 |
|
|
|
Next: Disable all CGI, mod_perl, PHP etc?
|
| Author |
Message |
External
Since: Jun 20, 2007
Posts: 2
|
(Msg. 1) Posted: Wed Jun 20, 2007 4:50 pm
Post subject: Disable .php handler for a specific browser,
Archived from groups: alt>apache>configuration, others (more info?)
|
|
|
Hi,
I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.
I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.
I know that you can create an Alias location "/dav", and disable the
..php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.
Laurent. |
|
| Back to top |
|
 | |
External
Since: Jun 20, 2007
Posts: 1
|
(Msg. 2) Posted: Wed Jun 20, 2007 4:50 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Jun 20, 10:50 am, Laurent ARNAL <laur....DeleteThis@clae.net> wrote:
> Hi,
>
> I would like to know if there is a way to remove/disable .php handler
> when the request come from a specific Browser.
>
> I ask this because I use dreamweaver / webdav to edit my .php files.
> But when I try to open the .php file in dreamweaver, what I see if the
> result of the .php executions, not the .php source files.
>
> I know that you can create an Alias location "/dav", and disable the
> .php handler for this location. It's a solution, but not the best I
> think. It would be better if we can disable .php runtime where
> dreamweaver Get the files.
>
> Laurent.
So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code? |
|
| Back to top |
|
| |
External
Since: Jun 07, 2007
Posts: 70
|
(Msg. 3) Posted: Wed Jun 20, 2007 4:50 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Jun 20, 11:17 pm, patpro ~ Patrick Proniewski
<pat....TakeThisOut@boleskine.patpro.net> wrote:
> In article <1182359802.321460.10....TakeThisOut@o61g2000hsh.googlegroups.com>,
>
> shimmyshack <matt.fa....TakeThisOut@gmail.com> wrote:
> > > And, by the way, in that context, i don't see the point of using a
> > > "<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
>
> > i think it's so that browsers can see the content without being asked
> > for credentials, whereas any agent which tries to use other verbs will
> > be required to authenticate. but explain your objection - I have been
> > wrong before!!!
>
> if you want to protect your code, you need to activate the
> authentication for every verb.
>
> patpro
>
> --http://www.patpro.net/
thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
* PROPPATCH
* MKCOL
* DELETE
* PUT
* COPY
* MOVE
* LOCK
* UNLOCK >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
External
Since: Jun 07, 2007
Posts: 70
|
(Msg. 4) Posted: Wed Jun 20, 2007 4:51 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Jun 20, 4:16 pm, Laurent ARNAL <laur... DeleteThis @clae.net> wrote:
> ZeldorBlat a écrit :
>
> > On Jun 20, 10:50 am, Laurent ARNAL <laur... DeleteThis @clae.net> wrote:
> >> Hi,
>
> >> I would like to know if there is a way to remove/disable .php handler
> >> when the request come from a specific Browser.
>
> >> I ask this because I use dreamweaver / webdav to edit my .php files.
> >> But when I try to open the .php file in dreamweaver, what I see if the
> >> result of the .php executions, not the .php source files.
>
> >> I know that you can create an Alias location "/dav", and disable the
> >> .php handler for this location. It's a solution, but not the best I
> >> think. It would be better if we can disable .php runtime where
> >> dreamweaver Get the files.
>
> >> Laurent.
>
> > So what would happen when I go to your website using Dreamweaver?
> > Should I be able to see all your PHP code?
>
> Hum,
>
> Good questions... !
> Perhaps also use some sort of control access, so it only disable the php
> runtime if I access with dreamweaver from the local network.
>
> laurent.
have you enabled the web_dav apache module?
<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module>
<IfModule authn_file_module>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"
<Directory "/path/to/your/files">
Dav On
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
AuthName DAV-upload
# /path/to/htpasswd -b /path/to/htpasswd.webdav user
AuthType Basic
AuthUserFile "/path/to/htpasswd.webdav"
<LimitExcept GET HEAD OPTIONS>
require valid-user
</LimitExcept>
</Directory>
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
</IfModule>
</IfModule>
</IfModule>
</IfModule> >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
|
patpro ~ Patrick Proniews
|
External
Since: May 30, 2005
Posts: 30
|
(Msg. 5) Posted: Wed Jun 20, 2007 5:04 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
In article <1182351161.144092.102030.RemoveThis@q69g2000hsb.googlegroups.com>,
ZeldorBlat <zeldorblat.RemoveThis@gmail.com> wrote:
> On Jun 20, 10:50 am, Laurent ARNAL <laur....RemoveThis@clae.net> wrote:
> > Hi,
> >
> > I would like to know if there is a way to remove/disable .php handler
> > when the request come from a specific Browser.
> >
> > I ask this because I use dreamweaver / webdav to edit my .php files.
> > But when I try to open the .php file in dreamweaver, what I see if the
> > result of the .php executions, not the .php source files.
> >
> > I know that you can create an Alias location "/dav", and disable the
> > .php handler for this location. It's a solution, but not the best I
> > think. It would be better if we can disable .php runtime where
> > dreamweaver Get the files.
> >
> > Laurent.
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your PHP code?
sounds great 
What you should do is setup an https webdav repository in an apache
alias directory, and disable php parsing for this alias. This is the
only secure way to do what you want.
patpro
--
http://www.patpro.net/ >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
External
Since: Jun 20, 2007
Posts: 2
|
(Msg. 6) Posted: Wed Jun 20, 2007 5:16 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
ZeldorBlat a écrit :
> On Jun 20, 10:50 am, Laurent ARNAL <laur....RemoveThis@clae.net> wrote:
>> Hi,
>>
>> I would like to know if there is a way to remove/disable .php handler
>> when the request come from a specific Browser.
