How to deny php execution in a subdir?
I'd like to prevent LSWS from executing php scripts that are in a particular directory (an upload dir, see the issue?)
In apache, I used to put this .htaccess:
AddType text/plain .php .php3
in the safe directory.
It does not work in LSWS. How can I do ?
There is no easy solution right now. We will add a similiar feature like that in the upcoming release. :-)
You need to remove php script handler at server level, define a general context with regular rexporession like "exp:^/safedir/", and a fast cgi context with regular expression like "exp:^/.*\.php", handler set to the php fast cgi. you need to make sure the first context is ahead of the second one in the configuration file.
Hope it is what you need. :-)
I am probably wrong on my solution suggested as the fast cgi context with regular expression may not populate SCRIPT_FILENAME, nor PATH_INFO and PATH_TRANSLATED. You may have to place the whole "safedir/" out side the directory tree contains all php scripts.
|All times are GMT -7. The time now is 09:22 PM.|