Now if by paraventure, the applications was by passed. how can someone prevents directory execution of php files assuming you do not want to upload the files out side the root. Okay in this context I tried using .htaccess files to allow only certain Image extension name and also prevents of php code execution.
I added the following
// prevent direct execution of files in the /upload AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi .rb .vb .js .aspx .php3 .php4 .phtml Options -ExecCGI //allow only jpg,gif,png deny from all <Files ~ "^\w+\.(gif|jpe?g|png)$"> order deny,allow allow from all </Files> // turn off php engine so thst php code embeded on image will not execute php_flag engine off // prevent execution of any files in that directory be it perl,php,asp etc <Files > deny from all </Files>
My question is that my server runs SUPHP and not MOD_PHP. Now since SUphp does not work as apache module(mod_php), Can php_flag works with suphp for .htaccess or httpd.conf files configurations.
This post has been edited by Atli: 29 September 2013 - 03:15 PM
Reason for edit:: Use [code] tags when posting code.