Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Making scripts NON EXECUTABLE with .htaccess

Posted on 2006-11-22
4
Medium Priority
?
412 Views
Last Modified: 2010-03-04
Hello,

How are you?

I have a directory on my website that I need to make available for public FTP uploads / downloads.  I do NOT want anything in that directory to be executable.

.PHP, .pl, cgi  and .sh SHOULD ALL be treated as plain text.

Is there something I can put in my .htaccess file to secure this directory?

Thanks!
0
Comment
Question by:hankknight
  • 3
4 Comments
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996270
php_admin_flag engine off
0
 
LVL 13

Expert Comment

by:rhickmott
ID: 17996309
Sorry that should be

php_value engine off
AddType text/plain .html .htm .shtml .php
0
 
LVL 16

Author Comment

by:hankknight
ID: 17997127
Thanks!

So something like this then:

       php_value engine off
       AddType text/plain .html .htm .shtml .php .sh .cgi .pl .c

But, I could be missing something so is there a way to set EVERTHING except:
       .png
       .gif
       .jpg
       .psd
       .tif
       .ai
       .pdf
       .eps

To text/plain ?
0
 
LVL 13

Accepted Solution

by:
rhickmott earned 2000 total points
ID: 17997622
Hmm none that I know of easily

The Default Type for Apache is text/plain UNLESS specified otherwise by the MIME type if you turn execute permissions off on the folder then by rights nothing should be able to run.

PHP is a module therefore you need to declare its type manually using
AddType application/x-httpd-php .php

And it then becomes part of the server so its by rights executed by Apache but the flag disables that privaledge.

you should be able to use a

<Filesmatch !^\.(gif|jpg|bmp)$>
     ForceType text/plain
</FilesMatch>

Which *should* force the type of everything to Plain Text unless its jpeg, gif or bmp however Ive had limited success with this in the past. If you set it to image/gif and try loading a zip in FireFox it rightly says this is not an image which means its working but for some reason I cant get the same results when trying to force plain text.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question