Prevent script execution in one directory?

 
Post new topic   Reply to topic    Aprelium Forum Index -> PHP
View previous topic :: View next topic  
Author Message
Lawrence
-


Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU

PostPosted: Sat May 14, 2011 11:38 pm    Post subject: Prevent script execution in one directory? Reply with quote

I'm about to set up a public file repository on my server, and I'd like to prevent people from uploading and running PHP scripts in this folder.

I can't find anything about preventing PHP from running in one directory, everything seems to deal with enabling extra directories.

Basically, I don't want PHP to execute any scripts in c:\htdocs\path\

The problem of course bing that PHP is set to execute all scripts in c:\htdocs\, and in this case \path\ is one of a hundred folders, so I can't easily enable PHP in every folder EXCEPT this one. Instead, I want to allow PHP everywhere but here.

Any advice?
Back to top View user's profile Send private message Visit poster's website ICQ Number
Lawrence
-


Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU

PostPosted: Tue May 17, 2011 12:31 am    Post subject: Reply with quote

So far the best solution I've found to this is to put the files in a directory outside \htdocs\ and use a PHP script to fetch the required file when requested: fetch.php?file=/path/to/file.gif

This works, except that PHP and Windows combine to make a force entirely unfriendly to Japanese files.

If anyone's keen on this, here's the script I used. It works perfectly, except for double-byte (non-English) filenames.
Back to top View user's profile Send private message Visit poster's website ICQ Number
Lawrence
-


Joined: 16 Jan 2003
Posts: 207
Location: Brisbane, AU

PostPosted: Tue May 17, 2011 2:31 am    Post subject: Problem solved Reply with quote

I managed to solve the problem using a URL rewrite:

Code:
^/path/(.+\.php)


Any requests for *.php in the /path/ folder will result in a 404 error.

Back to top View user's profile Send private message Visit poster's website ICQ Number
admin
Site Admin


Joined: 03 Mar 2002
Posts: 1295

PostPosted: Tue May 17, 2011 11:47 am    Post subject: Re: Problem solved Reply with quote

Lawrence,

That's a good solution and we wouldn't have recommended better. In the future, the scope of each part of the configuration will be more flexible.
_________________
Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com
Back to top View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Aprelium Forum Index -> PHP All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB phpBB Group