Apache Security Tip: Serve php / cgi file using different file type / extension

by on December 3, 2007 · 2 comments· LAST UPDATED December 3, 2007

in , ,

It is possible to serve .php or .cgi / .pl file using different file type / extension name. This will improve security. For example, server .html as .php file, add following to your httpd.conf or .htaccess file:
# serve .html files as php files
AddType application/x-httpd-php .html
# serve .nix files as cgi files
AddType application/x-httpd-cgi .nix

If you are using Lighttpd web server add following to serve php as .html file:
fastcgi.map-extensions = ( ".html" => ".php" )

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 2 comments… read them below or add one }

1 Lane December 3, 2007 at 7:32 pm

“This will improve security. ”

I may be being thick here, but how so?

Reply

2 Sean December 4, 2007 at 3:53 am

Security through obscurity? Yeah, you’ll confuse some of the punk element, but that’s about it. And you’re adding a _ton_ of effort if you want to use any mainstream web application.

Reply

Leave a Comment

Tagged as: , , , , , , , , , ,

Previous post:

Next post: