what does .htaccess with line AddHandler php5-script .php do?

Question

I am with new web host. The public_html folder of each domain I create is auto generated with an .htaccess that has the following line:

AddHandler php5-script .php

What is this for?

Answer 1

This just instructs PHP to handle files ending in .php by passing them to the PHP5 interpreter. Without this configuration in place, the web server may serve the files to the end-user's web browser as raw PHP code, rather than executing the code. That raises the dangerous possibility of exposing database login credentials or, or other secrets.

Using the same mechanism, you could configure the web server to parse files with other extensions besides .php as PHP scripts and hand them to the PHP interpreter. This is occasionally done to mask PHP scripts by naming them with .html extensions, for example.

# Interpret both .php & .html as PHP:
AddHandler php5-script .php .html

Answer 2

It tells php to handle any file with .php in the filename, even if it's not at the end. A file named smile.php.gif will be interpereted as a php file, which is bad if you are going to be using an upload script. This is because Apache allows multiple extensions in any order, so gif.php.jpg is the same as gif.jpg.php. I have heard the best way to select the handler is with FilesMatch. Of course if your web host has this in their httpd.conf you would have to 'remove' it using your htaccess before using the FilesMatch if you don't have access to httpd.conf.

Answer 3

The answer is that the htaccess tells the webserver to handle the php as php5-script and execute it.

Regarding the first answer, you will achieve your goal but it is a really bad practice and you should not allow html files to be executed as php due to huge security concerns.