Re: [mod-security-users] Apache/PHP Configuration

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

L. Christopher Luther wrote:
> Can someone tell me the difference between RH 8.0 Apache's default
> configuration for PHP handling:  
> 
>     <Files *.php>
>        SetOutputFilter PHP
>        SetInputFilter PHP
>        LimitRequestBody 524288
>     </Files>

  Strictly speaking, that's RedHat's default configuration, since
  Apache does not ship with PHP originally.

  The interface between PHP and Apache can be implemented in two
  different ways. PHP developers first attempted to
  implement PHP as an Apache filter. They have since abandoned
  that approach, going back to the "good old handler" approach.

  PHP 4.3.4 still ships with both interfaces but, as far as I
  know, apache2handler is being recommended as "the right way
  to do it".

> And what the mod_security docs suggest for the Apache/PHP configuration:  
> 
>     AddHandler application/x-httpd-php .php  
> 
> I'm using the vanilla RH 8.0 Apache/PHP configuration, but with regard to
> mod_security's dynamic request handling, I'm wondering what is best.  

  I would go with the mod_security way ;)

-- 
ModSecurity (http://www.modsecurity.org)
[ Open source IDS for Web applications ]