Disable PHP code in Folder (best way?)


#1

Normally I just disable parsing of PHP via .htaccess in my upload folder but I have never worked with PHP over CGI. Whats the best way to disable parsing of PHP but will still serve jpegs, zips ect?


#2

I would try a couple of things to see what might work best:

  1. You could change the application type for .php to text so it will not parse it at all.
  2. Don’t allow .php files to be uploaded to this folder (Not sure if you’re using a script to upload or a protocol).

I hope that at least helps push you in the right direction, good luck.

---------- KekBur.com ----------
Sacrifice the world.
Supporting beer since 1985.


#3

Well I am blocking the uploading of PHP every way I can but its better safe than sorry. It’s simple to do with .htaccess files but they don’t work on DH. Changing the PHP ext is of limited use since they could use what ever I use. There has to be a correct way I just cant figure it out.


#4

No I mean, for that particular folder, have another .htaccess file that removes the x-httpd-php application type for any extension that might have it set in above directories (or the DH defaults). Like you could do something like:

AddType text/html .php

or if that doesn’t work you could try:

AddType application/x-httpd-php-source .php

This way, not even you can execute PHP in that particular folder (and it’s subdirs).

Let me know how you go.

---------- KekBur.com ----------
Sacrifice the world.
Supporting beer since 1985.


#5

Heres an easy way to disable php code… results in 403 forbidden.

Place this in the folders .htaccess

AddHandler cgi-script .php .phps .htm .inc Options -ExecCGI
_____
[color=#00CC00] _ _| _ _ _ _|_ _ (_|_\|<(_||_)(_|(_| |(/_ | [/color]
:~


#6

Yep thats what I needed thanks :slight_smile: