Prevent php scripts running via .htaccess and AddHandler

Posted on 2004-11-25
Last Modified: 2008-03-04
I need to offer FTP access to a subdirectory to a select few clients.

This will be just to share .doc and .pdf files, but it needs to be accessible from the web... and hence I want to safeguard against potential misuse (although the clients are 100% trustworthy, you never know !!!)

I think there is a way to have an .htaccess file which sets the type of a .php file to null or something, so it can't run even if it's there... Is this using AddHandler ???

Anyway, despite searching EE and the web, I can't find the syntax to make an .htaccess file which will render .php or other script files useless in this particular subdirectory - any ideas ???

Many thanks

Question by:milkmon123
    LVL 3

    Expert Comment

    Well, I am not an expert on .htaccess, but I would asume you could use mod_rewrite to re-write any url with .php to some other HTML file saying "php disabled" or someting.

    LVL 27

    Accepted Solution

    I suppose you could also just prevent access for php extensions, with the following anything with .php will result in a 403 Forbidden error so php scripts can be uploaded but not run on your server.

    <Files "*.php">
    Order Allow,Deny
    Deny from all

    Expert Comment

    If you are using PHP as an Apache module, you can put the following line in your .htaccess file:
    php_flag engine off

    If that doesn't work, make sure you have set "AllowOverride Options" or "AllowOverride All" privileges for the directory that contains the .htaccess file.
    LVL 1

    Author Comment

    Thanks Diablo - you got me on the right track !!!

    This is the one I used in the end...

    <FilesMatch "\.(gif|jpe?g|png|php3?)$">
    Order Allow,Deny
    Deny from all

    (In earlier apache versions you could use <Files ~ "expression">)

    Many thanks for your help and quick response.
    LVL 27

    Expert Comment

    no problem :)

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    The Client Need Led Us to RSS I recently had an investment company ask me how they might notify their constituents about their newsworthy publications.  Probably you would think "Facebook" or "Twitter" but this is an interesting client.  Their cons…
    Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now