0

I am writing a web application in php using Apache server. What I would like to do is have the index.php (and other files) display as *.aspx files, to confuse potential hackers.

Can this be done by editing the .htaccess file, and if so, what are the relevant lines to edit?

Improve this question
6
  • Nobody can see your PHP code unless a) they hack the file system of your server or b) your server is misconfigured to serve the PHP as plain text. Either way the only confusion a hacker is going to get from that is wondering why you named a PHP file .aspx Commented Feb 17, 2014 at 4:39
  • 2
    This will add very little in the way of security. First of all, it's Security Through Obscurity, which is generally considered very weak. Additionally, there are a number of ways to trivially detect that PHP is being used instead of ASP.NET (e.g. X-Powered-By header, easter egg image queries, ...) Commented Feb 17, 2014 at 4:40
  • @winterblood I think that he actually wants to confuse the hackers by making the server look like it's a Windows Server serving ASP.NET pages. Commented Feb 17, 2014 at 4:41
  • @André As Chris says, it is very easy to tell the difference, any hacker worth their l33t isn't going to base their attempts off a file extension. Commented Feb 17, 2014 at 4:43
  • @winterblood yeah I agree that's useless. Commented Feb 17, 2014 at 4:44

2 Answers 2

Reset to default
1

Serving the wrong file extension is not how you would achieve security, as it would not be enough to fool potential hackers. It might not even be enough to fool the guys at builtwith.com.

Instead of researching how to mislead the hackers with simple tricks, research on ways to secure your application better. You can start that at PHP.net and Stack Overflow.

If you insist, you can use Apache mod_rewrite for that.

Something along this line (not tested):

RewriteEngine On
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.aspx -f
RewriteRule ^(.+).aspx$ /$1.php [L,QSA]

Otherwise, you can also add mime-type in Apache to serve *aspx files as PHP.

AddType application/x-httpd-php .aspx
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Second way is way simpler.
0

According to this answer, you should add the following to your .htaccess :

AddType application/x-httpd-php .aspx

You can find more info about the AddType directive in the Apache documentation.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.