Solved

block .htaccess file

Posted on 2011-09-24
2
375 Views
Last Modified: 2012-05-12
hello,

On my website i give ftp accounts to my visitor, so they can upload there work (mostly images ) , But the problem is they can create an simple php file and delete everything.

The soloution i come for is to block the server-side file, but the can creat an .htaccess file and get the right back to delete files.

i really want to know how to block .htaccess file , or that they can not override that setting.

thank you
0
Comment
Question by:kensy11
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 36593742
I think the better way would be to create a PHP upload page instead of offering FTP accounts.  That way it would stay under your control.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36593806
Yeah I agree with Dave, but if you can't do that for whatever reason, here is how to disable .htaccess in Apache's main config file (httpd.conf).

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier configuration directives.

AllowOverride is valid only in <Directory> sections specified without regular expressions, not in <Location>, <DirectoryMatch> or <Files> sections.

When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
Ex:

<Directory /ftpuploads>
AllowOverride None
</Directory>
0

Featured Post

Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
Styling your websites can become very complex. Here I'll show how SASS can help you better organize, maintain and reuse your CSS code.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question