Re: Disabeling PHP in a subdirectory via the apache2.conf?

[Klaus Neudecker <klaus.neudecker@xxxxxxxx>]

Thank very much Jose!

The disabling of the php-scripts in the .conf works! Fine, half of the problem is solved!

BUT, I am not quite sure if people are not able to reenable it by a .htaccess file.

I just made a try of this: I made an entry in the .conf:

<Directory "d:/...">
    php_admin_value engine Off
</Directory>

=> ok workes fine, the php is not processed, it comes as source code

Then I put a .htaccess file into d:/... into which I wrote:

php_admin_value engine On

=> apache delivered me a 500 error.

Therefore, does anyone know:

a) has the apache server already a mechanism to block the switching on of the php engine in .htaccess files GENERALLY? (switching off works!)

b) Better - in order to be 200% sure - is there a possibility like "AllowOverride" e.g. to disable the switching on/off of the php engine in .htaccess files?

Sincerely

Klaus

Jose R R < jose.r.r@xxxxxxxxxxx> hat am 8. Juni 2020 um 00:14 geschrieben:

Niltze [Hello], Klaus-

On Sun, Jun 7, 2020 at 12:12 PM Klaus Neudecker

< klaus.neudecker@xxxxxxxx> wrote:

>

Hello,

I have my Apache main directory: /www (<Directory /www> /

DocumentRoot /www)

In this directory and its subdirectories *.php files get executed by php.

In the subdirectory /www/publications (and recoursly in its

subdirectories) I allow people (relatively trustworthy!) on the

filesystem to drop publications, documentations e.g. which are

referenced by a database as path+filename to the files. php then

produces with this database information www-pages with html-links to

these files.

If people drop *.php files as documentation for the source code(!) in

/www/publications these *.php scripts get executed, too. Dangerously(!)

and no documentation for the source code.

Therefore I want that no *.php files get executed within

/www/publications . It should be stupidely delivered like a *.html file.

I already managed this by a .htaccess file with the entry "php_flag

engine off".

But the .htaccess file could be deleted or .htaccess files with

"php_flag engine on" could get put in another subdirectory. :-(

Therefore:

a) I want to put the "php_flag engine off" in the apache2.conf.

You may want to adapt this example to your main httpd.conf

< https://lxadm.com/Apache:_disabling_PHP_execution_in_selected_directories >

>

b) Add an "AllowOverride" in this apache2.conf that allowes ONLY no

switching OF THE "PHP_FLAG ENGINE OFF" in this directory or any

subdirectory. (But I have to be able to use a .htaccess in these

directories with e.g. "Options +Indexes"!)

Does anyone of you have an idea how to implement this in the apache2.conf?

Sincerely

Klaus

>

---------------------------------------------------------------------

To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx

For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

Best Professional Regards.

--

Jose R R

http://metztli.it

---------------------------------------------------------------------------------------------

Download Metztli Reiser4: Debian Buster w/ Linux 5.5.19 AMD64

---------------------------------------------------------------------------------------------

feats ZSTD compression https://sf.net/projects/metztli-reiser4/

-------------------------------------------------------------------------------------------

Official current Reiser4 resources: https://reiser4.wiki.kernel.org/

---------------------------------------------------------------------

To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx

For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx