如何阿帕奇来电/调用相应的处理程序/间preTER? [英] How apache calls/invokes the appropriate handler/interpreter?
问题描述
的首先,对不起,如果这个问题不清楚,由于我的知识贫乏。的
我想知道的 Apache如何调用相应的发动机/调用服务的请求即可。假设,用户请求 http://somesite.com/someurl.php - 阿帕奇现在该怎么确定它需要启动PHP间preTER?阿帕奇是否决定了这样的基础上在文件扩展名/ MIME类型或别的什么吗?
I'm interested to know how apache calls the appropriate engine/invoker to serve a request. Suppose, user requests a http://somesite.com/someurl.php - now how apache determines that it needs to launch the PHP interpreter? Does apache determines so based on the file extention/MIME type or anything else?
我所知道的是:我可以配置Apache调用基于文件的扩展名某些间preters,通过这样的:
What I know is: I can configure apache to invoke certain interpreters based on file's extension, by something like:
AddHandler cgi-script .cgi .py
# Tells apache to treat .cgi & .py files to treat as cgi scripts
为什么我不担心吗?最近,我从我的问题就知道( PHP文件上传:MIME或基于延伸varification ?),如果某个用户上传用错误的MIME类型的文件(即图像/ JPEG ),但与延伸的.php 该文件可以被执行(假设它已得到执行权限),并包含在EXIF元数据可以做有害的东西恶意PHP code。
Why I'm concerned about it? Recently, I came to know from my question ( PHP file upload: mime or extention based varification? ) that if some user uploads a file with wrong MIME type (i.e image/jpeg) but with an extention .php the file can get executed (assuming it has got execution permission) and malicious php code included with the EXIF meta-data can do harmful things.
推荐答案
这完全取决于服务器的配置方式。默认情况下,阿帕奇总是使用简单地提供文件的内容的默认处理程序。但是,您可以更改使用 SetHandler 指令。这个指令可以从字面上放在任何地方的配置,包括<文件> 或<目录> 或<地点> 块,从而可以基于文件系统路径上设置处理程序,URL preFIX,或pretty以外的其他变量Apache可以访问
It depends entirely on how the server is configured. By default, Apache always uses the default handler which simply serves the content of the file. However, you can change that using the SetHandler directive. This directive can be placed literally anywhere in the configuration, including <Files> or <Directory> or <Location> blocks, making it possible to set the handler based on the filesystem path, URL prefix, or pretty much any other variable Apache can access.
这是特别的通用的基于文件扩展名来设置处理,虽然如此,Apache提供了的AddHandler 指令,因为做一个快捷方式左右。
It is particularly common to set the handler based on the filename extension, though, so Apache provides the AddHandler directive as a shortcut for doing so.
有关详细信息,看一看处理程序文档。
For more details, have a look at the handler documentation.
P.S。对于它的价值,通常的文件系统不存储MIME类型的数据,以便Apache通常具有通过检查扩展的MIME类型的文件的猜想。
P.S. For what it's worth, filesystems normally don't store MIME type data, so Apache normally has to guess at the MIME type of a file by examining the extension.
这篇关于如何阿帕奇来电/调用相应的处理程序/间preTER?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
