htaccess-- disallow php scripts from running???

[dj-kenpo]

Weird question to ask on the php forum I know ...

 

I want to have a small add on for my main site that's an open ftp area (ftp.domain.com). private, but really, people share passwords etc so not so private when all is said and done.

 

problem is, I don't want people uploading php scripts and running something like, ../main_domain/ delete everything script.

 

It's to be used for images only, a sort of temp folder online. (ie, webforms are slow and annoying for large numbers of files...)

 

can I disallow php/asp/jsp and anything else (you can think of) dangerous via an htaccess command?

 

also, can the htaccess file for that be outside of the root directory? otherwise anyone can delete it...

[uhmcastillo]

I believe you can use the php_admin_flag engine off command in a <Directory /mydir> section.

 

I've never tried it myself, so please let me know if it works.

 

Cheers,

-m

[dj-kenpo]

cool, 1 down. 4+ to go.

 

also need to disable asp, jsp ruby, etc.

 

I wonder, you can tell apache to parse say, .rss as a php file. perhaps I can just do the reverse and tell it to parse EVERYTHING on this domain as .html. so nothing dynamic can possibly run.

 

 

but how do I place the htaccess file outside of the domain directory and then refrence THAT domain only?

[trq]

also need to disable asp, jsp ruby, etc.

 

Well, asp should be easy seeing as it doesn't run on Apache.

[uhmcastillo]

Yes, well, if you get asp running, let me know how that worked...

 

And don't put it in a htaccess file.  Put it in the http.conf (in a <directory /> section, like I mentioned above).

 

 

 

[dj-kenpo]

re: asp.

 

HAHHAHA, woops. wasn't even thinking! stupid me....