Disable .php handler for a specific browser,

Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
..php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.


Laurent.

Re: Disable .php handler for a specific browser,

On Jun 20, 10:50 am, Laurent ARNAL wrote:
> Hi,
>
> I would like to know if there is a way to remove/disable .php handler
> when the request come from a specific Browser.
>
> I ask this because I use dreamweaver / webdav to edit my .php files.
> But when I try to open the .php file in dreamweaver, what I see if the
> result of the .php executions, not the .php source files.
>
> I know that you can create an Alias location "/dav", and disable the
> .php handler for this location. It's a solution, but not the best I
> think. It would be better if we can disable .php runtime where
> dreamweaver Get the files.
>
> Laurent.

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

Re: Disable .php handler for a specific browser,

On Jun 20, 10:50 am, Laurent ARNAL wrote:
> Hi,
>
> I would like to know if there is a way to remove/disable .php handler
> when the request come from a specific Browser.
>
> I ask this because I use dreamweaver / webdav to edit my .php files.
> But when I try to open the .php file in dreamweaver, what I see if the
> result of the .php executions, not the .php source files.
>
> I know that you can create an Alias location "/dav", and disable the
> .php handler for this location. It's a solution, but not the best I
> think. It would be better if we can disable .php runtime where
> dreamweaver Get the files.
>
> Laurent.

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your PHP code?

Re: Disable .php handler for a specific browser,

In article <1182351161.144092.102030@q69g2000hsb.googlegroups.com>,
ZeldorBlat wrote:

> On Jun 20, 10:50 am, Laurent ARNAL wrote:
> > Hi,
> >
> > I would like to know if there is a way to remove/disable .php handler
> > when the request come from a specific Browser.
> >
> > I ask this because I use dreamweaver / webdav to edit my .php files.
> > But when I try to open the .php file in dreamweaver, what I see if the
> > result of the .php executions, not the .php source files.
> >
> > I know that you can create an Alias location "/dav", and disable the
> > .php handler for this location. It's a solution, but not the best I
> > think. It would be better if we can disable .php runtime where
> > dreamweaver Get the files.
> >
> > Laurent.
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your PHP code?

sounds great ;)

What you should do is setup an https webdav repository in an apache
alias directory, and disable php parsing for this alias. This is the
only secure way to do what you want.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

In article <1182351161.144092.102030@q69g2000hsb.googlegroups.com>,
ZeldorBlat wrote:

> On Jun 20, 10:50 am, Laurent ARNAL wrote:
> > Hi,
> >
> > I would like to know if there is a way to remove/disable .php handler
> > when the request come from a specific Browser.
> >
> > I ask this because I use dreamweaver / webdav to edit my .php files.
> > But when I try to open the .php file in dreamweaver, what I see if the
> > result of the .php executions, not the .php source files.
> >
> > I know that you can create an Alias location "/dav", and disable the
> > .php handler for this location. It's a solution, but not the best I
> > think. It would be better if we can disable .php runtime where
> > dreamweaver Get the files.
> >
> > Laurent.
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your PHP code?

sounds great ;)

What you should do is setup an https webdav repository in an apache
alias directory, and disable php parsing for this alias. This is the
only secure way to do what you want.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

ZeldorBlat a écrit :
> On Jun 20, 10:50 am, Laurent ARNAL wrote:
>> Hi,
>>
>> I would like to know if there is a way to remove/disable .php handler
>> when the request come from a specific Browser.
>>
>> I ask this because I use dreamweaver / webdav to edit my .php files.
>> But when I try to open the .php file in dreamweaver, what I see if the
>> result of the .php executions, not the .php source files.
>>
>> I know that you can create an Alias location "/dav", and disable the
>> .php handler for this location. It's a solution, but not the best I
>> think. It would be better if we can disable .php runtime where
>> dreamweaver Get the files.
>>
>> Laurent.
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your PHP code?
>
Hum,

Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.


laurent.

Re: Disable .php handler for a specific browser,

ZeldorBlat a écrit :
> On Jun 20, 10:50 am, Laurent ARNAL wrote:
>> Hi,
>>
>> I would like to know if there is a way to remove/disable .php handler
>> when the request come from a specific Browser.
>>
>> I ask this because I use dreamweaver / webdav to edit my .php files.
>> But when I try to open the .php file in dreamweaver, what I see if the
>> result of the .php executions, not the .php source files.
>>
>> I know that you can create an Alias location "/dav", and disable the
>> .php handler for this location. It's a solution, but not the best I
>> think. It would be better if we can disable .php runtime where
>> dreamweaver Get the files.
>>
>> Laurent.
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your PHP code?
>
Hum,

Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.


laurent.

