Blocking PHP on some folders

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
asela_05085
Forum Newbie
Posts: 16
Joined: Mon Aug 31, 2009 10:33 pm

Blocking PHP on some folders

Post by asela_05085 »

hi,
I'm totally new to PHP. my requirement is as follows.
i need to know how to block saving PHP files in a specific folder (a folder where only xhtml/static files should reside) so someone else can't save a files with .php extension.But administer should be able to save and execute PHP files in that folder (on a Lnux server running Apache)
so my basic requirement is to block saving php files for some user group and allowing only administrator to save files with php extension.

pls help me on this since i have to implement this solution ASAP. :P

thanks
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Blocking PHP on some folders

Post by Benjamin »

:arrow: Moved to PHP - Code
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Blocking PHP on some folders

Post by requinix »

That's a risky solution.

Just rename the file if an under-privileged user tries to upload a .php file.
asela_05085
Forum Newbie
Posts: 16
Joined: Mon Aug 31, 2009 10:33 pm

Re: Blocking PHP on some folders

Post by asela_05085 »

hi,

i have to do it automatically. check whether using is inserting a php file and block it.
I'm not too clear with the rename option

asela
User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: Blocking PHP on some folders

Post by requinix »

Somehow you're moving the file from the temporary location to the permanent location. To do that you have to provide the name of the file.

Instead of using the file name as they provided it, if the extension is "php" use something else. Or abort the entire upload.
asela_05085
Forum Newbie
Posts: 16
Joined: Mon Aug 31, 2009 10:33 pm

Re: Blocking PHP on some folders

Post by asela_05085 »

is there a way to abort only php extension. users(developers) are uploading the files from ftp tools to my server. i need them not allow to upload php files
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Blocking PHP on some folders

Post by Benjamin »

The correct solution is to configure the FTP server to save the files without execute permissions, and to ensure that Apache will not execute scripts in files that are not executable. This still opens the door to all sorts of confusion and unseen risks. Realistically, any executable PHP files should be located in a separate directory.
Post Reply