7. Nov. 2008

Working with LAMP (Linux, Apache, MySQL and PHP) Applications we sooner or later do run into the need to change our actual runtime environment for it. Mostly based on specific PHP settings an application does need to be able to run first, we have to specify, change or increase PHP default settings, but do feel somewhat handicapped within a shared hosting environment. Usually Admins there do not allow everybody allow to modify or hack their central configuration files on the server.

But also for this situation clever developers have thought about a trick to help their community to overcome such hassle.

As a matter of fact it is possible to change PHP configuration settings within .htaccess very easily for everyone.

For example it is possible to

Prevent Global Variable Injection Attacks with:

    • php_flag register_globals off

    Prevent Cross Site Scripting (XSS) Attacks with:

      • php_flag allow_url_fopen off

      Prevent Code Injection Attacks with:

        • php_flag magic_quotes_gpc on

        To do so

        1. Open the .htaccess file located in your site’s home directory, or if you don’t have one, create a blank one now.

        2. Add any of the following code samples to your .htaccess file, each on it’s own line.

        5. Nov. 2008

        With  AllowOverride set to ALL, Web Administrators and Hosting Provider do gives their customers a powerfull to customize Apache fitting to all their personal needs.

        Running with this setting, Apache is looking for individual settings specified within a file .htaccess on a per directory basis. This means every folder below our webroot can have individual and different settings for sure.

        Mostly this feature is used to enable and enforce access restrictions, but also can be used to build up static multilingual websites as well. Doing so we have to enable need to enable MultiViews within .htaccess file.

        A basic example of such a .htaccess file would be:

        Options +MultiViews
        AddLanguage de de
        AddLanguage en en
        LanguagePriority de en

        Having MultiViews enabled we can add special language extensions to the filename (e.q. index.html.en), helping Apache to identified the correct file containing content in the language requested by the client. So a webbrowser requesting pages in German language and asking an Apache (runing on English language) for a page index.html would automatically get served with a page index.html.de while index.html.en or index.html would be the automatic fallback in case this German page would not be present.

        So the basic idea is just to double your webpages having one specific page in every needed language defined by it’s language specific filename extention.

        « previous