Solved

Making scripts NON EXECUTABLE with .htaccess

Posted on 2006-11-22
4
408 Views
Last Modified: 2010-03-04
Hello,

How are you?

I have a directory on my website that I need to make available for public FTP uploads / downloads.  I do NOT want anything in that directory to be executable.

.PHP, .pl, cgi  and .sh SHOULD ALL be treated as plain text.

Is there something I can put in my .htaccess file to secure this directory?

Thanks!
0
Comment
Question by:hankknight
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996270
php_admin_flag engine off
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996309
Sorry that should be

php_value engine off
AddType text/plain .html .htm .shtml .php
0
 
LVL 16

Author Comment

by:hankknight
ID: 17997127
Thanks!

So something like this then:

       php_value engine off
       AddType text/plain .html .htm .shtml .php .sh .cgi .pl .c

But, I could be missing something so is there a way to set EVERTHING except:
       .png
       .gif
       .jpg
       .psd
       .tif
       .ai
       .pdf
       .eps

To text/plain ?
0
 
LVL 13

Accepted Solution

by:
rhickmott earned 500 total points
ID: 17997622
Hmm none that I know of easily

The Default Type for Apache is text/plain UNLESS specified otherwise by the MIME type if you turn execute permissions off on the folder then by rights nothing should be able to run.

PHP is a module therefore you need to declare its type manually using
AddType application/x-httpd-php .php

And it then becomes part of the server so its by rights executed by Apache but the flag disables that privaledge.

you should be able to use a

<Filesmatch !^\.(gif|jpg|bmp)$>
     ForceType text/plain
</FilesMatch>

Which *should* force the type of everything to Plain Text unless its jpeg, gif or bmp however Ive had limited success with this in the past. If you set it to image/gif and try loading a zip in FireFox it rightly says this is not an image which means its working but for some reason I cant get the same results when trying to force plain text.

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question