You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Gawain <li...@rticonsulting.com> on 2003/06/22 23:09:51 UTC

[users@httpd] Disabling PHP parsing on a per-directory basis

I'd like to be able to disable php parsing in a directory in a 
virtual host where files can be uploaded.

I've built a "file browser" type of app in PHP to allow more-or-less 
trusted users to upload files for others to download. The files live 
in a hierarchy of directories below the document root of the virtual 
host, starting with an enclosing "files" directory. Even though I 
don't believe there's much risk of one of the users uploading a 
malicious (or benign) PHP script to the files directory, I'd like to 
disable PHP parsing for it and all directories below the "files" 
directory.

How would I do this?

Gawain

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disabling PHP parsing on a per-directory basis

Posted by Joshua Slive <jo...@slive.ca>.

On Sun, 22 Jun 2003, Gawain wrote:

> I'd like to be able to disable php parsing in a directory in a
> virtual host where files can be uploaded.
>
> I've built a "file browser" type of app in PHP to allow more-or-less
> trusted users to upload files for others to download. The files live
> in a hierarchy of directories below the document root of the virtual
> host, starting with an enclosing "files" directory. Even though I
> don't believe there's much risk of one of the users uploading a
> malicious (or benign) PHP script to the files directory, I'd like to
> disable PHP parsing for it and all directories below the "files"
> directory.

Sounds like you are reinventing something that mod_dav does perfectly
well.

But anyway, how to disable php depends on how you enabled it in the first
place.  If you used an AddType directive to enable it, then use another
AddType to disable it, as in
AddType text/html php php3 php4

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org