Posted by: rmills
Posted on: 2008-01-21 13:24:00
Normally I just disable parsing of PHP via .htaccess in my upload folder but I have never worked with PHP over CGI. Whats the best way to disable parsing of PHP but will still serve jpegs, zips ect?
Edited by rmills on 01/21/08 02:12 PM (server time).
Posted by: stuopa
Posted on: 2008-01-22 21:25:00
I would try a couple of things to see what might work best:
1) You could change the application type for .php to text so it will not parse it at all.
2) Don't allow .php files to be uploaded to this folder (Not sure if you're using a script to upload or a protocol).
I hope that at least helps push you in the right direction, good luck.
---------- KekBur.com ----------
Sacrifice the world.
Posted by: rmills
Posted on: 2008-01-22 21:31:00
Well I am blocking the uploading of PHP every way I can but its better safe than sorry. It's simple to do with .htaccess files but they don't work on DH. Changing the PHP ext is of limited use since they could use what ever I use. There has to be a correct way I just cant figure it out.
Posted by: stuopa
Posted on: 2008-01-22 22:40:00
No I mean, for that particular folder, have another .htaccess file that removes the x-httpd-php application type for any extension that might have it set in above directories (or the DH defaults). Like you could do something like:
AddType text/html .php
or if that doesn't work you could try:
AddType application/x-httpd-php-source .php
This way, not even you can execute PHP in that particular folder (and it's subdirs).
Let me know how you go.
---------- KekBur.com ----------
Sacrifice the world.
Posted by: askapache
Posted on: 2008-01-23 00:16:00
Heres an easy way to disable php code.. results in 403 forbidden.
Place this in the folders .htaccess
AddHandler cgi-script .php .phps .htm .inc
Options -ExecCGI
Posted by: rmills
Posted on: 2008-01-23 08:53:00
Yep thats what I needed thanks :)