Disable .php handler for a specific browser,

**ZeldorBlat** · Jun 20 '07, 02:55 PM

Re: Disable .php handler for a specific browser,

On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.n etwrote:

Hi,
>
I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.
>
I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.
>
I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.
>
Laurent.

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

**patpro ~ Patrick Proniewski** · Jun 20 '07, 03:15 PM

Re: Disable .php handler for a specific browser,

In article <1182351161.144 092.102030@q69g 2000hsb.googleg roups.com>,
ZeldorBlat <zeldorblat@gma il.comwrote:

On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.n etwrote:

Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.

Laurent.

>
So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

sounds great ;)

What you should do is setup an https webdav repository in an apache
alias directory, and disable php parsing for this alias. This is the
only secure way to do what you want.

patpro

--

Cognitive Overhead

http://www.patpro.net/

Cognitive Overhead

**Laurent ARNAL** · Jun 20 '07, 03:25 PM

Re: Disable .php handler for a specific browser,

ZeldorBlat a écrit :

On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.n etwrote:

> Hi,
>>
>I would like to know if there is a way to remove/disable .php handler
>when the request come from a specific Browser.
>>
>I ask this because I use dreamweaver / webdav to edit my .php files.
>But when I try to open the .php file in dreamweaver, what I see if the
>result of the .php executions, not the .php source files.
>>
>I know that you can create an Alias location "/dav", and disable the
>.php handler for this location. It's a solution, but not the best I
>think. It would be better if we can disable .php runtime where
>dreamweaver Get the files.
>>
> Laurent.

>
So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?
>

Hum,

Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.

laurent.

**shimmyshack** · Jun 20 '07, 04:55 PM

Re: Disable .php handler for a specific browser,

On Jun 20, 4:16 pm, Laurent ARNAL <laur...@clae.n etwrote:

ZeldorBlat a écrit :
>

On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.n etwrote:

Hi,

>

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

>

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

>

I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.

>

Laurent.

>

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

>
Hum,
>
Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.
>
laurent.

have you enabled the web_dav apache module?

<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module >
<IfModule authn_file_modu le>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"

<Directory "/path/to/your/files">
Dav On
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
AuthName DAV-upload

# /path/to/htpasswd -b /path/to/htpasswd.webdav user
AuthType Basic
AuthUserFile "/path/to/htpasswd.webdav "

<LimitExcept GET HEAD OPTIONS>
require valid-user
</LimitExcept>
</Directory>
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^Dreamweav er-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnabl eQueryStringHac k=On
</IfModule>
</IfModule>
</IfModule>
</IfModule>

**patpro ~ Patrick Proniewski** · Jun 20 '07, 05:05 PM

Re: Disable .php handler for a specific browser,

In article <1182358276.836 460.256770@n60g 2000hse.googleg roups.com>,
shimmyshack <matt.farey@gma il.comwrote:

<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module >
<IfModule authn_file_modu le>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"
>
<Directory "/path/to/your/files">
Dav On

.../..

I think I would rather write <Location /webdavinstead of <Directory
"/path/to/your/files">, and embed a "AddType text/html .php" into
the <Locationbloc k.

And, by the way, in that context, i don't see the point of using a
"<LimitExce pt GET HEAD OPTIONS>" block to ask for authentication.

patpro

--

Cognitive Overhead

http://www.patpro.net/

Cognitive Overhead

**shimmyshack** · Jun 20 '07, 05:25 PM

Re: Disable .php handler for a specific browser,

On Jun 20, 5:59 pm, patpro ~ Patrick Proniewski
<pat...@boleski ne.patpro.netwr ote:

In article <1182358276.836 460.256...@n60g 2000hse.googleg roups.com>,
>
shimmyshack <matt.fa...@gma il.comwrote:

<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module >
<IfModule authn_file_modu le>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"

>

<Directory "/path/to/your/files">
Dav On

>
../..
>
I think I would rather write <Location /webdavinstead of <Directory
"/path/to/your/files">, and embed a "AddType text/html .php" into
the <Locationbloc k.
>

you could use
RemoveHandler .php
and so on for other types.

And, by the way, in that context, i don't see the point of using a
"<LimitExce pt GET HEAD OPTIONS>" block to ask for authentication.
>

i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

patpro
>
--http://www.patpro.net/

**patpro ~ Patrick Proniewski** · Jun 20 '07, 10:25 PM

Re: Disable .php handler for a specific browser,

In article <1182359802.321 460.10040@o61g2 000hsh.googlegr oups.com>,
shimmyshack <matt.farey@gma il.comwrote:

And, by the way, in that context, i don't see the point of using a
"<LimitExce pt GET HEAD OPTIONS>" block to ask for authentication.

>
i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

if you want to protect your code, you need to activate the
authentication for every verb.

patpro

--

Cognitive Overhead

http://www.patpro.net/

Cognitive Overhead

**shimmyshack** · Jun 20 '07, 10:35 PM

Re: Disable .php handler for a specific browser,

On Jun 20, 11:17 pm, patpro ~ Patrick Proniewski
<pat...@boleski ne.patpro.netwr ote:

In article <1182359802.321 460.10...@o61g2 000hsh.googlegr oups.com>,
>
shimmyshack <matt.fa...@gma il.comwrote:

And, by the way, in that context, i don't see the point of using a
"<LimitExce pt GET HEAD OPTIONS>" block to ask for authentication.

>

i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

>
if you want to protect your code, you need to activate the
authentication for every verb.
>
patpro
>
--http://www.patpro.net/

thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
* PROPPATCH
* MKCOL
* DELETE
* PUT
* COPY
* MOVE
* LOCK
* UNLOCK

**patpro ~ Patrick Proniewski** · Jun 21 '07, 04:15 AM

Re: Disable .php handler for a specific browser,

In article <1182378316.629 675.293940@k79g 2000hse.googleg roups.com>,
shimmyshack <matt.farey@gma il.comwrote:

if you want to protect your code, you need to activate the
authentication for every verb.

>
thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND

....

WebDAV uses "GET" to retrieve files, so if Apache parses your code on
"GET", your WebDAV is useless as a mean to access and edit your code.

patpro

--

Cognitive Overhead

http://www.patpro.net/

Cognitive Overhead

Disable .php handler for a specific browser,

Disable .php handler for a specific browser,

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment