By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
449,002 Members | 1,294 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 449,002 IT Pros & Developers. It's quick & easy.

Disable .php handler for a specific browser,

P: n/a
Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
..php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.
Laurent.
Jun 20 '07 #1
Share this Question
Share on Google+
9 Replies


P: n/a
On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.netwrote:
Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.

Laurent.
So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

Jun 20 '07 #2

P: n/a
In article <11**********************@q69g2000hsb.googlegroups .com>,
ZeldorBlat <ze********@gmail.comwrote:
On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.netwrote:
Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.

Laurent.

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?
sounds great ;)

What you should do is setup an https webdav repository in an apache
alias directory, and disable php parsing for this alias. This is the
only secure way to do what you want.

patpro

--
http://www.patpro.net/
Jun 20 '07 #3

P: n/a
ZeldorBlat a écrit :
On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.netwrote:
> Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.

Laurent.

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?
Hum,

Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.
laurent.
Jun 20 '07 #4

P: n/a
On Jun 20, 4:16 pm, Laurent ARNAL <laur...@clae.netwrote:
ZeldorBlat a écrit :
On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.netwrote:
Hi,
I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.
I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.
I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.
Laurent.
So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

Hum,

Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.

laurent.
have you enabled the web_dav apache module?

<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module>
<IfModule authn_file_module>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"

<Directory "/path/to/your/files">
Dav On
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
AuthName DAV-upload

# /path/to/htpasswd -b /path/to/htpasswd.webdav user
AuthType Basic
AuthUserFile "/path/to/htpasswd.webdav"

<LimitExcept GET HEAD OPTIONS>
require valid-user
</LimitExcept>
</Directory>
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=On
</IfModule>
</IfModule>
</IfModule>
</IfModule>
Jun 20 '07 #5

P: n/a
In article <11**********************@n60g2000hse.googlegroups .com>,
shimmyshack <ma********@gmail.comwrote:
<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module>
<IfModule authn_file_module>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"

<Directory "/path/to/your/files">
Dav On
.../..

I think I would rather write <Location /webdavinstead of <Directory
"/path/to/your/files">, and embed a "AddType text/html .php" into
the <Locationblock.

And, by the way, in that context, i don't see the point of using a
"<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.

patpro

--
http://www.patpro.net/
Jun 20 '07 #6

P: n/a
On Jun 20, 5:59 pm, patpro ~ Patrick Proniewski
<pat...@boleskine.patpro.netwrote:
In article <1182358276.836460.256...@n60g2000hse.googlegroups .com>,

shimmyshack <matt.fa...@gmail.comwrote:
<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module>
<IfModule authn_file_module>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"
<Directory "/path/to/your/files">
Dav On

../..

I think I would rather write <Location /webdavinstead of <Directory
"/path/to/your/files">, and embed a "AddType text/html .php" into
the <Locationblock.
you could use
RemoveHandler .php
and so on for other types.
And, by the way, in that context, i don't see the point of using a
"<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!
patpro

--http://www.patpro.net/

Jun 20 '07 #7

P: n/a
In article <11*********************@o61g2000hsh.googlegroups. com>,
shimmyshack <ma********@gmail.comwrote:
And, by the way, in that context, i don't see the point of using a
"<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.

i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!
if you want to protect your code, you need to activate the
authentication for every verb.

patpro

--
http://www.patpro.net/
Jun 20 '07 #8

P: n/a
On Jun 20, 11:17 pm, patpro ~ Patrick Proniewski
<pat...@boleskine.patpro.netwrote:
In article <1182359802.321460.10...@o61g2000hsh.googlegroups. com>,

shimmyshack <matt.fa...@gmail.comwrote:
And, by the way, in that context, i don't see the point of using a
"<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

if you want to protect your code, you need to activate the
authentication for every verb.

patpro

--http://www.patpro.net/
thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
* PROPPATCH
* MKCOL
* DELETE
* PUT
* COPY
* MOVE
* LOCK
* UNLOCK

Jun 20 '07 #9

P: n/a
In article <11**********************@k79g2000hse.googlegroups .com>,
shimmyshack <ma********@gmail.comwrote:
if you want to protect your code, you need to activate the
authentication for every verb.
>
thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
....

WebDAV uses "GET" to retrieve files, so if Apache parses your code on
"GET", your WebDAV is useless as a mean to access and edit your code.

patpro

--
http://www.patpro.net/
Jun 21 '07 #10

This discussion thread is closed

Replies have been disabled for this discussion.