Disable PHP in directory (including all sub-directories) with .htaccess


Question

I'm making a website which allows people to upload files, html pages, etc... Now I'm having a problem. I have a directory structure like this:

-/USERS
    -/DEMO1
    -/DEMO2
    -/DEMO3
    -/etc... (every user has his own direcory here)
-index.php
-control_panel.php
-.htaccess

Now I want to disable PHP, but enable Server-side includes in the direcories and subdirectories inside /USERS

Can this be done (and how :) )? Thanks in advance.

BTW, I use WAMP server

1
61
12/14/2009 2:26:07 AM

Accepted Answer

Try to disable the engine option in your .htaccess file:

php_flag engine off
113
8/13/2009 1:46:37 PM

To disable all access to sub dirs (safest) use:

<Directory full-path-to/USERS>
     Order Deny,Allow
     Deny from All
 </Directory>

If you want to block only PHP files from being served directly, then do:

1 - Make sure you know what file extensions the server recognizes as PHP (and dont' allow people to override in htaccess). One of my servers is set to:

# Example of existing recognized extenstions:
AddType application/x-httpd-php .php .phtml .php3

2 - Based on the extensions add a Regular Expression to FilesMatch (or LocationMatch)

 <Directory full-path-to/USERS>
     <FilesMatch "(?i)\.(php|php3?|phtml)$">
            Order Deny,Allow
            Deny from All
    </FilesMatch>
 </Directory>

Or use Location to match php files (I prefer the above files approach)

<LocationMatch "/USERS/.*(?i)\.(php3?|phtml)$">
     Order Deny,Allow
     Deny from All
</LocationMatch>

Licensed under: CC-BY-SA with attribution
Not affiliated with: Stack Overflow
Icon