How to deny php execution in a subdir?

Discussion in 'Install/Configuration' started by bogus, Mar 24, 2004.

  1. bogus

    bogus New Member

    Hello,

    I'd like to prevent LSWS from executing php scripts that are in a particular directory (an upload dir, see the issue?)
    In apache, I used to put this .htaccess:

    AddType text/plain .php .php3

    in the safe directory.

    It does not work in LSWS. How can I do ?
  2. mistwang

    mistwang LiteSpeed Staff

    There is no easy solution right now. We will add a similiar feature like that in the upcoming release. :)
    You need to remove php script handler at server level, define a general context with regular rexporession like "exp:^/safedir/", and a fast cgi context with regular expression like "exp:^/.*\.php", handler set to the php fast cgi. you need to make sure the first context is ahead of the second one in the configuration file.
    Hope it is what you need. :)
  3. mistwang

    mistwang LiteSpeed Staff

    I am probably wrong on my solution suggested as the fast cgi context with regular expression may not populate SCRIPT_FILENAME, nor PATH_INFO and PATH_TRANSLATED. You may have to place the whole "safedir/" out side the directory tree contains all php scripts.

Share This Page