To begin with, sorry if now you ask , unclear because of my poor understanding.
I am interested to understand how apache calls the right engine/invoker for everyone a request. Suppose, user demands a
http://somesite.com/someurl.php - just how apache determines that it must launch the PHP interpreter? Does apache determines so in line with the file extention/MIME type or other things?
Things I know is: I'm able to configure apache to invoke certain interpreters according to file's extension, by something similar to:
AddHandler cgi-script .cgi .py # Tells apache to treat .cgi & .py files to treat as cgi scripts
Why I am worried about it? Lately, I found know from the question ( PHP file upload: mime or extention based varification? ) when some user uploads personal files with wrong MIME type (i.e
image/jpeg) however with an extention
.php the file could possibly get performed (presuming it's got execution permission) and malicious php code incorporated using the EXIF meta-data can perform dangerous things.
It is dependent positioned on the way the server is set up. Automatically, Apache always uses the default handler which simply serves this content from the file. However, you are able to change that while using
SetHandler directive. This directive can be put literally any place in the configuration, including
<Location> blocks, which makes it easy to set the handler in line with the filesystem path, URL prefix, or virtually every other variable Apache can access.
It's particularly common to create the handler in line with the filename extension, though, so Apache offers the
AddHandler directive like a shortcut for doing this.
For additional particulars, take a look at the handler documentation.
P.S. For which it's worth, filesystems normally don't store MIME type data, so Apache normally needs to guess in the MIME kind of personal files by analyzing the extension.