Re: Disable .php handler for a specific browser,

On Jun 20, 4:16 pm, Laurent ARNAL wrote:
> ZeldorBlat a =E9crit :
>
> > On Jun 20, 10:50 am, Laurent ARNAL wrote:
> >> Hi,
>
> >> I would like to know if there is a way to remove/disable .php handler
> >> when the request come from a specific Browser.
>
> >> I ask this because I use dreamweaver / webdav to edit my .php files.
> >> But when I try to open the .php file in dreamweaver, what I see if the
> >> result of the .php executions, not the .php source files.
>
> >> I know that you can create an Alias location "/dav", and disable the
> >> .php handler for this location. It's a solution, but not the best I
> >> think. It would be better if we can disable .php runtime where
> >> dreamweaver Get the files.
>
> >> Laurent.
>
> > So what would happen when I go to your website using Dreamweaver?
> > Should I be able to see all your PHP code?
>
> Hum,
>
> Good questions... !
> Perhaps also use some sort of control access, so it only disable the php
> runtime if I access with dreamweaver from the local network.
>
> laurent.

have you enabled the web_dav apache module?





DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"


Dav On
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
AuthName DAV-upload

# /path/to/htpasswd -b /path/to/htpasswd.webdav user
AuthType Basic
AuthUserFile "/path/to/htpasswd.webdav"


require valid-user


BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=3DOn

Re: Disable .php handler for a specific browser,

On Jun 20, 4:16 pm, Laurent ARNAL wrote:
> ZeldorBlat a =E9crit :
>
> > On Jun 20, 10:50 am, Laurent ARNAL wrote:
> >> Hi,
>
> >> I would like to know if there is a way to remove/disable .php handler
> >> when the request come from a specific Browser.
>
> >> I ask this because I use dreamweaver / webdav to edit my .php files.
> >> But when I try to open the .php file in dreamweaver, what I see if the
> >> result of the .php executions, not the .php source files.
>
> >> I know that you can create an Alias location "/dav", and disable the
> >> .php handler for this location. It's a solution, but not the best I
> >> think. It would be better if we can disable .php runtime where
> >> dreamweaver Get the files.
>
> >> Laurent.
>
> > So what would happen when I go to your website using Dreamweaver?
> > Should I be able to see all your PHP code?
>
> Hum,
>
> Good questions... !
> Perhaps also use some sort of control access, so it only disable the php
> runtime if I access with dreamweaver from the local network.
>
> laurent.

have you enabled the web_dav apache module?





DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"


Dav On
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
AuthName DAV-upload

# /path/to/htpasswd -b /path/to/htpasswd.webdav user
AuthType Basic
AuthUserFile "/path/to/htpasswd.webdav"


require valid-user


BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=3DOn

Re: Disable .php handler for a specific browser,

In article <1182358276.836460.256770@n60g2000hse.googlegroups.com>,
shimmyshack wrote:

>
>
>
>
> DavLockDB "/path/to/tmp/DavLock"
> Alias /webdav "/path/to/your/files"
>
>
> Dav On
.../..

I think I would rather write instead of "/path/to/your/files">, and embed a "AddType text/html .php" into
the block.

And, by the way, in that context, i don't see the point of using a
"" block to ask for authentication.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

In article <1182358276.836460.256770@n60g2000hse.googlegroups.com>,
shimmyshack wrote:

>
>
>
>
> DavLockDB "/path/to/tmp/DavLock"
> Alias /webdav "/path/to/your/files"
>
>
> Dav On
.../..

I think I would rather write instead of "/path/to/your/files">, and embed a "AddType text/html .php" into
the block.

And, by the way, in that context, i don't see the point of using a
"" block to ask for authentication.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

On Jun 20, 5:59 pm, patpro ~ Patrick Proniewski
wrote:
> In article <1182358276.836460.256...@n60g2000hse.googlegroups.com>,
>
> shimmyshack wrote:
> >
> >
> >
> >
> > DavLockDB "/path/to/tmp/DavLock"
> > Alias /webdav "/path/to/your/files"
>
> >
> > Dav On
>
> ../..
>
> I think I would rather write instead of > "/path/to/your/files">, and embed a "AddType text/html .php" into
> the block.
>
you could use
RemoveHandler .php
and so on for other types.

