Reputation: 18296
Why does Apache execute php file on calling file without extension
Today I found a strange thing on my server. I created a php file (test.php) and wrote some php codes inside it. then I call it using
http://127.0.0.1/test
and the "test.php" executed ! How does it understand to run test.php when there is no .php ? there is no htaccess file on my root directory to tell the apache do that. I guess it may causes security problem. How can I prevent it ?
My OS is ubuntu and the web server is Apache2.
Upvotes: 4
Views: 2889
Answers (2)
Reputation: 1093
This happens because of MultiViews (it's enabled somewhere in the "Options" for that directory).
Have a look here: http://httpd.apache.org/docs/current/content-negotiation.html#negotiation for details on how it works.
Upvotes: 7
Reputation: 31
Check your apache config (/etc/apache2/sites-available/[site_name or default]), it probably contains mod_rewrite instructions, for example:
RewriteEngine on
RewriteBase /
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule ^(([^/]+/)*[^.]+)$ /$1.php [L]
If you comment them out with # and restart apache, accessing /test without specifying extension should no longer work.
Upvotes: 3
Related Questions
- Apache shows PHP code instead of executing it
- Running PHP files under differed file type suffix
- Apache runs php files with or without .php extension
- Apache executes code in files that have .php prepended before extension ex: .php.txt , php.pdf
- Why is Apache executing .php.html files as PHP?
- Apache downloads php files instead of executing script
- PHP don't load extension
- PHP isn't working in file without extension
- Prevent server behaviour : executing scripts without extension
- Server showing php script as it is without executing