httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rob gwin <>
Subject [users@httpd] Best directive for prohibiting all script access
Date Thu, 18 Mar 2004 22:43:03 GMT
Hi, I've got a bunch of php apps running on redhat/apache1.3. Sometimes 
a client of mine needs an ftp dir somewhere in the webroot so they can 
upload images, html files, etc, and I want to prevent them from running 
any sort of script there. So far I've figured out that I can nest a 
<Files> inside a <Directory> for something like this:

<Directory /path/to/the/dir>
         <FilesMatch "\.(php|php3|php4|phtml)$">
                 Deny from all

..But I'm wondering if there's a better blanket-approach to this, where 
I don't have to explicitly declare every possible "unsafe" file 
extension every time (or conversely, declare all possible "safe" 
extensions). I just simply want to prohibit anything that may be 
interpreted or executed in the given dir; I feel like there oughtta be 
another way to look at it. Anyone?


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message