You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Mario Ohnewald <ma...@gmx.de> on 2004/03/11 16:50:30 UTC
[users@httpd] Disable php in userdir
Hello!
I want to tighten the seurity in the userdir directory, and i was wondering
how i could disable php.
I played around with
<Directory /home/*/public_html>
RemoveHandler php php3 php4
But i wasnt successful.
Thanks a lot!
Mario
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Disable php in userdir
Posted by Mario Ohnewald <ma...@gmx.de>.
> * Mario Ohnewald <ma...@gmx.de>
> |__ Thu, Mar 11, 2004 at 04:50:30PM +0100:
> > Hello!
> > I want to tighten the seurity in the userdir directory, and i was
> wonderi
> ng
> > how i could disable php.
> > I played around with
> > <Directory /home/*/public_html>
> > RemoveHandler php php3 php4
> > But i wasnt successful.
>
> Try the following directive:
>
> <Directory /home/*/public_html>
> php_admin_flag engine off
> </Directory>
>
This worked!
Thanks a lot!
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Disable php in userdir
Posted by Chip Cuccio <ch...@norlug.org>.
* Mario Ohnewald <ma...@gmx.de>
|__ Thu, Mar 11, 2004 at 04:50:30PM +0100:
> Hello!
> I want to tighten the seurity in the userdir directory, and i was wondering
> how i could disable php.
> I played around with
> <Directory /home/*/public_html>
> RemoveHandler php php3 php4
> But i wasnt successful.
Try the following directive:
<Directory /home/*/public_html>
php_admin_flag engine off
</Directory>
--
Chip Cuccio | <ch...@norlug.org>
NORLUG VP and Sysadmin | <http://norlug.org/~chipster/>
Northfield Linux Users' Group | Northfield, Minnesota USA
Re: [users@httpd] Disable php in userdir
Posted by Joshua Slive <jo...@slive.ca>.
Mario Ohnewald wrote:
>>>Hello!
>>>I want to tighten the seurity in the userdir directory, and i was
>>
>>wondering
>>
>>>how i could disable php.
>>>I played around with
>>><Directory /home/*/public_html>
>>> RemoveHandler php php3 php4
>>>But i wasnt successful.
What EXACTLY are the path names to the files in question? The "*"
matches only a single path segment.
Also, how are you configuring php in the first place? If you are using
a magic mime type with AddType, then a RemoveHandler might not work,
since you never explicitly added the handler in the first place.
In any case, it would seem to make more sense to use something like
<Files .php*>
Order allow,deny
Deny from all
</Files>
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Disable php in userdir
Posted by jtlapp <jt...@tlab.net>.
Glad you brought up the log file. A lot of folks overlook it's usefulness.
Looks like apache is looking for a module to use mine encoding in
/etc/apache/share/magic. Shouldn't cause your php problem.
Try looking for a .htaccess file for the directory you want to disable php on.
It could override the httpd.conf if allow override is set.
That's all I can thing come up with.
John
On Thu March 11 2004 10:46 am, Mario Ohnewald wrote:
> > Have you restarted httpd after the chages? Just a though
> > John
>
> Yes i did! :)
>
> The only errors i get in error.log are:
> [Thu Mar 11 17:40:33 2004] [error] (2)No such file or directory:
> mod_mime_magic: can't read magic file /etc/apache/share/magic
> [Thu Mar 11 17:40:34 2004] [error] (2)No such file or directory:
> mod_mime_magic: can't read magic file /etc/apache/share/magic
>
>
> Which should have nothing to do with my problem (i think).
>
> --
> +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
> 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Disable php in userdir
Posted by Mario Ohnewald <ma...@gmx.de>.
> On Thu March 11 2004 9:50 am, Mario Ohnewald wrote:
> > Hello!
> > I want to tighten the seurity in the userdir directory, and i was
> wondering
> > how i could disable php.
> > I played around with
> > <Directory /home/*/public_html>
> > RemoveHandler php php3 php4
> > But i wasnt successful.
> >
> Have you restarted httpd after the chages? Just a though
> John
Yes i did! :)
The only errors i get in error.log are:
[Thu Mar 11 17:40:33 2004] [error] (2)No such file or directory:
mod_mime_magic: can't read magic file /etc/apache/share/magic
[Thu Mar 11 17:40:34 2004] [error] (2)No such file or directory:
mod_mime_magic: can't read magic file /etc/apache/share/magic
Which should have nothing to do with my problem (i think).
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Disable php in userdir
Posted by jtlapp <jt...@tlab.net>.
On Thu March 11 2004 9:50 am, Mario Ohnewald wrote:
> Hello!
> I want to tighten the seurity in the userdir directory, and i was wondering
> how i could disable php.
> I played around with
> <Directory /home/*/public_html>
> RemoveHandler php php3 php4
> But i wasnt successful.
>
>
> Thanks a lot!
> Mario
Have you restarted httpd after the chages? Just a though
John
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Disable php in userdir
Posted by Rasmus Lerdorf <ra...@apache.org>.
Instead of RemoveHandler, use:
php_admin_value engine Off
-Rasmus
On Thu, 11 Mar 2004, Mario Ohnewald wrote:
> Hello!
> I want to tighten the seurity in the userdir directory, and i was wondering
> how i could disable php.
> I played around with
> <Directory /home/*/public_html>
> RemoveHandler php php3 php4
> But i wasnt successful.
>
>
> Thanks a lot!
> Mario
>
> --
> +++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschutz +++
> 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org