I heard somewhere that with .htaccess you can hide the entension of files so hackers don't know you're using php (to make it more secure or something?)?

So like example.com/sitemap.php would turn into example.com/sitemap/

How would I do this??

    There are several ways of doing this.

    1. Using mod_rewrite - this is cited everywhere - just search for it
    2. Configure Apache (with .htaccess or something else) to treat files which don't end in .php as PHP anyway, for example:
      <Files sitemap>
              ForceType application/x-httpd-php
      </Files>
      

    Would force the file "sitemap" to be treated as a PHP script even though it doesn't end in .php.

    You can also make any extension behave as .php by doing something like:

    # Make all .xxx files served by PHP
    AddType application/x-httpd-php .xxx
    

    In httpd.conf (may also work in .htaccess)


    In any case, you'll want to make sure that you have expose_php=Off in your php.ini (or configured somewhere, anyway) otherwise PHP will spit out

    X-Powered-by:PHP-something
    

    In the HTTP headers, also it will serve some images of logos and a small dog when certain "magic" query strings are sent

    (for example /info.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 )

    Mark

      Thanks 🙂
      I'll try those examples.

      One more question:

      Is there another way to turn off expose_php other than in php.ini because I don't "own" the server, it's a shared server I'm getting hosting from.

        Ok thanks.
        I'll ask them.

          Write a Reply...