Top Kill

I was making a website for an organization where individuals could upload their own files into their own folders. However, php has nefarious uses when placed in the wrong hands.

I found that php can be disabled in a directory by adding

RemoveHandler .php .phtml .php3
RemoveType .php .phtml .php3

to the .htaccess file in the target directory. Even better, this method is recursive and disables php in sub directories. Surprisingly, .htaccess file in a sub directory doesn’t override this setting.

Technorati Tags: , , ,

Anson Liu