I found out that if I disable the PHP module in my Apache Apache delivers all PHP pages in plain text so that everyone can read secret information like database passwords, etc. I have enabled the PHP module again, and it's working fine, but what if the module fails for some reason? Is there a way to tell Apache to not deliver PHP pages at all if the PHP module is not available? lola
I had to set up a Wikimedia Wiki once, and it needs the same feature for certain directories for security reasons. I had to put the following lines in the virtual host container in my httpd.conf: Code: <IfModule !mod_php4.c> <Files ~ '.php$'> Order allow,deny Deny from all Allow from none </Files> <Files ~ '.phps'> Order deny,allow Allow from all </Files> </IfModule> That's for Apche 1.3 and PHP4. If you use Apache 2.0, use Code: <IfModule !sapi_apache2.c> instead of Code: <IfModule !mod_php4.c> And don't forget to restart your Apache! jojo
