I have always felt that if a file in .rar format is accessed, it will be opened as an attachment. But what about files in the format *.php.rar?
I tried it today. Apache actually executes it as php. Why is this happening?
It turns out that every time it encounters a file with a double suffix (such as xxx.php.rar), Apache will check the last suffix in the conf/mime.types file. If the last suffix is not defined in the mime.types file , then use the previous suffix to interpret, because by default, rar is not defined in mime.types, so Apache will use the php suffix to interpret the file.
We know that generally website servers will allow rar attachments to be uploaded, and may retain the original file name. As a result, the server has great security risks.
Now that we have discovered the problem, how can we let apache execute the *.php.rar file as an attachment?
1. Modify the mime.types file and add one at the end:
application/rar rar
Then restart Apache and you can