> And, by the way, in that context, i don't see the point of using a
> "" block to ask for authentication.
>

i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

> patpro
>
> --http://www.patpro.net/

Re: Disable .php handler for a specific browser,

On Jun 20, 5:59 pm, patpro ~ Patrick Proniewski
wrote:
> In article <1182358276.836460.256...@n60g2000hse.googlegroups.com>,
>
> shimmyshack wrote:
> >
> >
> >
> >
> > DavLockDB "/path/to/tmp/DavLock"
> > Alias /webdav "/path/to/your/files"
>
> >
> > Dav On
>
> ../..
>
> I think I would rather write instead of > "/path/to/your/files">, and embed a "AddType text/html .php" into
> the block.
>
you could use
RemoveHandler .php
and so on for other types.

> And, by the way, in that context, i don't see the point of using a
> "" block to ask for authentication.
>

i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

> patpro
>
> --http://www.patpro.net/

Re: Disable .php handler for a specific browser,

In article <1182359802.321460.10040@o61g2000hsh.googlegroups.com>,
shimmyshack wrote:

> > And, by the way, in that context, i don't see the point of using a
> > "" block to ask for authentication.
> >
>
> i think it's so that browsers can see the content without being asked
> for credentials, whereas any agent which tries to use other verbs will
> be required to authenticate. but explain your objection - I have been
> wrong before!!!

if you want to protect your code, you need to activate the
authentication for every verb.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

In article <1182359802.321460.10040@o61g2000hsh.googlegroups.com>,
shimmyshack wrote:

> > And, by the way, in that context, i don't see the point of using a
> > "" block to ask for authentication.
> >
>
> i think it's so that browsers can see the content without being asked
> for credentials, whereas any agent which tries to use other verbs will
> be required to authenticate. but explain your objection - I have been
> wrong before!!!

if you want to protect your code, you need to activate the
authentication for every verb.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

On Jun 20, 11:17 pm, patpro ~ Patrick Proniewski
wrote:
> In article <1182359802.321460.10...@o61g2000hsh.googlegroups.com>,
>
> shimmyshack wrote:
> > > And, by the way, in that context, i don't see the point of using a
> > > "" block to ask for authentication.
>
> > i think it's so that browsers can see the content without being asked
> > for credentials, whereas any agent which tries to use other verbs will
> > be required to authenticate. but explain your objection - I have been
> > wrong before!!!
>
> if you want to protect your code, you need to activate the
> authentication for every verb.
>
> patpro
>
> --http://www.patpro.net/

thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
* PROPPATCH
* MKCOL
* DELETE
* PUT
* COPY
* MOVE
* LOCK
* UNLOCK

Re: Disable .php handler for a specific browser,

On Jun 20, 11:17 pm, patpro ~ Patrick Proniewski
wrote:
> In article <1182359802.321460.10...@o61g2000hsh.googlegroups.com>,
>
> shimmyshack wrote:
> > > And, by the way, in that context, i don't see the point of using a
> > > "" block to ask for authentication.
>
> > i think it's so that browsers can see the content without being asked
> > for credentials, whereas any agent which tries to use other verbs will
> > be required to authenticate. but explain your objection - I have been
> > wrong before!!!
>
> if you want to protect your code, you need to activate the
> authentication for every verb.
>
> patpro
>
> --http://www.patpro.net/

thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
* PROPPATCH
* MKCOL
* DELETE
* PUT
* COPY
* MOVE
* LOCK
* UNLOCK

Re: Disable .php handler for a specific browser,

In article <1182378316.629675.293940@k79g2000hse.googlegroups.com>,
shimmyshack wrote:

> > if you want to protect your code, you need to activate the
> > authentication for every verb.

>
> thats not the case, since for GET HEAD ther server parses and doesnt
> realease code. Wheras for the common webdav verbs this is not the
> case:
> * PROPFIND
....

WebDAV uses "GET" to retrieve files, so if Apache parses your code on
"GET", your WebDAV is useless as a mean to access and edit your code.

patpro

--
http://www.patpro.net/

Re: Disable .php handler for a specific browser,

In article <1182378316.629675.293940@k79g2000hse.googlegroups.com>,
shimmyshack wrote:

> > if you want to protect your code, you need to activate the
> > authentication for every verb.

>
> thats not the case, since for GET HEAD ther server parses and doesnt
> realease code. Wheras for the common webdav verbs this is not the
> case:
> * PROPFIND
....

WebDAV uses "GET" to retrieve files, so if Apache parses your code on
"GET", your WebDAV is useless as a mean to access and edit your code.

patpro

--
http://www.patpro.net/