Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 379
  • Last Modified:

block .htaccess file

hello,

On my website i give ftp accounts to my visitor, so they can upload there work (mostly images ) , But the problem is they can create an simple php file and delete everything.

The soloution i come for is to block the server-side file, but the can creat an .htaccess file and get the right back to delete files.

i really want to know how to block .htaccess file , or that they can not override that setting.

thank you
0
kensy11
Asked:
kensy11
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
I think the better way would be to create a PHP upload page instead of offering FTP accounts.  That way it would stay under your control.
0
 
PapertripCommented:
Yeah I agree with Dave, but if you can't do that for whatever reason, here is how to disable .htaccess in Apache's main config file (httpd.conf).

When the server finds an .htaccess file (as specified by AccessFileName) it needs to know which directives declared in that file can override earlier configuration directives.

AllowOverride is valid only in <Directory> sections specified without regular expressions, not in <Location>, <DirectoryMatch> or <Files> sections.

When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
Ex:

<Directory /ftpuploads>
AllowOverride None
</Directory>
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now