----------------------------------------------------------------------------
-----------------
Disclaimer: The information contained in this email is intended only for the
use of the person(s) to whom it is addressed and may be confidential or
contain legally privileged information. If you are not the intended
recipient you are hereby notified that any perusal, use, distribution,
copying or disclosure is strictly prohibited. If you have received this
email in error please immediately advise us by return email at
[EMAIL PROTECTED] and delete the email document without making a
copy.
----------------------------------------------------------------------------
-----------------
This should work in your httpd.conf. But i think it relies on you using PHP
as a module.
<LocationMatch "/test/mail.*/attachements">
php_flag engine 0
</LocationMatch>
What works for me with PHP as CGI (which i tend to use across un*x and
windows installs) is to simply AddType with the same extensions that were
set up to run application/x-httpd-php4 should also stop php from working.
So in a .htaccess file you can just
AddType text/plain .php4 .php .inc .htm
Or in httpd.conf put something like
<LocationMatch "/test/mail.*/attachements">
AddType text/plain .php4 .php .inc .htm
</LocationMatch>
That way any directory like
http://myserver.com/test/mail-2001-01/attachements/ wont be parsed by PHP.
Its also makes sure that they are treated as text so the user can see the
code, but it wont run.
If you put this in the httpd.conf users shouldnt be able to modify the file.
mn
Mark Nold
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
Senior Consultant
Change is inevitable, except from vending machines.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, January 30, 2001 6:18 PM
To: Martin Pitt; [EMAIL PROTECTED]
Subject: Re: [PHP] disabling php ability via .htaccess
Addressed to: "Martin Pitt" <[EMAIL PROTECTED]>
[EMAIL PROTECTED]
** Reply to note from "Martin Pitt" <[EMAIL PROTECTED]> Tue, 30 Jan 2001
10:05:41 -0000
>
> Hiya,
>
> Ok this is going to a little weird, however I can assure you there is
> a reason for it.
>
> Basically does anyone how to disabled .php scripts within directories
> by using a .htaccess file.
>
> Basically the whole server (Apache with Linux and PHP 4.0.4) is PHP
> enabled, but we don't want certain users to run .php scripts in
> certain directories until we allow them to, and remove the file.
>
> How can this be done via method stated above, or is there another way
> of going about this.
Look for engine in this document:
http://www.php.net/manual/en/configuration.php
It does work in .htaccess, as long as overrides are allowed in
httpd.conf. Your big problem will be how to keep them from
changing or removing the .htaccess file in a directory they can write
to. Remember, if I can write to a directory, I can rm files from it,
even if I don't own them.
Rick Widmer
Internet Marketing Specialists
http://www.developersdesk.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
