Hi, I am using firefox 1.0.4(Yeah, I know this is old but this is Debian... :P ) and I just discovered this weird thing.

I have configured a web server, using Debian, Apache2 and PHP4. When I tried to access it with the above mentioned firefox, specifying an address like http://www.example.com/ without specifying the filename, it allowed me to download the PHP source file!!!

I thought this was because of the setting on the server(I am a newbie at configuring server...), so I went to check around but didn't find anything suspicious. Then, I tried access it the same way from another machine, using firefox, too, the page is displayed properly.

Therefore, I deleted ~/.mozilla and start to test the firefox on the first machine again. And this time no prompt for download.

What is wrong here?
Is there a problem with my server or in the firefox settings?
I think it lays with the server settings personally but I have no idea where is it.

Any help is appreciated.

Thanks.

PHP is a server side preprocessing language. If you are able to download the PHP file (such as it happened to me before), it's the server's fault, not the browser.

When a server is functionning properly, you can even put password hardcode into the PHP file safely, asumming there is no public FTP access to the PHP sources.

You need to look into the settings and configuration of your server.

"Safely" being a relative term there. You're better off using .htaccess or a database to store the passwords in files not located under the httpd's root directory.

probably you dont activated the php module in the httpd.conf.

if you browse the forum or look at google you can find lots of content about enabling php in apache.

[ ]'s

Slackware 10.1 - Kernel 2.6.12.3

LPIC-1 Certified since 28/10/05
Linux Professional Institute Certified - https://www.lpi.org/en/verify.html
id: LPI000095352 ver: juswaj4mct

We are the thinking geeks!

P: every rule have an exception, what's the exception of this rule?
R: That this rule have no exception!

Make sure the following line appears in your Apache conf files:
On my Debian server, it appears in the following files:

What is that supposed to mean? You've apparently never been to DistroWatch or learned how to use APT. Debian almost always has the current versions of applications in their repositories such that using APT makes it incredibly easy to be up to date. If you're going to use Debian, at least take advantage of what it offers you.

Thanks for all your advices, guys!
I will take a look again when I have the chance.

Ya, I know how to use apt-get but since I am using Sarge, the latest verion of firefox here is still 1.0.4. At least it hasn't been upgraded yet when I apt-get update + upgrade today

I have upgraded to 1.5 in a slackware box, though, and think that it is cool

Understood. You should upgrade to Sid. It really isn't unstable. There have only been a few minor instances where I've had dependency issues. The benefits of having the most current versions outweigh any potential problems by far. If you have any qualms about it, feel free to hop in #debian on irc.freenode.net and ask around. I highly recommend Sid over Sarge.

why would one want the latest firefox on a webserver?

Are you sure about this? If firefox was included in Debian then they keep it up to date with security updates, full stop. They wouldn't let it languish in an unpatched old version. What's most likely happened is they've backported the changes from the later versions but kept the version the same, this is consistent with what they do for all the other packages in the distro (eg. kernel, glibc, kde etc.) and other distros do it this way (eg. Mandriva).

No it is not installed on a server but a normal client.

I think they have patched it with security patches but without the new functions...

Anyway this is not a thread to discuss about this so I think we should stop here or the moderators might make noises :P

Thanks for the info, guys

After reading suggestions from you guys, I went back to check the configurations again.
But I couldn't find anything wrong. So, I decided to stop the server and do a re-installation.

The funny thing is, even after I stopped the apache server or shut down the server, I still got firefox offering me to download the PHP source file. So I guessed there is something wrong with firefox's cache files.

Therefore, I moved the Cache folder from Cache to Cache.BAK and restart firefox.
Viola! The download prompt went away

As a conclusion, I think this happened because:
1. Before the server was properly set up, I accessed it with this firefox browser, and firefox stored the content into its cache.
2. The server was finally properly set up.
3. When accessed, something went wrong and firefox still offered me with something from its cache.

Just a wild guess, though.
If somebody can explain this please do so.

The morale behind the story:
Never get your server online before it is properly set up!

Thanks.

Usually in Firefox going View->Reload should get the latest version, bypassing the cache. Anyway to clean out the cache all you have to do is Edit->Preferences->Privacy (Tools->Options in Windows).