Apache Security Tip: Serve php / cgi file using different file type / extension

December 3, 2007in Apache, FreeBSD, Howto, lighttpd, Linux, Security last updated December 3, 2007

It is possible to serve .php or .cgi / .pl file using different file type / extension name. This will improve security. For example, server .html as .php file, add following to your httpd.conf or .htaccess file:
# serve .html files as php files AddType application/x-httpd-php .html # serve .nix files as cgi files AddType application/x-httpd-cgi .nix
If you are using Lighttpd web server add following to serve php as .html file:
fastcgi.map-extensions = ( ".html" => ".php" )

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

2 comment

Lane says:

December 3, 2007 at 7:32 pm

“This will improve security. ”

I may be being thick here, but how so?
Sean says:

December 4, 2007 at 3:53 am

Security through obscurity? Yeah, you’ll confuse some of the punk element, but that’s about it. And you’re adding a _ton_ of effort if you want to use any mainstream web application.

Comments are closed.

Tagged as: cgi files, change script extension, extension name, htaccess file, html files, html php, httpd, improve security, php files, php html, web server

Posted by: Vivek Gite

Share this on:

2 comment