[CentOS] General question about PHP

Wed Sep 26 03:48:32 UTC 2007
Miskell, Craig <Craig.Miskell at agresearch.co.nz>

> Hello,
>  
> Is that possible to disable running of PHP on certain directories?
> I am running a server which provides personal homepage 
> service. However, not every user are familiar with security, 
> some may upload some PHP scripts with bugs/holes. I do not 
> want them to be executed on the server.
> I can enable the safe_mode, but I have some other PHP scripts 
> which need safe_mode to be disabled.
> Any suggestions?
Yes.  In you httpd.conf, you can include:
<Directory "/var/www/sheep/html/tmp">
        php_flag engine off
</Directory>

Which disables php processing for the directory /var/www/sheep/html/tmp
.  You could probably just include 
php_flag engine off
In an .htaccess in the directory in question, assuming you've set
AllowOverride to an appropriate value, and don't mind the slight
performance hit of doing it that way. 

We use the former method to protect areas where users are permitted to
upload files to (mediawiki in this case), stopping a user uploading
something malicious which would then execute in the context of the
webserver

Craig Miskell
=======================================================================
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
sender immediately.
=======================================================================