Disable PHP on a folder

Written by

A web site had vlunerability, all allowed hacker to upload backdoor script to “uploads” folder used by the script.

As a quick fix, i disabled PHP execution from “uploads” folder. Doing this for any site is a good dea when if your site is not vlunerable at the moment.

Method 1

To disable PHP execution, create a file with name .htaccess

vi .htaccess

Add

php_flag engine off

Method 2

In .htacess, add

RewriteRule ^.*\.php$ - [F,L]

Only Allow specifc PHP files

Only index.php is allowed. Any other PHP script will result in 403 error.


Order Allow,Deny
Deny from all


Order Allow,Deny
Allow from all

See htaccess

htaccess

Disable PHP on a folder

Only Allow specifc PHP files

Comments

Leave a Reply Cancel reply

More posts

How to stop all services on a cpanel server

Upgrade MariaDB 10.3 to 10.5 on Ubuntu 20.04

How to hide a WordPress Plugin

Server-to-Server File Transfer with PHP Script