2

The following works fine for allowing PHP to be executed on two XML files:

<FilesMatch ^(opensearch|sitemap)\.xml$>
AddHandler application/x-httpd-php5 .xml
</FilesMatch>

However unfortunately this rule would allow this to happen in any child directory as well.

  • /opensearch.xml, working/desired match
  • /henchman24/opensearch.xml, working/NOT desired match

How do we force Apache to only match the files in the current directory and not child directories?

I'd really like to:

  • Avoid adding a child .htaccess file in every possible child directory.
  • Avoid using an absolute server path.
John
  • 1
  • 13
  • 98
  • 177
  • 1
    You could try changing the regular expression in FilesMatch to only match the root directory: https://stackoverflow.com/questions/4899419/regular-expression-to-match-resources-only-contained-at-root – Katie Apr 13 '20 at 12:36

2 Answers2

1

If directive can be used to provide a condition for the handler to be added only for files matching the pattern in the current folder.

The following example will add the handler for only files in the document root, such as /sitemap.xml and /opensearch.xml but not for /folder/sitemap.xml and /folder/opensearch.xml

<FilesMatch ^(opensearch|sitemap)\.xml$>
<If "%{REQUEST_URI} =~ m#^\/(opensearch|sitemap)\.xml$#">
  AddHandler application/x-httpd-php .xml
</If>
</FilesMatch>

In the above example, the condition is checking that the REQUEST_URI matches the regex pattern delimited in m# #. The ~= comparison operator checks that a string match a regular expression.

The pattern ^\/(opensearch|sitemap)\.xml$ matches REQUEST_URI variable (the path component of the requested URI) such as /opensearch.xml or /sitemap.xml

^                      # startwith
\/                     # escaped forward-slash
(opensearch|sitemap)   # "opensearch" or "sitemap"
\.                     # .
xml                    # xml
$                      # endwith
Oluwafemi Sule
  • 36,144
  • 1
  • 56
  • 81
  • Interesting though it corrupted the `.htaccess` file and I had to remove it and I'm not sure what is wrong with the `Directory` bit? – John Apr 10 '20 at 20:08
  • Maybe this would work in Apache 2.2? I'm using *Apache 2.4*. I am aware that there are *some* changes in how the syntax works. *I should have clarified* the Apache version from the start, my apologies. – John Apr 12 '20 at 10:04
  • @covener. The pattern used in this sample is based on the shared configuration in the OP's question. If one has to match particular directories, one needs be explicit about that in the pattern – Oluwafemi Sule Apr 13 '20 at 09:05
  • @John The `Directory` directive is not supported in context of an .htaccess file. Have you considered using `If` directive to limit setting the handler on the folder containing the .htaccess file? – Oluwafemi Sule Apr 13 '20 at 09:50
  • It worked! Accepted and up-voted. I tested another copy of the same file in a different directory. Could you please clarify what the `If` condition is doing *specifically*? – John Apr 13 '20 at 15:03
  • Coolio. I have edited the answer to explain what the `If` condition is doing. – Oluwafemi Sule Apr 13 '20 at 15:41
  • Deleted my earlier comment since the answer changed drastically – covener Apr 13 '20 at 23:38
0

Have you tried H= in a RewriteRule?

RewriteEngine On
RewriteRule ^(opensearch|sitemap)\.xml$ . [H=application/x-httpd-php5]

Rewrite in htaccess has the built-in property that those filenames in any subdir will have the subdir present in the string the regex tests against so the anchored regex will not match in subdirs.

covener
  • 17,402
  • 2
  • 31
  • 45
  • Unfortunately this is not the point where we can implement suPHP. It might be a year or two though eventually I may find that this is the correct answer. Since it can't be tested I unfortunately can't at least up-vote it, yet. – John Apr 12 '20 at 10:38
  • I have no idea what the answer has to do with suPHP unless your objective was also implicitly about suPHP. – covener Apr 12 '20 at 11:51
  • "Not Supported" was an Apache error message that appeared after using this rule. Upon further investigation it appeared that this had something to do with PHP (cgi versus suPHP). I'm not sure why though, not my area of expertise. – John Apr 12 '20 at 13:46