From: L. Christopher Luther <CLuther@Xybernaut.com> - 2004-01-14 22:04:45
Well, I dropped the RH default configuration, that is the input/output
filters, added the handler, and restarted Apache. Now when I hit the home
page of the web server, I see nice, clean PHP code instead of a running
So, I'm back to the input/output filtering.
Maybe it's because RH 8.0 uses Apache 2.0.40 and PHP 4.2.2...
From: Ivan Ristic [mailto:ivanr@...]
Sent: Wednesday, January 14, 2004 4:30 PM
To: L. Christopher Luther
Cc: ModSecurity-Users (E-mail)
Subject: Re: [mod-security-users] Apache/PHP Configuration
L. Christopher Luther wrote:
> Can someone tell me the difference between RH 8.0 Apache's default
> configuration for PHP handling:
> <Files *.php>
> SetOutputFilter PHP
> SetInputFilter PHP
> LimitRequestBody 524288
Strictly speaking, that's RedHat's default configuration, since
Apache does not ship with PHP originally.
The interface between PHP and Apache can be implemented in two
different ways. PHP developers first attempted to
implement PHP as an Apache filter. They have since abandoned
that approach, going back to the "good old handler" approach.
PHP 4.3.4 still ships with both interfaces but, as far as I
know, apache2handler is being recommended as "the right way
to do it".
> And what the mod_security docs suggest for the Apache/PHP configuration:
> AddHandler application/x-httpd-php .php
> I'm using the vanilla RH 8.0 Apache/PHP configuration, but with regard to
> mod_security's dynamic request handling, I'm wondering what is best.
I would go with the mod_security way ;)
[ Open source IDS for Web applications ]
Get latest updates about Open Source Projects, Conferences and News.