Many shared server environments currently run .php scripts using the PHP4 interpreter and .php5 code using the PHP5 interpreter. Rather than changing all your file extensions, and perhaps breaking many links, use a .htaccess file to dynamically map one extension to the other.
IMPORTANT CAVEAT:One common reason for doing this is that hosts leave PHP4 configured with register_globals ON in order to support legacy code while offering PHP5 with register_globals OFF. If you are on a shared server at a host that has configured register_globals ON server wide, you should be very worried!
Turning register globals OFF via a local php.ini or a .htaccess file will NOT offer you any extra protection. Another exploited account on your server can simple hack yours. For server security, and since php 4.2, register globals is OFF server wide by default (php default). Any host overriding this is inviting trouble. If you need register globals ON for a specific site, simple use a .htaccess file for that specific directory, and server wide security will not be compromised. Of course, if you do this be sure all effected scripts fully sanitize input data.
1. Your Apache server must be configured to use .htaccess files. If not, you may be able to request this from your host.
2. Your Apache configuration must allow the following setting. If not, you may be able to request this from your host.
3. Your host must have configured the .php and .php5 file extensions as described above. If not, they may possibly have chosen other extensions. Check with your host.
1. Check to be sure your site is configured to use .htaccess files.
2. Make a backup of the .htaccess file in your root public_http directory. If you don't have a .htaccess file at this location, create one now.
3. There are various ways to set the comman, depending on your server configuration. One of the following will probably work. Add ONE the following lines at the end of your .htaccess file. If unsure which to use, check with your hosting provider on which version works best for your configuration.
4. Carefully test.
Code: Select all
AddType x-mapp-php5 .php AddHandler application/x-httpd-php5 .php AddHandler cgi-php5 .php
5. Delete the backup .htaccess file. Don't leave backups of .htaccess files in public directories.
Back to Security FAQ Table of Contents
Search Keywords: htaccess, .htaccess, PHP5, PHP4