Solved

Making scripts NON EXECUTABLE with .htaccess

Posted on 2006-11-22
4
401 Views
Last Modified: 2010-03-04
Hello,

How are you?

I have a directory on my website that I need to make available for public FTP uploads / downloads.  I do NOT want anything in that directory to be executable.

.PHP, .pl, cgi  and .sh SHOULD ALL be treated as plain text.

Is there something I can put in my .htaccess file to secure this directory?

Thanks!
0
Comment
Question by:hankknight
  • 3
4 Comments
 
LVL 13

Expert Comment

by:rhickmott
Comment Utility
php_admin_flag engine off
0
 
LVL 13

Expert Comment

by:rhickmott
Comment Utility
Sorry that should be

php_value engine off
AddType text/plain .html .htm .shtml .php
0
 
LVL 16

Author Comment

by:hankknight
Comment Utility
Thanks!

So something like this then:

       php_value engine off
       AddType text/plain .html .htm .shtml .php .sh .cgi .pl .c

But, I could be missing something so is there a way to set EVERTHING except:
       .png
       .gif
       .jpg
       .psd
       .tif
       .ai
       .pdf
       .eps

To text/plain ?
0
 
LVL 13

Accepted Solution

by:
rhickmott earned 500 total points
Comment Utility
Hmm none that I know of easily

The Default Type for Apache is text/plain UNLESS specified otherwise by the MIME type if you turn execute permissions off on the folder then by rights nothing should be able to run.

PHP is a module therefore you need to declare its type manually using
AddType application/x-httpd-php .php

And it then becomes part of the server so its by rights executed by Apache but the flag disables that privaledge.

you should be able to use a

<Filesmatch !^\.(gif|jpg|bmp)$>
     ForceType text/plain
</FilesMatch>

Which *should* force the type of everything to Plain Text unless its jpeg, gif or bmp however Ive had limited success with this in the past. If you set it to image/gif and try loading a zip in FireFox it rightly says this is not an image which means its working but for some reason I cant get the same results when trying to force plain text.

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now