Their site runs on ExpressionEngine and uses ForceType in the htaccess file to change the name of the file (to “site”). Like this. When this directive is set to All, then any directive which has ss Context ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter. If yes, please add the below code in ss file under the account. AddHandler application/ >> Server with php5.

Author: Akitaxe Sajind
Country: Bermuda
Language: English (Spanish)
Genre: Sex
Published (Last): 23 August 2011
Pages: 278
PDF File Size: 14.90 Mb
ePub File Size: 6.19 Mb
ISBN: 509-5-85524-961-1
Downloads: 14449
Price: Free* [*Free Regsitration Required]
Uploader: Dur

Michael Gaskill 6, 10 32 Registration at Web Hosting Talk is completely free and takes only a few htafcess. If you want to use pretty URLs i. Anyone who allows for uploading of files without correctly checking the contents of the uploaded file is asking for trouble no matter what. Michael Allan 1, 15 Trust me, it’s an extremely special file, and this is the only way to do it.

No, this doesn’t look like it follows PCRE. I’m not sure what the best way to correct this is, but here it is In general, security by obscurity is one of the weakest forms of security. This will fail after upgrading to 2.

Old servers only This will fail after upgrading to 2. Another tactic is to configure web servers such as apache to parse different filetypes through PHPeither with an. Log in with your username and password. Search for the config variable you modified, and if it’s different than default, the change was made successfully.

Instead, we would employ htacxess php. To hide PHP, you need following php. I hate inconsistency in technologies.

Also take note that as opposed to a. Then all files with an extension will be processed as normal. You can find more information here: Remember that if your site has feature were user can upload a file, then it could cause user uploaded file to forcetyep as PHP and then you know So, something like that but with the ability to be as cross-server as possible, and able to limit it to only one file.


The need for the above modification is complex, but only necessary in cases where the first method fails for some unknown reason.

php – .htaccess and ForceType question – extensionless files? – Stack Overflow

The top of the file is meant for custom php. I found the same answer as kbk. Sign up using Email and Password. That was until my friend tried running my scripts on his HostGator account. Previously I did it this htaccezs It should be possible to use setifempty here instead of the -z expression.

Sign up or log in Sign up using Google. What you are doing is not advised. Areeb Soo Yasir 2 7.

PHP: Hiding PHP – Manual

Chris “Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them.

Now the URLs will look like this: Add [NC] to RewriteCond like this: The best solution I’ve found is to set up a virtual host which I do for everything, even the default doc root and override the trailing characters handling within the virtual host.

Originally Posted by etogre. Hopefully it will work for all server types. By clicking “Post Your Answer”, you acknowledge that you have read our updated terms of serviceprivacy policy and cookie policyand that your continued use of the website is subject to these policies.


It does work in top-level directory AND subdirectories and it doesn’t need hardcoding the RewriteBase. CASE 1 First, let’s use an example. By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service.

Okay, so basically that code I pasted above and claimed work actually doesn’t This is what will: And use the ServerTokens min directive in your httpd. The time now is The Apache parsing is a subset of that.

Hiding PHP

Hiding the fact that you use [x] language isn’t going to prevent me from bypassing poor security. Simply make a new. I’m not questioning your need to use server-side programming to generate javascript, just the value of the deception calling it a.

In other words, it mimics the behaviour of the old DefaultType directive:. Oh yea, it gets even better when you play with stuff like the following: The above code somehow works, but I’m not sure why though You can then use misleading file extensions: By registering you’ll gain: You might mean that it doesn’t create an error, or that it has some sort of other unexpected behavior that is useful.

All times are GMT True, but putting that in answer as a warning might not be bad idea, as we know few people might go ahead and copy paste it.