What are the security / performance concerns when we set the Apache web server to configure Apache to deal with all HTML as PHP? I had been particularly mentioning to:
AddType application/x-httpd-php .php .php3 .php4 .html
I had been in times where I desired to include some PHP logic into some HTML files ideally, I did not need to alter the filename e.g.
page.php (to help keep the page ranking, etc. for
This relates to the next question: httpd AddType directive
Edits: In the existing solutions / comments below, it appears such as the community indicates either to use redirects or only target specific HTML files. The constraint is that i'm redecorating a current site (400+ HTML pages all of them uses some kind of Dreamweaver template that pulls within the header and footer from different files). I had been wishing to totally be put off by Dreamweaver transfer to something non-proprietary. So, I'm lower with two options:
- Use Server Side Includes (SSI) to pull in the header and footer. This can result in most my HTML files to become decorated with SSI.
- Sprinkle some PHP snippet to incorporate the header and footer. With this choice, I have to make certain the file title stays unchanged.
I disagree with Tuga. I do not think you need to get this to change for your files. When you cope with security, gradually alter control the atmosphere. Doing the work just for one file is most likely the most secure. You could do this something similar to
<FilesMatch "^file_name\.html$"> AddType application/x-httpd-php .html </FilesMatch>
This can only match
file_name.html and process it as being
.php where it's much safer to get this done than treat ALL
.html files as php.
The greater files the server determines it must go through the PHP interpreter, the greater overhead involved, however i think this is obvious. In case your site doesn't have any pages with plain HTML, then you are already having to pay all of the performance penalties you could possibly pay - adding HTML towards the list isn't any different within this situation than renaming all of the files to possess a .php extension.
The actual performance penalty will come should you do have plain HTML pages - the server will needlessly pass these pages to PHP for interpretation when none is essential. But even so, it is not dramatic - the PHP interpreter will not be required for individuals HTML pages, therefore it will not do anything whatsoever apart from identifying it does not have to do anything. It has an expense, however it is not significant.
Now, if we are speaking high-volume here, every bit of performance matters which wouldn't be a practicable solution. For low- to mid-volume sites, however, the performance penalty could be nill.
If this sounds like a 1-time change and you will find a restricted quantity of files which are affected, it might be more conservative to utilize a
<FilesMatch "^(file_one|file_two|file_three)\.html$"> AddType application/x-httpd-php .html </FilesMatch>