"prevent php from parsing non-php files such as somefile.php.txt" Code Answer


It turns out that the default settings of CentOS Apache actually allow this and it is a known vulnerability. In order to fix it, you will need to edit your Apache config settings. Your PHP settings are typically in /etc/httpd/conf.d/php.conf. The default looks like this

AddHandler php5-script .php
AddType text/html .php

We need to change it to

#AddHandler php5-script .php
<FilesMatch .php$>
    SetHandler application/x-httpd-php
AddType text/html .php

Restart Apache and that should be the end of parsing any file with an extension after .php

Now, that $ is very important because this is using regex and within regex a $ means "end of string". So that means the file has to END with .php (i.e. no .php.txt) to be parsed by PHP.

By LinuxDevOps on September 7 2022

Answers related to “prevent php from parsing non-php files such as somefile.php.txt”

Only authorized users can answer the search term. Please sign in first, or register a free account.