Why does Apache execute php file on calling file without extension

Today I found a strange thing on my server. I created a php file (test.php) and wrote some php codes inside it. then I call it using

http://127.0.0.1/test

and the "test.php" executed ! How does it understand to run test.php when there is no .php ? there is no htaccess file on my root directory to tell the apache do that. I guess it may causes security problem. How can I prevent it ?

My OS is ubuntu and the web server is Apache2.

Answers


This happens because of MultiViews (it's enabled somewhere in the "Options" for that directory).

Have a look here: http://httpd.apache.org/docs/current/content-negotiation.html#negotiation for details on how it works.


Check your apache config (/etc/apache2/sites-available/[site_name or default]), it probably contains mod_rewrite instructions, for example:

RewriteEngine on
RewriteBase /
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule ^(([^/]+/)*[^.]+)$ /$1.php [L]

If you comment them out with # and restart apache, accessing /test without specifying extension should no longer work.


Need Your Help

Ionic Js - Error after update Node to 4.1.1 (Windows)

javascript node.js ionic-framework ionic

I've just updated Node to 4.1.1 version, now i get this error with Gulp:

Polymorphism in action

java polymorphism

I have encountered some code in Java that I am not able to comprehend. It uses polymorphism in java.