Question

This is my virtual host configuration file

<VirtualHost *:80>
    ServerAdmin yo@my-domain.tld

    ServerName my-domain.tld
    ServerAlias www.my-domain.tld

    DocumentRoot /home/my-domain/public_html
    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>
    <Directory /home/my-domain/public_html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
    <Directory "/usr/lib/cgi-bin">
        AllowOverride None
        Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
        Order allow,deny
        Allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log

    # Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
    LogLevel warn

    CustomLog ${APACHE_LOG_DIR}/access.log combined 
</VirtualHost>

and I'd like to disable script execution in /home/my-domain/public_html/uploads folder using .htaccess; already tried with

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

then

AddType text/plain .html .htm .shtml .php .php3 .phtml .phtm .pl .py .cgi .js

then

<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
order deny,allow
deny from all
</Files>

and every other directive I found around but none of them can prevent script execution.

apachectl -t -D DUMP_MODULES says that mime_module is enabled and loaded

php_flag engine off is the only directive stopping a php file from executing but what about other types; and why the other apache directives won't work. any idea... ?

Was it helpful?

Solution

set: AllowOverride None in all directory

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top