Hi! A friend of mine ran into known (though not well -known) security issues
AddHandler directive. Basically, Apache configuration like
# Avoid! AddHandler php5-fcgi .php
applies to a file called
evilupload.php.png, too. Yes. Looking at the
current Apache documentation, it should clearly say that
not be used any more for security reasons. That's what I would expect. What I
find as of 2015-02-15 looks different:
SetHandleradvised, no mention of "security", though
https://httpd.apache.org/docs/current/mod/mod_mime.html#addhandler Dangerous example "
AddHandler cgi-script .cgi" No mention of "security"
https://httpd.apache.org/docs/current/mod/mod_mime.html#RemoveHandler Promition of AddHandler: "
AddHandler server-parsed .html"
https://httpd.apache.org/docs/current/handler.html#examples Promition of AddHandler: "
AddHandler add-footer .html"
Dangerous recommendation "add a line such as
AddHandler cgi-script .cgi"
Maybe that's why
AddHandler is still proposed all across the Internet: