That's great, thank you!
On 9/26/07, Miskell, Craig Craig.Miskell@agresearch.co.nz wrote:
Hello,
Is that possible to disable running of PHP on certain directories? I am running a server which provides personal homepage service. However, not every user are familiar with security, some may upload some PHP scripts with bugs/holes. I do not want them to be executed on the server. I can enable the safe_mode, but I have some other PHP scripts which need safe_mode to be disabled. Any suggestions?
Yes. In you httpd.conf, you can include: <Directory "/var/www/sheep/html/tmp"> php_flag engine off
</Directory>
Which disables php processing for the directory /var/www/sheep/html/tmp . You could probably just include php_flag engine off In an .htaccess in the directory in question, assuming you've set AllowOverride to an appropriate value, and don't mind the slight performance hit of doing it that way.
We use the former method to protect areas where users are permitted to upload files to (mediawiki in this case), stopping a user uploading something malicious which would then execute in the context of the webserver
Craig Miskell
Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. ======================================================================= _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos