综合编程

Tell Apache whether or not to run PHP on requests

微信扫一扫,分享到朋友圈

Tell Apache whether or not to run PHP on requests
0

I am using PHP with Apache and wonder if there is a way to indicate from the client side that the requested PHP file shouldn’t be executed/parsed. By standard, I want all PHP files to be executed when requested, but I want a way to indicate from the client side that the file should not be executed.

A nice solution would be to supply an extra header in the request using JavaScript and then write some code in a .htaccess
file to check if the header is present, and if it is tell apache to not execute the file and just serve it as text.

Using GET parameters or something else would also be okay.

Is this possible? If so, how?

supply an extra header in the request [using JavaScript] and then write some code in a .htaccess file to check if the header is present

You could get Apache to check for this (secret) header and internally rewrite the request to a viewAsSource.php
-type file that then reads the REQUEST_URI
(or a passed query string parameter) and returns the file source instead. Similar to @LucasKrupinski suggestion, except you don’t need to include anything in the PHP file itself.

For example, in your root .htaccess
file:

RewriteEngine On

# Block direct access to any file in the /tools directory
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^tools/ - [F]

# Display PHP source...
RewriteCond %{HTTP:X-Action} ^display-source$
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule (.+.php)$ tools/display-source.php?url=$1 [L]

For all .php
requests this checks for the X-Action
HTTP request header having a value of “display-source” and that the requested file exists. If these conditions are met then the request is internally written to a /tools/display-source.php
script, passing the URL in the url
parameter. You could instead check the $_SERVER['REQUEST_URI']
superglobal, but note that this also includes any query string that is passed on the request.

Then, in display-source.php
, something like:

<?php
$url = isset($_GET['url']) ? $_GET['url'] : null;
if (isset($url)) {
    $file = $_SERVER['DOCUMENT_ROOT].'/'.$url;
    // Validate $file....
    // :
    highlight_file($file);
}

阅读原文...


微信扫一扫,分享到朋友圈

Tell Apache whether or not to run PHP on requests
0

Hello, buddy!

王思聪陈赫周杰伦之后,鹿晗宣布成立Lstars电竞战队

上一篇

谈谈2018年技术趋势和架构规划

下一篇

评论已经被关闭。

插入图片

热门分类

往期推荐

Tell Apache whether or not to run PHP on requests

长按储存图像,分享给朋友