You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Mario Ohnewald <ma...@gmx.de> on 2004/03/11 16:50:30 UTC

[users@httpd] Disable php in userdir

Hello!
I want to tighten the seurity in the userdir directory, and i was wondering
how i could disable php.
I played around with 
<Directory /home/*/public_html>
    RemoveHandler php php3 php4
But i wasnt successful.


Thanks a lot!
            Mario

-- 
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disable php in userdir

Posted by Mario Ohnewald <ma...@gmx.de>.

> * Mario Ohnewald <ma...@gmx.de>
>   |__ Thu, Mar 11, 2004 at 04:50:30PM +0100:
> > Hello!
> > I want to tighten the seurity in the userdir directory, and i was
> wonderi
> ng
> > how i could disable php.
> > I played around with 
> > <Directory /home/*/public_html>
> >     RemoveHandler php php3 php4
> > But i wasnt successful.
> 
> Try the following directive:
> 
>     <Directory /home/*/public_html>
>         php_admin_flag engine off
>     </Directory>
> 
This worked!

Thanks a lot!

-- 
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disable php in userdir

Posted by Chip Cuccio <ch...@norlug.org>.

* Mario Ohnewald <ma...@gmx.de>
  |__ Thu, Mar 11, 2004 at 04:50:30PM +0100:
> Hello!
> I want to tighten the seurity in the userdir directory, and i was wondering
> how i could disable php.
> I played around with 
> <Directory /home/*/public_html>
>     RemoveHandler php php3 php4
> But i wasnt successful.

Try the following directive:

    <Directory /home/*/public_html>
        php_admin_flag engine off
    </Directory>

-- 
Chip Cuccio                    |  <ch...@norlug.org>
NORLUG VP and Sysadmin         |  <http://norlug.org/~chipster/>
Northfield Linux Users' Group  |  Northfield, Minnesota USA

Re: [users@httpd] Disable php in userdir

Posted by Joshua Slive <jo...@slive.ca>.

Mario Ohnewald wrote:

>>>Hello!
>>>I want to tighten the seurity in the userdir directory, and i was
>>
>>wondering
>>
>>>how i could disable php.
>>>I played around with
>>><Directory /home/*/public_html>
>>>    RemoveHandler php php3 php4
>>>But i wasnt successful.

What EXACTLY are the path names to the files in question?  The "*" 
matches only a single path segment.

Also, how are you configuring php in the first place?  If you are using 
a magic mime type with AddType, then a RemoveHandler might not work, 
since you never explicitly added the handler in the first place.

In any case, it would seem to make more sense to use something like

<Files .php*>
Order allow,deny
Deny from all
</Files>

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disable php in userdir

Posted by jtlapp <jt...@tlab.net>.

Glad you brought up the log file.  A lot of folks overlook it's usefulness.

Looks like apache is looking for a module to use mine encoding in 
/etc/apache/share/magic. Shouldn't cause your php problem.

Try looking for a .htaccess file for the directory you want to disable php on. 
It could override the httpd.conf if allow override is set.

That's all I can thing come up with.
John

On Thu March 11 2004 10:46 am, Mario Ohnewald wrote:
> > Have you restarted httpd after the chages? Just a though
> > John
>
> Yes i did! :)
>
> The only errors i get in error.log are:
> [Thu Mar 11 17:40:33 2004] [error] (2)No such file or directory:
> mod_mime_magic: can't read magic file /etc/apache/share/magic
> [Thu Mar 11 17:40:34 2004] [error] (2)No such file or directory:
> mod_mime_magic: can't read magic file /etc/apache/share/magic
>
>
> Which should have nothing to do with my problem (i think).
>
> --
> +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
> 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disable php in userdir

Posted by Mario Ohnewald <ma...@gmx.de>.

> On Thu March 11 2004 9:50 am, Mario Ohnewald wrote:
> > Hello!
> > I want to tighten the seurity in the userdir directory, and i was
> wondering
> > how i could disable php.
> > I played around with
> > <Directory /home/*/public_html>
> >     RemoveHandler php php3 php4
> > But i wasnt successful.
> >

> Have you restarted httpd after the chages? Just a though
> John


Yes i did! :)

The only errors i get in error.log are:
[Thu Mar 11 17:40:33 2004] [error] (2)No such file or directory:
mod_mime_magic: can't read magic file /etc/apache/share/magic
[Thu Mar 11 17:40:34 2004] [error] (2)No such file or directory:
mod_mime_magic: can't read magic file /etc/apache/share/magic


Which should have nothing to do with my problem (i think).

-- 
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disable php in userdir

Posted by jtlapp <jt...@tlab.net>.

On Thu March 11 2004 9:50 am, Mario Ohnewald wrote:
> Hello!
> I want to tighten the seurity in the userdir directory, and i was wondering
> how i could disable php.
> I played around with
> <Directory /home/*/public_html>
>     RemoveHandler php php3 php4
> But i wasnt successful.
>
>
> Thanks a lot!
>             Mario

Have you restarted httpd after the chages? Just a though
John


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Disable php in userdir

Posted by Rasmus Lerdorf <ra...@apache.org>.

Instead of RemoveHandler, use:

   php_admin_value engine Off 

-Rasmus

On Thu, 11 Mar 2004, Mario Ohnewald wrote:

> Hello!
> I want to tighten the seurity in the userdir directory, and i was wondering
> how i could disable php.
> I played around with 
> <Directory /home/*/public_html>
>     RemoveHandler php php3 php4
> But i wasnt successful.
> 
> 
> Thanks a lot!
>             Mario
> 
> -- 
> +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
> 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org