Solved

block .htaccess file

Posted on 2011-09-24
2
370 Views
Last Modified: 2012-05-12
hello,

On my website i give ftp accounts to my visitor, so they can upload there work (mostly images ) , But the problem is they can create an simple php file and delete everything.

The soloution i come for is to block the server-side file, but the can creat an .htaccess file and get the right back to delete files.

i really want to know how to block .htaccess file , or that they can not override that setting.

thank you
0
Comment
Question by:kensy11
2 Comments
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 36593742
I think the better way would be to create a PHP upload page instead of offering FTP accounts.  That way it would stay under your control.
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 36593806
Yeah I agree with Dave, but if you can't do that for whatever reason, here is how to disable .htaccess in Apache's main config file (httpd.conf).

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier configuration directives.

AllowOverride is valid only in <Directory> sections specified without regular expressions, not in <Location>, <DirectoryMatch> or <Files> sections.

When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
Ex:

<Directory /ftpuploads>
AllowOverride None
</Directory>
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What is Node.js? Node.js is a server side scripting language much like PHP or ASP but is used to implement the complete package of HTTP webserver and application framework. The difference is that Node.js’s execution engine is asynchronous and event…
Introduction Since I wrote the original article about Handling Date and Time in PHP and MySQL (http://www.experts-exchange.com/articles/201/Handling-Date-and-Time-in-PHP-and-MySQL.html) several years ago, it seemed like now was a good time to updat…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now