Apache2 + fcgid download script when query string ends with ".php"

267 Views Asked by rogeriolino At 20 October 2024 at 21:45

I'm migrating a apache2+php server to mod_fcgid, and when I try to access a link that ends with ".php", the server print out the php source.

GET: http://host/?inc=test.php
Does download of the index.php script

But when I fix the index.php works.

GET: http://host/index.php?inc=test.php
Show the correct page content

In my site config:

Options Indexes FollowSymLinks MultiViews +ExecCGI
AllowOverride AuthConfig FileInfo Limit
AddHandler fcgid-script .php
FcgidWrapper /var/www/cgi-bin/fcgi-starter .php

Where fcgi-starter is a custom sh to wrap /etc/php5/cgi

#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
export PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_CHILDREN=8
exec /usr/lib/cgi-bin/php

How to change the config to ignore the query string?

Regards

Original Q&A

There are 1 best solutions below

René Höhle On 23 October 2012 at 16:32

I think the question is better for ServerFault. But i think

?inc=test.php

is no really good solution. I hope you have prevent the remote inclusion to hack your site and read files from your server.

when you now, that your include file is everytime a php file then remove .php from your url and add them in your script.

But its better when you define it in your script then you don't have any problems.

$incFile = false;

switch($_GET['inc']):
    case 'test':
        $incFile = 'test.php';
    break;
default:
    $incFile = 'nofile.php';

Apache2 + fcgid download script when query string ends with ".php"

There are 1 best solutions below

Related Questions in PHP

Related Questions in APACHE2

Related Questions in DEBIAN

Related Questions in MOD-FCGID

Trending Questions

Popular # Hahtags

Popular Questions