Solved

Using filesMatch for multiple file types with auto_append_file

Posted on 2004-07-30
6
566 Views
Last Modified: 2010-03-04
I currently use the following in my .htaccess file to log visits to html files in a given directory.

               <FilesMatch "\.(html?)$">
               php_value auto_append_file "/usr/home/myspace/WWW/html/count.php"
               </FilesMatch>

I want it to log ALL files except .css files.

This includs (but is not limited to):
          .jpg
          .gif
          .png
          .html
          .htm
          .php

Can I have it log all files EXCEPT ones that end with .css?

If not, do I have to list all posible extentions out right?

Thanks!
0
Comment
Question by:hankknight
6 Comments
 
LVL 18

Expert Comment

by:CrYpTiC_MauleR
ID: 11683565
<FilesMatch "\.([^c][^s][^s][a-z0-9]+?)$">

you can try this...
0
 
LVL 16

Author Comment

by:hankknight
ID: 11687680
Thanks!  This is still not working for my .png, .gif and .jpg files.  

Any ideas why?
0
 
LVL 18

Accepted Solution

by:
CrYpTiC_MauleR earned 500 total points
ID: 11688482
Are the images coming up? I have never tried including a file into an image, seeing that it might corrupt the image file and make it not display.

Try this slight variation....

 <FilesMatch "\.([^c][^s][^s][a-z0-9]?)$">

Should allow any 3-4 character extension and not allow .css


Also do this...

<Files ~ "\.([^c][^s][^s][a-z0-9]?)$">
ForceType application/x-httpd-php
</Files>


So it allows the PHP engine to parse any file except .css otherwise image files wont have PHP engine include the file.
Keep me posted on the progress, once this gets figured out will probably use it on my site too =oP. Good luck!
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 38

Expert Comment

by:yuzh
ID: 11691160
why not just use:

<FilesMatch \.(?i:gif|jpe?g|png|htm?l|php)$>
 
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11692199
>  <FilesMatch "\.([^c][^s][^s][a-z0-9]?)$">
>  Should allow any 3-4 character extension and not allow .css

no.
does not allow .asa for example

I'd go with a white list as suggested by yuzh
0
 
LVL 16

Author Comment

by:hankknight
ID: 11694737
CrYpTiC_MauleR Said:
-----------------------------------------------------
               <Files ~ "\.([^c][^s][^s][a-z0-9]?)$">
               ForceType application/x-httpd-php
               </Files>
-----------------------------------------------------

Thanks!  This is what I needed.  I thought that the trouble was with my regular expressions but the problem was  because the images weren't being touched by PHP, the php_value auto_append_file command did nothing.

Now I need to evaluate the security implications of processing most filetypes as php scripts...
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Nginx CDN 12 114
php54-php-imap for redhat enterprise linux 7.2 1 63
Apache SSL and mod_rewrite not working 8 106
htaccess restrict subdomain 4 71
Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now