Turn Off Scripting

[Qinau]

Greetings all from downunder (but don't hold that against me )

 

Not sure if this is possible or not, but can PHP be disabled for a particular sub domain? I was considering offering a friend an ftp account and some space to store pictures on my account, however for my own protection I would prefer not having to worry about any scripts be uploaded without my knowledge.

 

Is it possible to disable PHP on a particular sub domain or directory? I don't want to install any custom upload software, if it's not something that can be done via .htaccess or similar I'll just say no to the friend.

 

Thanks for any help.

 

Cheers

[borfast]

Hi Qinau.

 

I don't think that's possible. PHP/Perl/Python are enable for your whole account and can't be disabled/enabled per sub-domain. Someone will correct me if I'm wrong but at least I have never seen anything that would allow me to do that.

[TCH-Andy]

You could try;

 

php_flag engine off

 

in the .htaccess or you could just prevent all .php extensions from being accessed.

[borfast]

Good thinking, Andy.

 

I was only thinking of a way to disable scripts via cPanel, I didn't even think of the possibility of using other methods

 

Thanks for pointing those out

[Qinau]

Thanks guys

 

Some testing reveals that I don't think I'll be able to achieve what I want.

 

Disabling PHP from htaccess works however as that file is in the directory I'm giving access to it's a little pointless. I tried specifying it in my root htaccess without luck. I'd also forgotten about Perl & Python which I'd also need to cater for [or against]

 

Not sure if you could point me in the right direction Andy re: the disabling particular extensions? That would appear ideal if it can be achieved from outside the subdirectory.

 

Cheers

[Ayman]

Use the Directory directive to set options for a subfolder in your root .htaccess file:

http://httpd.apache.org/docs/mod/core.html#directory

 

Also, to disable scripting, set the MIME type for .php, .pl, .py (and so on) files to text/plain, using the AddType directive:

http://httpd.apache.org/docs/mod/mod_mime.html#addtype

 

Haven't tested them here on TCH servers, but in general, these should do the trick.

 

Let us know how it goes.

 

EDIT:

Directory doesn't work for me for some reason, however Location works, use it instead:

http://httpd.apache.org/docs/mod/core.html#location

 

Is directory disabled on HTC servers? Or am I doing something wrong?

Edited March 7, 2005 by Ayman

[Ayman]

Hmm, I've tried to edit my previous post but I couldn't...

 

Here is what to add to your .htaccess in public_html:

><Location /subdomaindir>
 AddType text/plain .php
 AddType text/plain .php3
 AddType text/plain .pl
 # add more extensions here
</Location>

 

I think this should do the trick, please let us know how it goes.

 

EDIT:

Should have posted once I've tried everything, instead of posting/editing all the time, anyway, Location doesn't work for me either, is it me? Or are these directives disabled here?

Edited March 7, 2005 by Ayman

[TweezerMan]

You can't use Directory or Location directives in an .htaccess file - Apache does not allow it. The help desk could put such a directive in the server's configuration file, but I'm not sure if they'd be willing to do that (my instinct says they would not).

[Ayman]

I see, thanks for the info.

[Qinau]

Thanks for going to the trouble of posting links and testing Ayman I had tried the <directory> myself earlier without success, oh well.

 

I wont ask the helpdesk David, it's not that important and I suspect as you do it's probably not something they'd do anyway.

 

Thanks to both of you for your input.

 

Cheers

[TCH-Don]

What you need is a php uploader script similar to celeron dudes uploader.

Limit to file type and size.

[Qinau]

What you need is a php uploader script similar to celeron dudes uploader.

Limit to file type and size.

<{POST_SNAPBACK}>

Thanks Don but I wanted to avoid having to use any custom web scripts, ftp access was preferred. No matter, it wasn't that important.

 

Cheers