[CentOS] General question about PHP - continued with mod_python
Wei Yu
zig.wei at gmail.comWed Sep 26 16:06:13 UTC 2007
- Previous message: [CentOS] Re: 64 bits snmp
- Next message: [CentOS] Intrusion Detection Systems
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Oops, I just missed the python part. Does mod_python have similar options? Or how to stop other users to run python scripts in some directories? On 9/26/07, Miskell, Craig <Craig.Miskell at agresearch.co.nz> wrote: > > > > Hello, > > > > Is that possible to disable running of PHP on certain directories? > > I am running a server which provides personal homepage > > service. However, not every user are familiar with security, > > some may upload some PHP scripts with bugs/holes. I do not > > want them to be executed on the server. > > I can enable the safe_mode, but I have some other PHP scripts > > which need safe_mode to be disabled. > > Any suggestions? > Yes. In you httpd.conf, you can include: > <Directory "/var/www/sheep/html/tmp"> > php_flag engine off > </Directory> > > Which disables php processing for the directory /var/www/sheep/html/tmp > . You could probably just include > php_flag engine off > In an .htaccess in the directory in question, assuming you've set > AllowOverride to an appropriate value, and don't mind the slight > performance hit of doing it that way. > > We use the former method to protect areas where users are permitted to > upload files to (mediawiki in this case), stopping a user uploading > something malicious which would then execute in the context of the > webserver > > Craig Miskell > ======================================================================= > Attention: The information contained in this message and/or attachments > from AgResearch Limited is intended only for the persons or entities > to which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of, or > taking of any action in reliance upon, this information by persons or > entities other than the intended recipients is prohibited by AgResearch > Limited. If you have received this message in error, please notify the > sender immediately. > ======================================================================= > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Zijing 15# 1404B Tsinghua Univ. +86 -10 -51537235 Zig -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20070927/bbb2fa95/attachment.html>
- Previous message: [CentOS] Re: 64 bits snmp
- Next message: [CentOS] Intrusion Detection Systems
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list