I just had a confusing problem: instead of interpreting PHP-scripts in our webserver’s userdir apache serves them for download!

It’s caused by an upgrade from lenny to squeeze and I spend a lot of ours with fixing.

This is really a serious problem, these sites aren’t able to read for those people/search engines etc. that are browsing and, more fatal, if clients are able to access the PHP code of our students/staff they might explore security issues or passwords stored in these PHP files, so first of all I disabled the public access to the webserver.

So what was the problem? When I recognized that phpMyAdmin and other not userdir related stuff still works fine, I searched for issues that differ for userdirs. At long last I took a look into the libapache2-mod-php5 config file located in /etc/apache2/mods-available/php5.conf :

<IfModule mod_php5.c>
    <FilesMatch "\\.ph(p3?|tml)$">
        SetHandler application/x-httpd-php
    <FilesMatch "\\.phps$">
        SetHandler application/x-httpd-php-source
    # To re-enable php in user directories comment the following lines
    # (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
    # prevents .htaccess files from disabling it.
    <IfModule mod_userdir.c>
        <Directory /home/*/public_html>
            php_admin_value engine Off

As you can see, PHP is disabled if the userdir module was enabled… Disgusting! Commenting these lines out switched PHP for users on. Very annoying!

Martin Scharm

stuff. just for the records.

Do you like this page?
You can actively support me!


apagr | Permalink |

had the same, seen this file, did not notice the obvious. Thanks, you made my day. :)

suds | Permalink |

This works. Thanks a bunch. Imagine this happen to a newbie. Almost made me switch to windows.

Leave a comment

There are multiple options to leave a comment: