i'm running SuSE 9.3 with apache 2.x and recently installed the latest
my problem here is that one out of a thousand times the apache web
server doesn't parse the PHP file.
it sort of doesn't get send to the PHP interpreter by apache and then
offers the php file to be downloaded.
it happens with firefox, mozilla & IE all version.
i'm aware that the problem is with apache not sending the php file to
the PHP interpretor ...
apache configs are setup properly as 99,8% of the time it works perfectly!
but once in a while it doesn't and then you can download the php file
and actually can see the complete php source code.
which is of course not so good ;-)
actually there's nothing to worry that much as most critical php files
are outside the document root and hereby not accessible by a user
or if they are in the document root they are protected by a .htaccess file
i have seen this bug of downloading a php file also on other websites
... occasionally it also does happen on other websites ...
but if i do download the php file then it always has 0 bytes ... just an
empty file with nothing in it!
but in my case it displays the full source code of that file!
so i came across mod_security a few years ago to prevent comment SPAM
and it has worked perfectly without any problems.
then i have learned that mod_security can also be used to scan the
outbound traffic / response body to prevent source code leakage ... SQL
leakage and so on ...
so i installed the newest mod_security 2.5.10 and used the default rules
provided with the package ...
turned on the response body to be scanned ...
SecResponseBodyMimeType (null) text/html text/plain text/xml
and included some rulesets ...
in the hope that this will scan the response body to prevent PHP source
code leakage ...
i also commented out a few rules that i don't need on my machine and in
general it works when i look into the modsecurity_audit_log
modsecurity catches lots of SPAM and also a few SQL warnings ...
but after all ... from time to time ... i'm still offered to download
the PHP file with the FULL SOURCE CODE in it!!!
which is of course a mess and i don't want this to happen at all ;-)
again ... i'm aware that the problem it with apache not sending the php
file to the php interpretor.
but the apache configs are fine and it works 99,8% of the time ...
so my question is ... can i use modsecurity to prevent this from happening?
how can i achieve that modsecurity scans the response body and just
stops sending out php code?
or how can i do it like on other websites that the file i download has
always ZERO bytes in it?
is this possible to do with modsecurity or do i have to look somewhere else?
any help would be greatly appreciated ;-)
thanks a million & wish you all a nice day ...
best of luck