Prevent php scripts running via .htaccess and AddHandler

I need to offer FTP access to a subdirectory to a select few clients.

This will be just to share .doc and .pdf files, but it needs to be accessible from the web... and hence I want to safeguard against potential misuse (although the clients are 100% trustworthy, you never know !!!)

I think there is a way to have an .htaccess file which sets the type of a .php file to null or something, so it can't run even if it's there... Is this using AddHandler ???

Anyway, despite searching EE and the web, I can't find the syntax to make an .htaccess file which will render .php or other script files useless in this particular subdirectory - any ideas ???

Many thanks

Matt
LVL 1
milkmon123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JoshPowellCommented:
Well, I am not an expert on .htaccess, but I would asume you could use mod_rewrite to re-write any url with .php to some other HTML file saying "php disabled" or someting.


Josh
0
Diablo84Commented:
I suppose you could also just prevent access for php extensions, with the following anything with .php will result in a 403 Forbidden error so php scripts can be uploaded but not run on your server.

<Files "*.php">
Order Allow,Deny
Deny from all
</Files>
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mitch-BCommented:
If you are using PHP as an Apache module, you can put the following line in your .htaccess file:
php_flag engine off

If that doesn't work, make sure you have set "AllowOverride Options" or "AllowOverride All" privileges for the directory that contains the .htaccess file.
0
milkmon123Author Commented:
Thanks Diablo - you got me on the right track !!!

This is the one I used in the end...

<FilesMatch "\.(gif|jpe?g|png|php3?)$">
Order Allow,Deny
Deny from all
</FilesMatch>

(In earlier apache versions you could use <Files ~ "expression">)

Many thanks for your help and quick response.
0
Diablo84Commented:
no problem :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.