I heard somewhere that with .htaccess you can hide the entension of files so hackers don't know you're using php (to make it more secure or something?)?
So like example.com/sitemap.php would turn into example.com/sitemap/
How would I do this??
I heard somewhere that with .htaccess you can hide the entension of files so hackers don't know you're using php (to make it more secure or something?)?
So like example.com/sitemap.php would turn into example.com/sitemap/
How would I do this??
There are several ways of doing this.
<Files sitemap>
ForceType application/x-httpd-php
</Files>
Would force the file "sitemap" to be treated as a PHP script even though it doesn't end in .php.
You can also make any extension behave as .php by doing something like:
# Make all .xxx files served by PHP
AddType application/x-httpd-php .xxx
In httpd.conf (may also work in .htaccess)
In any case, you'll want to make sure that you have expose_php=Off in your php.ini (or configured somewhere, anyway) otherwise PHP will spit out
X-Powered-by:PHP-something
In the HTTP headers, also it will serve some images of logos and a small dog when certain "magic" query strings are sent
(for example /info.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 )
Mark
Thanks
I'll try those examples.
One more question:
Is there another way to turn off expose_php other than in php.ini because I don't "own" the server, it's a shared server I'm getting hosting from.
http://uk.php.net/ini.core <-- No, you can't change expose_php anywhere except in php.ini
Perhaps your hosting provider will do it for you.
Mark
Ok thanks.
I'll ask them.