.htaccess... AddHandler cgi-script php... Options -ExecCGI

February 8, 2015 10.2k views

I have a .htaccess file which has the following directive …

Options -ExecCGI
AddHandler cgi-script .php .php3 .php4 .php5 .pl .py .jsp .asp .htm .shtml .sh .cgi

It has been placed in the directory, that I do not want files with .php extensions to be accessed. Within /etc/apache2/apache2.conf , I've adjusted AllowOverride to All as in the following.

<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted

The .htaccess works by not allowing permission to access files, of every extension in the list, except .php type files. Of course, .php files are the ones, I'm really wanting not to allow permission too. This file is not for actual production use. Just for tinkering about. It use to work several years ago, but upon returning to use it now, it will not work. The Web hasn't been useful for an answer. Thanks ahead for any direction.

1 Answer

Since php is handled by it's own handler you will need to disable this. I recommend adding the following to your .htaccess file to disable php for the directory:

RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3
php_flag engine off
  • That worked. Thanks again for helping me out.

    I'm sort of guessing the reason things worked in the past is maybe I had PHP code processed by CGI and now it is processed by Apache module.

  • That is likely the cause. Since PHP is being processed by mod_php it is not considered a CGI script and CGI permissions are not required for it.

Have another answer? Share your knowledge.