httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael B Allen <>
Subject Re: [users@httpd] Invoking PHP without .php extension?
Date Thu, 07 Jul 2011 23:54:32 GMT
On Thu, Jul 7, 2011 at 7:02 PM, Devraj Mukherjee <> wrote:
> Hi,
> If your Rewrite rule reads something like this
> RewriteRule ^api/(.*) api-gateway.php   [L]
> Then basically you can extract the last few bit using regular
> expression in our case
> $urlParts = null;
> preg_match('/api\/([^\/]+)\/([0-9]+)*/', $_SERVER['REQUEST_URI'], $urlParts);
> $handlerName = count($urlParts) > 1 ? $urlParts[1] : null;
> $identifier = count($urlParts) > 2 ? $urlParts[2] : null;
> I would strongly suggest that you use Rewrite rules to achieve this.
> Allowing arbitary patterns to use the PHP parser could be an issue
> from a security standpoint.

So asking the admin to mod_rewrite the .php script into the URI and
then having the developer to reverse the rewrite rule within the
script is more secure? I don't think so.

This is a wreck and I must say I don't think it has much to do with
PHP. It has to do with the CGI model which is all but dead.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message