WebFaction
Community site: login faq

How can I disable PHP execution for a single directory?

0

I'm installing MediaWiki as part of a static/PHP configuration and the documentation recommends that script execution privileges are revoked for the /images directory as users are able to upload files to that location. However, although I found a way to stop Python script execution (by adding Options -ExecCGI to the .htaccess file) I cannot find a way to block PHP execution.

I've tried various tricks from around the web without success:

  • AddType text/plain .php
  • RemoveHandler .php
  • <IfModule php5_module>php_flag engine off</IfModule> (on 3 separate lines)
  • <IfModule mod_php5.c>php_flag engine off</IfModule> (on 3 separate lines)

And none of these have any effect: my test file of <? echo "hello!"; ?> still gets executed when I open it in the browser.

asked 20 Jan '13, 16:00

Kylotan
15249
accept rate: 0%

edited 20 Jan '13, 16:00

2 Answers:
active answersoldest answersnewest answerspopular answers
1

Something like this in .htaccess should do it:

<FilesMatch \.php$>
    SetHandler None
</FilesMatch>

If that doesn't work, then:

  1. Create a "symbolic link to static-only" application pointing at your images directory.
  2. Add the app you created in step 1 to your site, using /images as the URL path.
permanent link

answered 20 Jan '13, 17:32

seanf
12.2k42136
accept rate: 37%

Thank you, that first suggestion seems to work perfectly!

(21 Jan '13, 09:30) Kylotan
0

You should be able to prevent execution by removing the execute bit from the directory and files in that directory.

permanent link

answered 20 Jan '13, 16:26

bmeyer71 ♦♦
1.5k3613
accept rate: 33%

If I do that, I can't navigate into the directory any more.

(20 Jan '13, 16:33) Kylotan

Just remove execute for other. You may need to leave group with execute.

(20 Jan '13, 16:41) bmeyer71 ♦♦

It still stops the web server from serving any of the files in there. I don't want to lock the whole directory - I just want to prevent script execution.

(20 Jan '13, 16:49) Kylotan

Seems a bit odd. Maybe change the permissions for the directory back to 775 and try the .htaccess example in this link about 1/3 of the way down.

(20 Jan '13, 17:04) bmeyer71 ♦♦

I already had the AddType line, which has no effect. Adding the ForceType block does nothing either, and nor does the AddHandler cgi-script idea.

(20 Jan '13, 17:24) Kylotan
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Question tags:

×264
×75
×8

question asked: 20 Jan '13, 16:00

question was seen: 15,604 times

last updated: 05 Jul '14, 15:40

Related questions

how to rewrite urls for files within folders using htaccess

How to configure and use memcached with medaiwiki aplication?

FilesMatch via htaccess not working

Change version of PHP in STATIC/CGI/PHP-5.5 application?

.htaccess to parse PHP in a JS file

Redirect all non SSL URLs path to SSL path

Can't get URL rewriting to work using CodeIgniter

upper limit for post_max_size/upload_max_filesize

Switch from PHP 5.6 to PHP 7.0 via htaccess?

PHP not parsed

WEBFACTION
Home
Sign up
Jobs
REACH US
Email
Blog
Twitter
Facebook
SUPPORT
Control panel
Documentation
Q&A community site
Status blog
Support tickets
AFFILIATE PROGRAM
Affiliate program
Visuals
LEGAL
Terms of service
Acceptable use policy
Privacy policy
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM