as a result of yesterday's hacker attack on my site I would like to disable PHP for security reasons in certain folders of my site that otherwise uses PHP and php-SSI in many sections of the site. any solution for .htaccess file code to achieve such goal is welcome
Hi. .htaccess solution if suExec is not enabled: <Directory "/desiredfolder"> php_admin_flag engine off </Directory> Code (markup):
I just tried your suggested solution and it caused a site-wide server error I am a php-illiterate may be I need more help for this problem
It looks like suExec is enabled on your server. You can try the following options: 1. custom php.ini solution: Create a php.ini file in the folder where you would like to disable php and place the following code into it: engine 0 Code (markup): Please note that it will work only for the folder where php.ini is. If you will need to disable php for subfolders as well then you will need to place the same php.ini into each subfolder. 2. another .htaccess solution RewriteEngine On RewriteRule \.(php|php3)$ /noscripts.html [L] Code (markup): And place it into the folder of the site section for which you would like to disable php. It should work for subfolders as well.
got it will have to wait until tomorrow to test and observe, but the 2nd method seems better since it includes subfolders could you explain me the syntax pls so i know what it exactly does ( for example the "3" in php3 and the file name: noscripts.html ?)
1. "the "3" in php3": .php and .php3 are the "default" php extensions. So if someone tries to access php or php3 your .htaccess code will prevent the user from doing that. You can add more extensions into the list (for example phtml, PHP, PHP3 (uppercase)) 2. "the file name: noscripts.html" That is a page which will be displayed for those who will try to access the php files on your site.
UptimeAgent tks I just implemented your proposed mode rewrite solution and it seems to work perfectly after repeated tests hence I have reopened my 5 forums after a few modifications