View previous topic :: View next topic |
Author |
Message |
Lawrence -
Joined: 16 Jan 2003 Posts: 207 Location: Brisbane, AU
|
Posted: Sat May 14, 2011 11:38 pm Post subject: Prevent script execution in one directory? |
|
|
I'm about to set up a public file repository on my server, and I'd like to prevent people from uploading and running PHP scripts in this folder.
I can't find anything about preventing PHP from running in one directory, everything seems to deal with enabling extra directories.
Basically, I don't want PHP to execute any scripts in c:\htdocs\path\
The problem of course bing that PHP is set to execute all scripts in c:\htdocs\, and in this case \path\ is one of a hundred folders, so I can't easily enable PHP in every folder EXCEPT this one. Instead, I want to allow PHP everywhere but here.
Any advice? |
|
Back to top |
|
|
Lawrence -
Joined: 16 Jan 2003 Posts: 207 Location: Brisbane, AU
|
Posted: Tue May 17, 2011 12:31 am Post subject: |
|
|
So far the best solution I've found to this is to put the files in a directory outside \htdocs\ and use a PHP script to fetch the required file when requested: fetch.php?file=/path/to/file.gif
This works, except that PHP and Windows combine to make a force entirely unfriendly to Japanese files.
If anyone's keen on this, here's the script I used. It works perfectly, except for double-byte (non-English) filenames. |
|
Back to top |
|
|
Lawrence -
Joined: 16 Jan 2003 Posts: 207 Location: Brisbane, AU
|
Posted: Tue May 17, 2011 2:31 am Post subject: Problem solved |
|
|
I managed to solve the problem using a URL rewrite:
Any requests for *.php in the /path/ folder will result in a 404 error.
|
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1295
|
Posted: Tue May 17, 2011 11:47 am Post subject: Re: Problem solved |
|
|
Lawrence,
That's a good solution and we wouldn't have recommended better. In the future, the scope of each part of the configuration will be more flexible. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
|