1

This is my virtual host configuration file

<VirtualHost *:80>
    ServerAdmin [email protected]

    ServerName my-domain.tld
    ServerAlias www.my-domain.tld

    DocumentRoot /home/my-domain/public_html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /home/my-domain/public_html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost>

and I'd like to disable script execution in /home/my-domain/public_html/uploads folder using .htaccess; already tried with

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

then

AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi .js

then

<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
order deny,allow
deny from all
</Files>

and every other directive I found around but none of them can prevent script execution.

apachectl -t -D DUMP_MODULES says that mime_module is enabled and loaded

php_flag engine off is the only directive stopping a php file from executing but what about other types; and why the other apache directives won't work. any idea... ?

Improve this question
5
  • 1
    Could be wrong here but I'll ask anyway: would changing your execute permissions on the directory not do the trick?
    – A.M. D.
    Commented Nov 16, 2012 at 11:04
  • It already has execute permission. Thanks anyway.
    – hex494D49
    Commented Nov 16, 2012 at 16:34
  • I thought you wanted to disable script execution, wouldn't turning off script execution do exactly what you're trying to do in your .htaccess? Sorry if I'm missing something :-)
    – A.M. D.
    Commented Nov 16, 2012 at 16:38
  • I see your point but if the directory hasn't execute permission it won't be accessible by Apache at all. Just tried it.
    – hex494D49
    Commented Nov 16, 2012 at 16:48
  • If you omit execution permission Apache will greet you with a 'Forbidden - 403' message :) and it won't be able to even read/write in that directory. In other words I need that directory to be writable but I'd like to prevent script execution in case someone uploads any malicious script/code.
    – hex494D49
    Commented Nov 16, 2012 at 16:59

1 Answer 1

Reset to default
2

set: AllowOverride None in all directory

Improve this answer
1
  • Done but nothing so far. Now even php_flag engine off doesn't work but it is expected. Thanks anyway.
    – hex494D49
    Commented Nov 16, 2012 at 16:37

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.