Solved

Making scripts NON EXECUTABLE with .htaccess

Posted on 2006-11-22
4
402 Views
Last Modified: 2010-03-04
Hello,

How are you?

I have a directory on my website that I need to make available for public FTP uploads / downloads.  I do NOT want anything in that directory to be executable.

.PHP, .pl, cgi  and .sh SHOULD ALL be treated as plain text.

Is there something I can put in my .htaccess file to secure this directory?

Thanks!
0
Comment
Question by:hankknight
  • 3
4 Comments
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996270
php_admin_flag engine off
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996309
Sorry that should be

php_value engine off
AddType text/plain .html .htm .shtml .php
0
 
LVL 16

Author Comment

by:hankknight
ID: 17997127
Thanks!

So something like this then:

       php_value engine off
       AddType text/plain .html .htm .shtml .php .sh .cgi .pl .c

But, I could be missing something so is there a way to set EVERTHING except:
       .png
       .gif
       .jpg
       .psd
       .tif
       .ai
       .pdf
       .eps

To text/plain ?
0
 
LVL 13

Accepted Solution

by:
rhickmott earned 500 total points
ID: 17997622
Hmm none that I know of easily

The Default Type for Apache is text/plain UNLESS specified otherwise by the MIME type if you turn execute permissions off on the folder then by rights nothing should be able to run.

PHP is a module therefore you need to declare its type manually using
AddType application/x-httpd-php .php

And it then becomes part of the server so its by rights executed by Apache but the flag disables that privaledge.

you should be able to use a

<Filesmatch !^\.(gif|jpg|bmp)$>
     ForceType text/plain
</FilesMatch>

Which *should* force the type of everything to Plain Text unless its jpeg, gif or bmp however Ive had limited success with this in the past. If you set it to image/gif and try loading a zip in FireFox it rightly says this is not an image which means its working but for some reason I cant get the same results when trying to force plain text.

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now