From: L. Christopher Luther <CLuther@Xybernaut.com> - 2004-01-14 21:16:27
Can someone tell me the difference between RH 8.0 Apache's default
configuration for PHP handling:
And what the mod_security docs suggest for the Apache/PHP configuration:
AddHandler application/x-httpd-php .php
I'm using the vanilla RH 8.0 Apache/PHP configuration, but with regard to
mod_security's dynamic request handling, I'm wondering what is best.
L. Christopher Luther
Xybernaut Solutions, Inc.
PGP Public KeyID: 0x21261B88
CONFIDENTIALITY NOTE: This communication contains
information that is confidential and/or legally privileged.
This information is intended only for the use of the individual
or entity named on this communication. If you are not the
intended recipient, you are hereby notified that any disclosure,
copying, distribution, printing or other use of, or any action
in reliance on, the contents of this communication is strictly
prohibited. If you receive this communication in error, please
immediately notify us by telephone at (703) 631-6925.
Unsolicited commercial e-mail will automatically be
reported to the appropriate abuse@ - without exception.
From: Ivan Ristic <ivanr@we...> - 2004-01-14 21:27:19
L. Christopher Luther wrote:
> Can someone tell me the difference between RH 8.0 Apache's default
> configuration for PHP handling:
> <Files *.php>
> SetOutputFilter PHP
> SetInputFilter PHP
> LimitRequestBody 524288
Strictly speaking, that's RedHat's default configuration, since
Apache does not ship with PHP originally.
The interface between PHP and Apache can be implemented in two
different ways. PHP developers first attempted to
implement PHP as an Apache filter. They have since abandoned
that approach, going back to the "good old handler" approach.
PHP 4.3.4 still ships with both interfaces but, as far as I
know, apache2handler is being recommended as "the right way
to do it".
> And what the mod_security docs suggest for the Apache/PHP configuration:
> AddHandler application/x-httpd-php .php
> I'm using the vanilla RH 8.0 Apache/PHP configuration, but with regard to
> mod_security's dynamic request handling, I'm wondering what is best.
I would go with the mod_security way ;)
[ Open source IDS for Web applications ]