httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davy Durham <puba...@davyandbeth.com>
Subject Re: [users@httpd] disabling all cgi
Date Fri, 20 Aug 2004 21:24:53 GMT
Ok, now I'm just simplying trying to disable php within the .htaccess 
file without not loading the module, I cannot figure out how... no 
RemoveHandler or Remove Type works from the .htaccess file!



Davy Durham wrote:

> Hmm, well per your advice I'm going to just disable the cgi handlers 
> that I know of.
>
> So I went to disable php...     I added RemoveType directives for all 
> the .php .php3 .php4.. etc  extentions that are set up in 
> /etc/httpd/conf.d/70_mod_php.conf
>
> But that didn't disable anything.  So I also added a RemoveHandler for 
> the same extensions...   Again nothing.
> Any idea how to disable php handling from the .htaccess file?
>
> The other alternative is to clear all the types/handlers (if that's 
> possible) and just add back the ones I do want to handle (this might 
> be a better solution).  I tried a ForceType followed by other 
> AddTypes, but the ForceType apparently overrides even subsequent added 
> types.
>
> Any thoughts?
>
> Thank again!
>  Davy
>
> Joshua Slive wrote:
>
>> On Fri, 20 Aug 2004 13:24:16 -0500, Davy Durham 
>> <pubaddr@davyandbeth.com> wrote:
>>  
>>
>>> Hi,
>>>  I'm developing a part of my site where users will be able to
>>> upload/download files via http.  However, currently if a user were to
>>> upload for instance a .php file then it executes it.
>>>
>>> QUESTION: Is there a blanket way to disable execution of anything?
>>>   
>>
>>
>> I don't think so.
>>
>> In a perfect world, you could simply
>> SetHandler default-handler
>> RemoveOutputFilter *
>> Option -ExecCGI
>>
>> But many modules deviously use "magic" mime-types which activate
>> handlers in the background, the RemoveOutputFilter directive doesn't
>> work like that, and not all modules honour the ExecCGI flag.
>>
>> So I think you are pretty-much stuck handling each
>> dynamic-content-source separately.
>>
>> Joshua.
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server 
>> Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>  
>>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server 
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message