Preventing scripts being executed from writeable directories
This is a discussion on Preventing scripts being executed from writeable directories within the Linux Web Servers forums, part of the Web Server and Related Forums category; Is it possible with Apache to prevent (for example) mod_php parsing any scripts which reside in writeable directories? I'm ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-03-2007
|
|||
|
|||
Preventing scripts being executed from writeable directories
Is it possible with Apache to prevent (for example) mod_php parsing
any scripts which reside in writeable directories? I'm dealing with the aftermath of an exploit which made use of a code flaw to upload a script to a writeable directory (intended for uploading images), then running that script through its URL. The ability of that exploit to cause any damage would have been reduced if .php files were only parsed from read-only directories. |
|
10-05-2007
|
|||
|
|||
|
Re: Preventing scripts being executed from writeable directories
On 3 Oct, 18:11, moresoluti...@gmail.com wrote:
> Is it possible with Apache to prevent (for example) mod_php parsing > any scripts which reside in writeable directories? > > I'm dealing with the aftermath of an exploit which made use of a code > flaw to upload a script to a writeable directory (intended for > uploading images), then running that script through its URL. The > ability of that exploit to cause any damage would have been reduced > if .php files were only parsed from read-only directories. Yes - switch off the handler with a <Directory> or <location> tag in your Apache config or use a .htaccess file in the directory: AddType text/plain .php .phtml C. |
Linear Mode
