Wuhtzu Posted February 29, 2008 Share Posted February 29, 2008 Hey I have the following directory structure on my webserver: \wuhtzu\ ("site specific folder") \wuhtzu\webroot\ (apache virtual host webroot of wuhtzu.dk) \wuhtzu\webroot\download\ (dir in question) Can I from the dir "\wuhtzu\webroot\" make an .htaccess file which will prevent any PHP file from being viewed / run / executed / loaded from the dir "\wuhtzu\webroot\download\"? What I want to prevent is this from happening: www.wuhtzu.dk/download/i_fuck_your_server_up.php. The reason why I have this concern is because I give some people ftp access to this dir (I could place it outside the webroot, but I need "webserver access" too) and they could do stupid stuff. I need the .htaccess file to be one level up from the \download\ dir so people with the ftp account can't delete it Any advice would be much appreciated. Wuhtzu Quote Link to comment Share on other sites More sharing options...
rhodesa Posted February 29, 2008 Share Posted February 29, 2008 The easy thing to block all access to that dir from the web is to put an .htaccess file in the download dir with this line it is: deny from all I bet you could limit it to just PHP files though if you use FilesMatch: http://httpd.apache.org/docs/1.3/mod/core.html#filesmatch Quote Link to comment Share on other sites More sharing options...
Wuhtzu Posted February 29, 2008 Author Share Posted February 29, 2008 The problem is I want to allow people to access stuff like .zip and .rar from the web and ftp. But yes filematch sounds interresting, I'll look into it. Thank you! Other suggestions? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.