Jump to content

Use .htaccess file to stop "execution" of PHP files in dir


Recommended Posts

Hey

 

I have the following directory structure on my webserver:

 

\wuhtzu\ ("site specific folder")

\wuhtzu\webroot\ (apache virtual host webroot of wuhtzu.dk)

\wuhtzu\webroot\download\ (dir in question)

 

Can I from the dir "\wuhtzu\webroot\" make an .htaccess file which will prevent any PHP file from being viewed / run / executed / loaded from the dir "\wuhtzu\webroot\download\"?

 

What I want to prevent is this from happening: www.wuhtzu.dk/download/i_fuck_your_server_up.php. The reason why I have this concern is because I give some people ftp access to this dir (I could place it outside the webroot, but I need "webserver access" too) and they could do stupid stuff. I need the .htaccess file to be one level up from the \download\ dir so people with the ftp account can't delete it :)

 

Any advice would be much appreciated.

 

Wuhtzu

 

The easy thing to block all access to that dir from the web is to put an .htaccess file in the download dir with this line it is:

deny from all

 

I bet you could limit it to just PHP files though if you use FilesMatch:

http://httpd.apache.org/docs/1.3/mod/core.html#filesmatch

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.