Skip to content

Instantly share code, notes, and snippets.

@ohader
Last active June 2, 2021 22:15
Show Gist options
  • Save ohader/11d737de95895f8ca16495a8b7001c45 to your computer and use it in GitHub Desktop.
Save ohader/11d737de95895f8ca16495a8b7001c45 to your computer and use it in GitHub Desktop.
Apache HTML, SVG, PHP restricted handlers
# Additions to existing Apache's .htaccess rules
# Security: Enforce file types matching at end of filename only
# see https://docs.typo3.org/m/typo3/reference-coreapi/10.4/en-us/Security/GuidelinesAdministrators/Index.html#file-extension-handling
# see https://httpd.apache.org/docs/2.4/mod/mod_mime.html#multipleext
<IfModule mod_mime.c>
RemoveType .html .htm
<FilesMatch ".+\.html?$">
AddType text/html .html
AddType text/html .htm
</FilesMatch>
RemoveType .svg .svgz
<FilesMatch ".+\.svgz?$">
AddType image/svg+xml .svg
AddType image/svg+xml .svgz
</FilesMatch>
RemoveHandler .php
# PHP's default configuration allows `.php`, `.phar` and `.phtml`:
# <FilesMatch ".+\.ph(ar|p|tml)$">
#
# The example below is using a restrictive approach, just allowing .php files.
<FilesMatch ".+\.php$">
# IMPORTANT:
# Value `php-fcgid` is the name of the handler for THIS example configuration -
# it might be different on other hosts. In most cases this can be identified
# via `phpinfo();` and search for e.g. `$_SERVER[REDIRECT_HANDLER]`
# + CGI: https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-cgi.conf
# + FPM: see https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php-fpm.conf
# + default: https://salsa.debian.org/php-team/php/-/blob/dc253886b5b2e9bc8d9e36db787abb083a667fd8/debian/php.conf
SetHandler php-fcgid
# SetHandler php-script
# SetHandler application/x-httpd-php
</FilesMatch>
# This is a potential alternative in case the previous settings do not work for PHP
#
# RemoveType .php
# <FilesMatch ".+\.php$">
# AddType application/x-httpd-php .php
# SetHandler application/x-httpd-php
# </FilesMatch>
</IfModule>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment