Parse HTML as PHP

html configuration php apache apache2

Are there any security / performance concerns if we set the Apache web server to configure Apache to handle all HTML as PHP? I was specifically referring to:

AddType application/x-httpd-php .php .php3 .php4 .html

I was in a situation where I needed to add some PHP logic into some HTML files; ideally, I didn't have to change the filename e.g. page.html to page.php (to keep the page rank, etc. for page.html).

This is related to the following question: httpd AddType directive

Edits: From the existing answers / comments below, it looks like the community suggests to either use redirects or only target specific HTML files. The constraint is that I am redesigning an existing site (400+ HTML pages; each of them uses some sort of Dreamweaver template that pulls in the header and footer from different files). I was hoping to completely shy away from Dreamweaver move into something non-proprietary. So, I am down with two options:

  1. Use Server Side Includes (SSI) to pull in the header and footer. This will result in all my HTML files to be decorated with SSI.
  2. Sprinkle some PHP snippet to include the header and footer. For this choice, I have to make sure the file name stays unchanged.

The more files the server determines it needs to pass through the PHP interpreter, the more overhead involved, but I think this goes without saying. If your site does not have ANY pages with plain HTML, then you're already paying all the performance penalties that you could possibly pay - adding HTML to the list is no different in this case than simply renaming all the files to have a .php extension.

The real performance penalty would come if you do have plain HTML pages - the server will needlessly pass these pages to PHP for interpretation when none is necessary. But even then, it isn't dramatic - the PHP interpreter won't be needed for those HTML pages, so it won't do anything aside from determining that it doesn't need to do anything. This has a cost, but it isn't significant.

Now, if we're talking high-volume here, every little bit of performance matters and this would not be a practicable solution. For low- to mid-volume sites, however, the performance penalty would be nill.

If this is a one-time change and there are a limited number of files that are affected, then it may be more conservative to use a FilesMatch directive.

<FilesMatch "^(file_one|file_two|file_three)\.html$">
  AddType application/x-httpd-php .html
</FilesMatch>

I disagree with Tuga. I don't think you should make this change for all your files. Anytime you deal with security, you should try to control the environment. Doing it only for one file is probably the safest. You could do something like

<FilesMatch "^file_name\.html$">
AddType application/x-httpd-php .html
</FilesMatch>

This will only match file_name.html and process it as .php where it is much safer to do this than treat ALL .html files as php.

Related

Capitalization of "Assembly Language"
How did the phrase "much of a muchness" come to be?
Word Meaning "A single thing that's an indicator of greater overall trends"?
using of INotifyPropertyChanged
How do I style book titles in a block of italicized text?
Why use "Hell" to emphasize a statement?
Bomb lab phase_4
When to use "to the ..." vs. "to ..."
"You took... and you..."
Random generator in the batch
Is spelling still drifting?
Sending an array of values to Oracle procedure to use in WHERE IN clause