Skip to content

Instantly share code, notes, and snippets.

Last active June 2, 2021 22:15
  • Star 9 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save ohader/11d737de95895f8ca16495a8b7001c45 to your computer and use it in GitHub Desktop.
Apache HTML, SVG, PHP restricted handlers
# Additions to existing Apache's .htaccess rules
# Security: Enforce file types matching at end of filename only
# see
# see
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
RemoveHandler .php
# PHP's default configuration allows `.php`, `.phar` and `.phtml`:
# <FilesMatch ".+\.ph(ar|p|tml)$">
# The example below is using a restrictive approach, just allowing .php files.
<FilesMatch ".+\.php$">
# Value `php-fcgid` is the name of the handler for THIS example configuration -
# it might be different on other hosts. In most cases this can be identified
# via `phpinfo();` and search for e.g. `$_SERVER[REDIRECT_HANDLER]`
# + CGI:
# + FPM: see
# + default:
SetHandler php-fcgid
# SetHandler php-script
# SetHandler application/x-httpd-php
# This is a potential alternative in case the previous settings do not work for PHP
# RemoveType .php
# <FilesMatch ".+\.php$">
# AddType application/x-httpd-php .php
# SetHandler application/x-httpd-php
# </FilesMatch>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment