As i understand when the server (e.g. Apache) receives a request it looks for file name extension to find associated mime-type. Then it looks for the handler handling this mine-type (i'm stating it based off adding PHP support to Apache). And here are my questions:
- Is the above statement correct?
- If so when there is no handler for given mime-type does it mean the default behavior - that is just send a file to the client?
- If there is even no explicit extension - mime-type association defined (e.g.
.html) the default action again is just send a file to the client? - According to some sources to add PHP support to Apache we have to use
addTypedirective:AddType application/x-httpd-php .phpwhile others say to useaddHandlerdirective:AddHandler application/x-httpd-php .phpwhich in my opinion is the only correct becouseaddTypeshould be used only for static documents. So why theaddTypeversion is still correct? - I found somewhere such a lines:
AddType text/html .php .phps
AddHandler application/x-httpd-php .php
AddHandler application/x-httpd-php-source .phps
Does it mean that AddType directive will be used if the server can't find the handler for application/x-httpd-php mime-type and the action would be just to send .php source file to the client with text/html mime-type in response?
21 Answer
- Yes and no. There is always a type and a handler. If you look at the documentation for handlers it states:
Generally, files have implicit handlers, based on the file type. Normally, all files are simply served by the server, but certain file types are "handled" separately.
As such it's likely that you can configure handlers separately from the type. As in my original answer it looks like it's what the PHP INSTALL file suggests by now.
If you look at the link above it would be the default handler that is called which probably just sends the file as it is the most common use for a web server.
I don't understand what you mean by that. If a file has an extension but that extension has no mime type associated the default mime type is used. If you look at the post How can I make all unrecognized file types as binary in Apache2? the default mime type should be text/plain as per documentation about the core module.
/ Original answer: If you're looking for a source on how to add PHP support to Apache why not just consult the INSTALL file included with the PHP download?
According to it for Apache 2.x with PHP 5.6.25 you'd use SetHandler.
Now if you look at your example:
AddType text/html .php .phps
AddHandler application/x-httpd-php .php
AddHandler application/x-httpd-php-source .phps
You're correct that according to the Apache documentation of AddType it should be used for static files. Using AddHandler on the other hand might pose a security risk. At least it's not recommended by the INSTALL file from PHP and it specifically mentions that a pure AddType might lead to file being executed that are not actually really PHP files. From the INSTALL file point 8 for Apache 2.x:
Tell Apache to parse certain extensions as PHP. For example, let's have Apache parse .php files as PHP. Instead of only using the Apache AddType directive, we want to avoid potentially dangerous uploads and created files such as exploit.php.jpg from being executed as PHP. Using this example, you could have any extension(s) parse as PHP by simply adding them. We'll add .php to demonstrate.
<FilesMatch \.php$> SetHandler application/x-httpd-php </FilesMatch>
If you look at the documentation about AddHandler / SetHandler it becomes clear that AddHandler and SetHandler would serve slightly different purposes and that the suggestion from the INSTALL file would "encourage" you to send your own headers as the internal, core handler for php files would change.
- No, it means the default mime type that is send to the client would be text/html as it is pretty likely that php files generate html output.