>>
>> I ask this because I use dreamweaver / webdav to edit my .php files.
>> But when I try to open the .php file in dreamweaver, what I see if the
>> result of the .php executions, not the .php source files.
>>
>> I know that you can create an Alias location "/dav", and disable the
>> .php handler for this location. It's a solution, but not the best I
>> think. It would be better if we can disable .php runtime where
>> dreamweaver Get the files.
>>
>> Laurent.
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your PHP code?
>
Hum,
Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.
laurent. >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
External
Since: Jun 07, 2007
Posts: 70
|
(Msg. 7) Posted: Wed Jun 20, 2007 5:16 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
On Jun 20, 5:59 pm, patpro ~ Patrick Proniewski
<pat... DeleteThis @boleskine.patpro.net> wrote:
> In article <1182358276.836460.256... DeleteThis @n60g2000hse.googlegroups.com>,
>
> shimmyshack <matt.fa... DeleteThis @gmail.com> wrote:
> > <IfModule dav_module>
> > <IfModule dav_fs_module>
> > <IfModule setenvif_module>
> > <IfModule authn_file_module>
> > DavLockDB "/path/to/tmp/DavLock"
> > Alias /webdav "/path/to/your/files"
>
> > <Directory "/path/to/your/files">
> > Dav On
>
> ../..
>
> I think I would rather write <Location /webdav> instead of <Directory
> "/path/to/your/files">, and embed a "AddType text/html .php" into
> the <Location> block.
>
you could use
RemoveHandler .php
and so on for other types.
> And, by the way, in that context, i don't see the point of using a
> "<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
>
i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!
> patpro
>
> --http://www.patpro.net/ >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
|
patpro ~ Patrick Proniews
|
External
Since: May 30, 2005
Posts: 30
|
(Msg. 8) Posted: Wed Jun 20, 2007 6:59 pm
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
In article <1182358276.836460.256770.DeleteThis@n60g2000hse.googlegroups.com>,
shimmyshack <matt.farey.DeleteThis@gmail.com> wrote:
> <IfModule dav_module>
> <IfModule dav_fs_module>
> <IfModule setenvif_module>
> <IfModule authn_file_module>
> DavLockDB "/path/to/tmp/DavLock"
> Alias /webdav "/path/to/your/files"
>
> <Directory "/path/to/your/files">
> Dav On
.../..
I think I would rather write <Location /webdav> instead of <Directory
"/path/to/your/files">, and embed a "AddType text/html .php" into
the <Location> block.
And, by the way, in that context, i don't see the point of using a
"<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
patpro
--
http://www.patpro.net/ >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
|
patpro ~ Patrick Proniews
|
External
Since: May 30, 2005
Posts: 30
|
(Msg. 9) Posted: Thu Jun 21, 2007 12:17 am
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
In article <1182359802.321460.10040 RemoveThis @o61g2000hsh.googlegroups.com>,
shimmyshack <matt.farey RemoveThis @gmail.com> wrote:
> > And, by the way, in that context, i don't see the point of using a
> > "<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
> >
>
> i think it's so that browsers can see the content without being asked
> for credentials, whereas any agent which tries to use other verbs will
> be required to authenticate. but explain your objection - I have been
> wrong before!!!
if you want to protect your code, you need to activate the
authentication for every verb.
patpro
--
http://www.patpro.net/ >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
|
patpro ~ Patrick Proniews
|
External
Since: May 30, 2005
Posts: 30
|
(Msg. 10) Posted: Thu Jun 21, 2007 6:06 am
Post subject: Re: Disable .php handler for a specific browser, [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
|
|
|
In article <1182378316.629675.293940.RemoveThis@k79g2000hse.googlegroups.com>,
shimmyshack <matt.farey.RemoveThis@gmail.com> wrote:
> > if you want to protect your code, you need to activate the
> > authentication for every verb.
>
> thats not the case, since for GET HEAD ther server parses and doesnt
> realease code. Wheras for the common webdav verbs this is not the
> case:
> * PROPFIND
....
WebDAV uses "GET" to retrieve files, so if Apache parses your code on
"GET", your WebDAV is useless as a mean to access and edit your code.
patpro
--
http://www.patpro.net/ >> Stay informed about: Disable .php handler for a specific browser, |
|
| Back to top |
|
| |
| Related Topics: | Disable error log for a specific page - For example, if 404 not foudn on A.html, ignore it and don't record on the error log, other 404 not found will be logged is it possible to do this? thanks.
IF statement to control logging to specific files based up.. - Goal: Log to specific files based upon the browser name. I noticed that there's a <IfDefine parameter> statement for the httpd.conf file. But it seems to be used when defining parameters on the command-line... unless I'm misreading the documentati...
Apache ASP Handler? - I have an ASP mailer script (aspmailer.asp) that mails forms fine under a MS IIS server, but other host server running Apache needs configuring. The host uses a front end called :cpanel.. & I try entering the extension ..asp in the Apache handlers...
Using a running process as handler - I am writing a C program that will be constantly running in the background of the web server. Whenever an HTTP request comes in through apache, I would like apache to hand it off to my running process. This is similar to a standard CGI aproach, except ...
Running .exe form handler - Hi All, I'm switching to Apache from IIS on an XP system. My current site has several form handlers written in visual basic 6 which work fine. In IIS, all I had to do was set the permissions for the forms/cgi_bin to allow executables. I can't.. |
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
|
|
|
FAQ
Profile
Private Messages
Log in
