Hi,

I would like to know if there is a way to remove/disable .php handler
when the request come from a specific Browser.

I ask this because I use dreamweaver / webdav to edit my .php files.
But when I try to open the .php file in dreamweaver, what I see if the
result of the .php executions, not the .php source files.

I know that you can create an Alias location "/dav", and disable the
.php handler for this location. It's a solution, but not the best I
think. It would be better if we can disable .php runtime where
dreamweaver Get the files.


Laurent.

[ Post a follow-up to this message ]

On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.net> wrote:
>      Hi,
>
> I would like to know if there is a way to remove/disable .php handler
> when the request come from a specific Browser.
>
> I ask this because I use dreamweaver / webdav to edit my .php files.
> But when I try to open the .php file in dreamweaver, what I see if the
> result of the .php executions, not the .php source files.
>
> I know that you can create an Alias location "/dav", and disable the
> .php handler for this location. It's a solution, but not the best I
> think. It would be better if we can disable .php runtime where
> dreamweaver Get the files.
>
>         Laurent.

So what would happen when I go to your website using Dreamweaver?
Should I be able to see all your php code?

[ Post a follow-up to this message ]

In article <1182351161.144092.102030@q69g2000hsb.googlegroups.com>,
ZeldorBlat <zeldorblat@gmail.com> wrote:

> On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.net> wrote: 
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your php code?

sounds great ;)

What you should do is setup an https webdav repository in an apache
alias directory, and disable php parsing for this alias. This is the
only secure way to do what you want.

patpro

--
http://www.patpro.net/

[ Post a follow-up to this message ]

ZeldorBlat a écrit :
> On Jun 20, 10:50 am, Laurent ARNAL <laur...@clae.net> wrote: 
>
> So what would happen when I go to your website using Dreamweaver?
> Should I be able to see all your php code?
>
Hum,

Good questions... !
Perhaps also use some sort of control access, so it only disable the php
runtime if I access with dreamweaver from the local network.


laurent.

[ Post a follow-up to this message ]

On Jun 20, 4:16 pm, Laurent ARNAL <laur...@clae.net> wrote:
> ZeldorBlat a =E9crit :
> 
> 
> 
> 
> 
> 
>
> Hum,
>
> Good questions... !
> Perhaps also use some sort of control access, so it only disable the php
>   runtime if I access with dreamweaver from the local network.
>
>         laurent.

have you enabled the web_dav apache module?

<IfModule dav_module>
<IfModule dav_fs_module>
<IfModule setenvif_module>
<IfModule authn_file_module>
DavLockDB "/path/to/tmp/DavLock"
Alias /webdav "/path/to/your/files"

<Directory "/path/to/your/files">
Dav On
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
AuthName DAV-upload

# /path/to/htpasswd -b /path/to/htpasswd.webdav user
AuthType Basic
AuthUserFile "/path/to/htpasswd.webdav"

<LimitExcept GET HEAD OPTIONS>
require valid-user
</LimitExcept>
</Directory>
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
BrowserMatch "MSIE" AuthDigestEnableQueryStringHack=3DOn
</IfModule>
</IfModule>
</IfModule>
</IfModule>

[ Post a follow-up to this message ]

In article <1182358276.836460.256770@n60g2000hse.googlegroups.com>,
shimmyshack <matt.farey@gmail.com> wrote:

> <IfModule dav_module>
> <IfModule dav_fs_module>
> <IfModule setenvif_module>
> <IfModule authn_file_module>
>  DavLockDB "/path/to/tmp/DavLock"
>  Alias /webdav "/path/to/your/files"
>
>  <Directory "/path/to/your/files">
>     Dav On
../..

I think I would rather write <Location /webdav> instead of <Directory
"/path/to/your/files">, and embed a "AddType       text/html .php" into
the <Location> block.

And, by the way, in that context, i don't see the point of using a
"<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.

patpro

--
http://www.patpro.net/

[ Post a follow-up to this message ]

On Jun 20, 5:59 pm, patpro ~ Patrick Proniewski
<pat...@boleskine.patpro.net> wrote:
> In article <1182358276.836460.256...@n60g2000hse.googlegroups.com>,
>
>  shimmyshack <matt.fa...@gmail.com> wrote: 
> 
>
> ../..
>
> I think I would rather write <Location /webdav> instead of <Directory
> "/path/to/your/files">, and embed a "AddType       text/html .php" into
> the <Location> block.
>
you could use
RemoveHandler .php
and so on for other types.

> And, by the way, in that context, i don't see the point of using a
> "<LimitExcept GET HEAD OPTIONS>" block to ask for authentication.
>

i think it's so that browsers can see the content without being asked
for credentials, whereas any agent which tries to use other verbs will
be required to authenticate. but explain your objection - I have been
wrong before!!!

> patpro
>
> --http://www.patpro.net/

[ Post a follow-up to this message ]

In article <1182359802.321460.10040@o61g2000hsh.googlegroups.com>,
shimmyshack <matt.farey@gmail.com> wrote:
 
>
> i think it's so that browsers can see the content without being asked
> for credentials, whereas any agent which tries to use other verbs will
> be required to authenticate. but explain your objection - I have been
> wrong before!!!

if you want to protect your code, you need to activate the
authentication for every verb.

patpro

--
http://www.patpro.net/

[ Post a follow-up to this message ]

On Jun 20, 11:17 pm, patpro ~ Patrick Proniewski
<pat...@boleskine.patpro.net> wrote:
> In article <1182359802.321460.10...@o61g2000hsh.googlegroups.com>,
>
>  shimmyshack <matt.fa...@gmail.com> wrote: 
> 
>
> if you want to protect your code, you need to activate the
> authentication for every verb.
>
> patpro
>
> --http://www.patpro.net/

thats not the case, since for GET HEAD ther server parses and doesnt
realease code. Wheras for the common webdav verbs this is not the
case:
* PROPFIND
* PROPPATCH
* MKCOL
* DELETE
* PUT
* COPY
* MOVE
* LOCK
* UNLOCK

[ Post a follow-up to this message ]

In article <1182378316.629675.293940@k79g2000hse.googlegroups.com>,
shimmyshack <matt.farey@gmail.com> wrote:
 
[vbcol=seagreen]
>
> thats not the case, since for GET HEAD ther server parses and doesnt
> realease code. Wheras for the common webdav verbs this is not the
> case:
>     * PROPFIND
...

WebDAV uses "GET" to retrieve files, so if Apache parses your code on
"GET", your WebDAV is useless as a mean to access and edit your code.

patpro

--
http://www.patpro.net/

[ Post a follow-up to this message ]