How to disable PHP Execution in certain directories

August 9, 2018 434 views
PHP Ubuntu 16.04

I'm currently on an Ubuntu 16.04 VPS with Apache2, trying to run a small public file host. However, I have noticed that PHP execution is enabled within the files directory, allowing people to run Shell programs from said PHP files. I have tried adding "php_flag engine off" within my .htaccess file among other fixes, but nothing seems to work. I'm not sure what to do.

1 Answer

Hello there!

Great question. I've actually not set out to do that before. I feel like avoiding the shell scripts should be the primary goal, as someone uploading shell scripts to your website means there is vulnerable code. With that said, I think this might be a way to approach it:

The key here is don't worry about the .htaccess, and instead focus on the virtual host in the Apache config. If you slip that inside of a virtual host (changing the directory in the code of course), it just might do it. I haven't done it, but let me know if it works!

Kind Regards,

Have another answer? Share your knowledge.