Apache Security Tip: Serve php / cgi file using different file type / extension

last updated in Categories Apache, FreeBSD, Howto, lighttpd, Linux, Security

It is possible to serve .php or .cgi / .pl file using different file type / extension name. This will improve security. For example, server .html as .php file, add following to your httpd.conf or .htaccess file:
# serve .html files as php files
AddType application/x-httpd-php .html
# serve .nix files as cgi files
AddType application/x-httpd-cgi .nix

If you are using Lighttpd web server add following to serve php as .html file:
fastcgi.map-extensions = ( ".html" => ".php" )

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Share this on (or read 2 comments/add one below):

2 comment

  1. Security through obscurity? Yeah, you’ll confuse some of the punk element, but that’s about it. And you’re adding a _ton_ of effort if you want to use any mainstream web application.

    Have a question? Post it on our forum!