disable .htaccess using .htaccess
Posted: Thu Sep 18, 2008 2:56 pm
I have an .htaccess file in a sub-folder which delivers all requests to a proxy script.
In some of those sub-folders I allow arbitrary files to be uploaded which is why I have a proxy script to prevent direction execution of any PHP files, etc.
Problem is...I imagine someone could simply upload an .htaccess file into one of those sub-directories and override my.htaccess and thus circumvent the proxy script and have the PHP file executed.
Can I disable all other .htaccess using .htaccess?
People are allowed to upload to 'documents' and 'photos' -- documents can be anything no checks are performed. These directories MUST stay publically accessible -- I cannot move them outside docroot.
Ideally I would be able to just say in the 'docroot/storage/.htaccess' that any requests for files under it are sent to proxy.php and any .htaccess files there after are disabled.
I know I can do this in the httpd.conf but I'd prefer using .htaccess as it's more portable.
Possible or out of context?
In some of those sub-folders I allow arbitrary files to be uploaded which is why I have a proxy script to prevent direction execution of any PHP files, etc.
Problem is...I imagine someone could simply upload an .htaccess file into one of those sub-directories and override my.htaccess and thus circumvent the proxy script and have the PHP file executed.
Can I disable all other .htaccess using .htaccess?
Code: Select all
docroot/images
docroot/articles
docroot/storage/
docroot/storage/.htaccess
docroot/storage/proxy.php
docroot/storage/documents
docroot/storage/photosIdeally I would be able to just say in the 'docroot/storage/.htaccess' that any requests for files under it are sent to proxy.php and any .htaccess files there after are disabled.
I know I can do this in the httpd.conf but I'd prefer using .htaccess as it's more portable.
Possible or out of context?