Solved

Making scripts NON EXECUTABLE with .htaccess

Posted on 2006-11-22
4
406 Views
Last Modified: 2010-03-04
Hello,

How are you?

I have a directory on my website that I need to make available for public FTP uploads / downloads.  I do NOT want anything in that directory to be executable.

.PHP, .pl, cgi  and .sh SHOULD ALL be treated as plain text.

Is there something I can put in my .htaccess file to secure this directory?

Thanks!
0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996270
php_admin_flag engine off
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996309
Sorry that should be

php_value engine off
AddType text/plain .html .htm .shtml .php
0
 
LVL 16

Author Comment

by:hankknight
ID: 17997127
Thanks!

So something like this then:

       php_value engine off
       AddType text/plain .html .htm .shtml .php .sh .cgi .pl .c

But, I could be missing something so is there a way to set EVERTHING except:
       .png
       .gif
       .jpg
       .psd
       .tif
       .ai
       .pdf
       .eps

To text/plain ?
0
 
LVL 13

Accepted Solution

by:
rhickmott earned 500 total points
ID: 17997622
Hmm none that I know of easily

The Default Type for Apache is text/plain UNLESS specified otherwise by the MIME type if you turn execute permissions off on the folder then by rights nothing should be able to run.

PHP is a module therefore you need to declare its type manually using
AddType application/x-httpd-php .php

And it then becomes part of the server so its by rights executed by Apache but the flag disables that privaledge.

you should be able to use a

<Filesmatch !^\.(gif|jpg|bmp)$>
     ForceType text/plain
</FilesMatch>

Which *should* force the type of everything to Plain Text unless its jpeg, gif or bmp however Ive had limited success with this in the past. If you set it to image/gif and try loading a zip in FireFox it rightly says this is not an image which means its working but for some reason I cant get the same results when trying to force plain text.

0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question