|
Posted by shimmyshack on 02/27/07 00:13
On 26 Feb, 23:50, "Thad" <tsob...@cox.net> wrote:
> "Stuart Millington" <n...@dsv1.co.uk> wrote in message
>
> news:l1s6u29qi1ufpkcrpn9s2369r8smgvu0nl@4ax.com...
>
> > On Mon, 26 Feb 2007 16:34:47 -0700, "Thad" <tsob...@cox.net> wrote:
>
> >>file end in .php. So, I renamed test1.html to test1.php and it worked.
> >>Is
> >>that the case everywhere or could it just be my server?
>
> > No, it depends on the server set-up. The server can be configured to
> > run PHP within .html files, or mod_rewrite could be used, but it is
> > non-standard. Unless you have a particular reason why you can't use
> > .php file extensions, it should not be a problem.
>
> So it looks like my server does mod_rewrite. It's just this is the first
> time I had run into this.
>
> Thanks so much Stuart.
> Much appreciated,
> Thad
your server is set up to execute the php inside the files if they end
in .php which is normal. Stuart meant that if you have control over
the server you could change this to say only .pjio files or
a .phtml, .php and .php5 all at once etc.. whatever you choose,
or if you have access to the way apache works, (you probably do
via .htaccess files) you could rewrite (that is redirect) the URL that
your visitor has asked for, say script.html to script.php, but not let
the user know you have done it (a so called internal rewrite)
RewriteRule script.html script.php [L]
this would meant that while the file extension could remain .html, the
server is actually "forwarding" on the request to a file that ended
in .php which would be the script that would actually be doing the
work, whereas script.html would just be a fake, even a non existent
file that your user would see.
This is sometimes used in conjunction with other methods to hide the
server technology behind the dynamic pages, making it harder to
profile before an attack (since you could be using .NET jps and other
technologies apart from php)
Hope that clears it up a bit.
Navigation:
[Reply to this message]
|