htaccess - disable PHP in specific directory

erzoolander
erzoolander used Ask the Experts™
on
I have a folder called "uploads" that I want to ensure PHP cannot be executed within.  

To accomplish that - would I just place an htaccess file within that directory - with:

php_flag engine off

in it?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2017
Commented:
Change permissions on upload to 733 allowing uploads but denying reads.
The other option is make sure the PHP page that facilitates uploads saves the data to a folder outside the web server path with a separate script that enumerates and displays those files as a list and that script is the only way the uploaded files can be downloaded.

I.e. /var/www/html as the base of webserver your upload.php will save the file in /var/www/mydomain_uploads where there is no Apache directive to access I it by the web server
My guess in the above example your upload folder is in the Apache web path such as /var/www/html/anyfolder/mydomain_uploads

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial