Hiding PHP file extension
- Tuesday, January 1, 2008, 15:01
- htaccess, php
- 31 comments
Do you want to hide your web site’s server script identity ? If you don’t want to reveal the programming language ( server side script ) of your website to visitors of website so that any hacker or spammer will not be able to intrude or inject any code in your website.
Here is a small technique for you, you can use .html or .asp file to work as a php file i.e. use .asp or .html extension instead of .php. You just need to create a .htaccess file and put the following code in the .htaccess file. Remember that the .htaccess file should be placed in the root folder of your website.
# Make PHP code look like asp or perl code
AddType application/x-httpd-php .asp .pl
if you place the the above code in the .htaccess file then you can use contact.asp as the name of the file. Now a visitor thought that it is a ASP file but this file contains the codes of PHP.
You can put the following code in .htaccess file to work .htm or .html file as PHP file.
3M0-600 certification exams are very important for IT professional for getting more updated skills. 4H0-028, Hyperion Certified Professional – System 9 Planning 4.1 exams are very significant exams for becoming more professionals in the field of technology. 50-686, certification exams are very assistive to give full training to IT professionals. 640-802 is also known as CCNA, very significant exams for Cisco networking administrators. 640-863 certification exams provide very exact solutions of Cisco networking in the most effective manner. 3Com Certified IP Telephony NBX Expert Final Exam V3.0 is also known as 3M0-701 which provides authentic knowledge for operating IP telephony networks. 310-203, Sun Certified System Administrator for the Solaris 10 Operating System is designed to improve the professional talents of the individuals for operating system efficiently.# Make all PHP code look like HTML
AddType application/x-httpd-php .htm .html
Popularity: 26% [?]
Related Posts
» Hide .php extension with url rewriting using .htaccess
» Getting filename and extension in PHP using explode() ,basename() and pathinfo()
» Custom Error Page with .htaccess
» Useful flash Components for your website
31 Comments on “Hiding PHP file extension”
Trackbacks
- Hiding PHP file extension- make .html or .asp extension of php file
- Wscoop
- Hide .php extension with url rewriting using .htaccess
- Top php-Ajax Resource» Blog Archive » Hide .php extension with url rewriting using .htaccess
Loading ...
Thanks for sharing this technique. I kinda feel like a traitor for not standing up and defending PHP and open source constantly, but yes, there are some business people that still think traditional open source web sites (.php, perl, python), are somehow inferior to .aspx, .cfm and even .jsp sites. (I’m not talking here about [overtly] deceiving the client, or telling them they have a ASP.NET site when its a PHP site. However, if one of these (IMHO) “stuck up”, opinionated, and money wasting customers want to believe that a site is .aspx (when it’s really .php), then he has really deceived himself.
Thanks for sharing this technique. I’ll try not to abuse it.
nice trick, I heard about this a while ago…but I like your presentation (simple)
“If you don’t want to reveal the programming language ( server side script ) of your website to visitors of website so that any hacker or spammer will not be able to intrude or inject any code in your website.”
Obscurity is *not* a security measure; just making it not immediately obvious what language you’re coding in server-side doesn’t prevent any sort of code injection. Code injection is prevented by cleaning user input before passing it to functions like eval() whch can execute arbitrary code.
A nice technique worth sharing – but IMHO rather than making one extension behave like another it’s better to use mod_rewrite or an equivalent. Then you can have e.g. http://www.example.com/show_users map to file /show_users.php
I think it looks a lot cleaner to come up with a nice mod rewrite system that completely removes file extensions and interprets the query string. looks a lot neater.
Rob and Jasper i agree with you that with mod_rewrite you can do it in a better way and if your good in regular expression then that is the best way, but it’s a bit tedious for the beginners to write the regular expression in .htaccess.
You may be hiding the extension, but you’re still sending out “X-Powered-By: PHP/4.4.6″ in the headers.
I had problems getting “AddType” to work on a netnation hosted site. Turns out using “AddHandler” did the trick: http://fishdujour.typepad.com/blog/2007/08/htaccess-settin.html
A better way is to show no extension at all, you can do that with this line:
Options +MultiViews
That’ll make any file type (like .html, .jpg, etc) visible without a file extension too. And it’ll make it easier if you decide later on to switch scripting languages, say to Ruby or Java
yes Leslie you can hide the extension with Options +MultiViews but you cannot the change its extension like .asp or .html with that.
in response to Aidan Samuel:
you can change the X-Powered-By with a couple tweaks to your php.ini and apache configurations.
the best use (in my opinion of hiding php), is to make a director where i will generate CSS or Javascript, and have an .htaccess with: “AddType application/x-httpd-php .css” in it. it can also be used to generate graphs or captchta images. i can then transparently generate javascript or css on-the-fly.
Hello webmaster…Thanks for the nice read, keep up the interesting posts..what a nice Wednesday . Michelle Marsh
Hello webmaster Thanks. It is very infortant topic that u have given the following. it is a useful topic.
I gather always different opinions about web 2.0 and how to market with the different mindset of the \”new\” Internet. Will social interaction and networking really make the web different? Thanks for your thoughts on this!
Good observers will cherish this research respecting meanwhile many folks done remarked that the text is exceptional! I appreciate all the info you gave.
Hi…Thanks for the nice read, keep up the interesting posts..what a nice Friday
Thanks for sharing
How to hide the script of GET. like index.php?id=share
well you can user POST or SESSION variable if you want to hide the GET variables and even you can use apache’s mod_rewrite module for rewriting the url.So there are lots of option according to your need
Hi,
I have written a script that basicly creates an image for use in forum signatures, which dynamically updates with stats from database every time it is called, the image works fine and everything, my problem is that the image has an extension of .php and some forums will only allow .jpg or .gif as a file extension in signatures, is there any way I can get apache and php to read just this one file as a php script if I change it to .jpg extension, I have tried the method above using .htaccess, it doesn’t seem to work.
hi,
i used your code but this is not working in my ssh server.could you tell me the best option so that i can see my php page like asp or pearl or html.
thank
Is .htaccess overriding is allowed in your server.I think .htaccess is not making effect please consult with your server administrator , I don’t think there is problem in the code
Thanks….:)
Please don’t do it this way
Under Apache 2 just enable:
Options +MultiViews
And then in your code use -
htto://domain.tld/some_uri
On the server some_uri will evaluate to some_uri.html, some_uri.cgi, some_uri.pl, or some_uri.php — however this appraoch forces web designers to be much more accurate their web resource declarations and layouts because you can only have some_uri evaluate to 1 thing otherwise the server displays mutiple matches which can lead to a security leak … maybe enforcing good web design skills is a good thing long term.
-Sx-
hello i have problem in setting htaccess file.
my root folder is html2
how can i set this i have home page index.php
can i convert it to index.asp ?
thanks! nice mod, nice presentation.
we have a client that is migrating ecommerce systems – their current ecommerce system is heavily indexed in the search engines with landing pages containg the asp extension. the newly designed and developed site will have php extensions, so to keep those pages’ performance up, we’ll rewrite the php extension to asp.
I’m goign to sound like an idiot, but is .htaccess the name of the file or the file extension?
well it seems that you are not familiar with the file system of the linux and unix so you’re asking this question. .htaccess is the name of the file dude…