| Author |
|
jwzumwalt
Joined: 25 Sep 2012
Posts: 4
Location: usa
|
 Posted: Tue 25 Sep '12 18:19 Post subject: execute index.php but not other .php |
 |
|
I have a section on my server with public php snippets.
I would like to have index.php execute but not other
php files. I have attempted to set Unix file permissions
but since php files are read only 644 anyway this is
not the solution. I have tried various combinations of
the .htaccess settings shown here and get four different
results.
1) all php files are download
2) all php files are forbidden
3) all php files execute
4) index executes but other php files are forbidden
What I am hoping for is to have all but index.php
shown as a text file. Thanks for the help
<FilesMatch "\.(htm|html|php)$">
SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "index\.php$">
Order Allow,Deny
Allow from all
</FilesMatch> |
|
| Back to top |
|
BLuFeNiX
Joined: 21 Sep 2012
Posts: 4
|
| Posted: Tue 25 Sep '12 21:49 Post subject: Re: execute index.php but not other .php |
|
|
| jwzumwalt wrote: |
<FilesMatch "\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
|
I'm not an expert with apache, but it looks like this might be your issue. Remove this block of code and try it again. |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Wed 26 Sep '12 9:57 Post subject: |
|
|
remove the three blocks above
short and way simpler.
| Code: |
<IfModule mod_mime.c>
<Files "index.php">
AddHandler application/x-httpd-php .php
</Files>
</IfModule>
|
The thing is that php files are not executed with mod_php. An interpreter just parses the files. It is not like cgi. |
|
| Back to top |
|
jwzumwalt
Joined: 25 Sep 2012
Posts: 4
Location: usa
|
| Posted: Thu 27 Sep '12 3:31 Post subject: |
|
|
Thanks for trying to help. After trying this, all php files were downloaded including index.php  |
|
| Back to top |
|
VoodooMill
Joined: 11 Jan 2007
Posts: 60
|
| Posted: Thu 27 Sep '12 16:50 Post subject: |
|
|
Hello,
I was able to get James' configuration working in both the server config and htaccess file. However, to make it work with htaccess I had to 'AllowOverride All' and comment out AddType application/x-httpd-php .php in the Apache config file. |
|
| Back to top |
|
jwzumwalt
Joined: 25 Sep 2012
Posts: 4
Location: usa
|
| Posted: Sun 30 Sep '12 1:45 Post subject: |
|
|
Would you be so king as to provide a complete copy of your config file?
Thx |
|
| Back to top |
|
jwzumwalt
Joined: 25 Sep 2012
Posts: 4
Location: usa
|
| Posted: Tue 02 Oct '12 15:16 Post subject: SOULTION-FOUND! |
|
|
Thanks for all the help, everyone.
The solution to my problem was given by Pr0t0n. I received the following message from another message board I posted this to...
http://forums.digitalpoint.com/showthread.php?t=2562761#post18070811
I'm not sure what you exactly wanted AFTER not allowing php files to run, to run a download on those scripts and have the visitor download each php/html except index.php file, OR actually just forbid the execution. So here are both options.
To have index.php execute on the server, and all other php and html files download to client browser:
Code:
---------
<FilesMatch "\b(?!.*index\.php$)(.+)\.(htm|html|php|php4|php5)$">
SetHandler application/octet-stream
</FilesMatch>
---------
To have index.php execute, and all other php files return "403 Forbidden":
Code:
---------
<FilesMatch "\.(php|php4|php5)$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "index\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
---------
Some further testing should be applied to both snippets... but I believe it should be working fine.
Cheers!
*************** |
|
| Back to top |
|
VoodooMill
Joined: 11 Jan 2007
Posts: 60
|
| Posted: Tue 02 Oct '12 17:06 Post subject: Re: SOULTION-FOUND! |
|
|
| Excellent! Sorry I didn't get back sooner on your request for the config contents but it's been a crazy few days with upgrade testing, etc. |
|
| Back to top |
|
