How Can I Make Apache Stop Serving ALL Unknown File Types (like .php~)?

Posted by user223304 on Server Fault See other posts from Server Fault or by user223304
Published on 2014-06-02T02:38:55Z Indexed on 2014/06/02 3:30 UTC
Read the original article Hit count: 332

Filed under:
|
|

I am coming from IIS and moving to Apache and recently found out that Apache by default serves up files of an unknown file extension as PURE TEXT.

This can be an issue if a user uses certain programs that back up .php files as .php~. Then the .php~ file becomes completely readable by simply navigating to it in a browser. To make matters worse these .php~ files are often considered 'hidden' in the linux environment from the user so some may not even know they exist. Bots have been created around this fact that scour the internet looking for popular file name backups and extracting potentially secure info from them.

I already know how to stop serving up .php~ files or any specific file extensions. I also know not to use any editors that would save backup files like this.

My question is, how can I stop this default Apache behavior of serving up ANY non-MIME file type at all? I just don't like the this behavior and would like to stop it. I don't want it serving up .aspx~, .html~, .bob, .carl, no extension or anything else that is not a real MIME type.

I know that I can probably go and use a directive to first Deny access to all file types. Then add the ones I want to serve out one by one. But I'm wondering if there's an easier/quicker way.

Thanks for any help.

© Server Fault or respective owner

Related posts about apache-2.2

Related posts about centos