I have a habit of using Kate to edit files in webspace directly, which creates temporary files in the format filename~ - e.g. myfile.php~. The problem with this is that apache then serves these files as text, so the contents of any php pages (potentially including sensitive information) are dumped straight to the browser. What is the best method for getting ISPconfig to tighten up on this? Or should I go directly to the Apache config files? Thanks..!
Yes, that would make sense, but I'm partly just thinking that for security generally it would make more sense to include only specific file types.
In case of an unrecognized file type Your browser will ask what would You like to do with it.You can specify a new filetype in /etc/mime.types but this would concern only the specified type. It would be ok if wildcards could be used there.That would solve the problem but I don't know if they can be used.
You can also configure kate in order to prefix the bakup file instead of suffix. Something like bak_myfile.php or .myfile.php this should also solve your problem.
Or you might add the filetype .php~ to addtype lines that ISPConfig adds to your vhosts. The lines where written in the file /root/ispconfig/scripts/lib/config.lib.php in the function make_vhost
