultiViews where request /xxx doesn't 
serve /xxx.php file while it should do exactly that.

What to do with that now?

-- 
Arkadiusz Miśkiewicz        PLD/Linux Team
arekm / maven.pl            http://ftp.pld-linux.org/



More information about the pld-devel-en mailing list