Prevent PHP code exec in subfolders

[tibiz]

Hello,

 

I have a directory tree for my project:

 

/www/CMS/

/www/CMS/files/

/www/CMS/files/Images

/www/CMS/files/Documents

 

The user is able to access content and subfolders files/ via FTP, which is the place for his stuff

 

My question is, how can I prevent running php scripts in files/ , files/Images/ , files/Documents/ using .htaccess

because I tried run a <?php echo get_file_contets("../../index.php"); ?>  in /www/CMS/files/Images/ and it displayed my code;

 

I have a .htaccess file:

  RemoveHandler .php .phtml .php3 .php5

  RemoveType .php .phtml .php3 .php5

  php_flag engine off

but if place it in /www/CMS/ it stops running my project; if I place it in /www/CMS/files/ , the htaccess can be simply deleted by user via ftp

 

thank you for any help

[tibiz]

(same question but simplier way)

 

how setup .htaccess to apply functions:

  RemoveHandler .php .phtml .php3 .php5

  RemoveType .php .phtml .php3 .php5

  php_flag engine off

only to subfolder .../files/ and it's content but the .htaccess must be placed in root directory

[kicken]

You'd probably have to setup the configuration in the main httpd.conf file.  That or prevent the user from deleting the .htaccess file somehow, such as changing it's owner/permissions.

[tibiz]

thank you for answer.

 

modification of httpd.conf and setting ownership is not possible on my hosting. I not running on own web server. So the last option is to set up .htaccess to affect with settings the subdirectories , but exclude the root directory where the .htaccess is.

 

The only known good and working situation is (but don't like it):

 

</root/>

  *.php all CMS files

</root/subdir1/>

          *.htaccess disabling running scripts as described in my previous post

</root/subdir1/subdir2/>

                        the place for all 3d-party user's stuff accessable via FTP