Do not parse PHP in this directory, EXCEPT index.php

[Jens Mertelmeyer]

Hi there folks!

I want Apache not to parse any file in a directory, so that it would send a .php file straight to the browser. I guess the best thing to do this would be using the .htaccess file with

Code:

<FilesMatch "\.">
SetHandler default-handler
</FilesMatch>

in it.

And it works.

Now my problem is, that I still want index.php to be parsed, but nothing else. When i come up with another <Files> or <FilesMatch>-command, it does not overwrite the first one.
I guess it might work with <Directory> or <Location>-commands in my .htaccess file but that will come up with a server error 500, stating that <Directory or <Location is not allowed.

Am I doing something terribly wrong? I'm out of ideas

Many thanks in advance!

[vx|brian]

That's sort of complex, it's hard to tell the server to parse everything as HTML then specifically PHP only for this file, you could say it does get confused, heh.

What I suggest is the following, create a new directory called "sources" and place all your php files that you want to be downloaded in it, then do the following with mod_rewrite

RewriteRule (.*) view.php?file=$1

This will rewrite every link to index.php (without showing it to the client), therefore going to mysql.php will redirect to view.php?file=mysql.php

After that, you can just use readfile() function to output the file. -- http://ca3.php.net/function.readfile

Also, ofcourse, you should check the path and make sure it's secure before outputting it else someone can try going to "../../../bla/bla/bla" and read other files, so maybe just check if there is ".." in the path included, make the script die automatically.

That's on how I would do it, now with .htaccess file, I'm not too sure on how you can go with this.. Perhaps you can show us the page you're trying to work with so we can help you more.

-Brian

[Jens Mertelmeyer]

Right, I never thought of mod_rewrite, in fact, I have pretty little experience when it comes to .htaccess and that kind of stuff. Since RewriteRule seems to understand "everything EXCEPT this" (which <Files/> does not) I'm pretty confident that this is going to work (I don't want to move the files to another directory).

Many thanks for your help!

[Jens Mertelmeyer]

mod_rewrite works like a charm, thought I should let you know

[vx|brian]

mod_rewrite works like a charm, thought I should let you know

Glad I was able to help!

Feel free to post any other questions in the thread!

[curious_newb]

Hi everyone,

I am new here, but I have been using Vexxhost for awhile now.

My site was recently hacked and the intruder appeared to have left a PHP file behind. We are new to PHP, so understanding what the actual code does is far beyond us. Is there anyone here who would mind taking a look at it and providing their opinion? Again, it is just a PHP file and appears to be referencing files on our site that do not exist (at least from our knowledge).

We are also having difficulty figuring out how someone got into our site in the first place. Can someone point me to any website or resources that we can look at to make sense of web security involving the most recent CPanel and Shared Hosting? I thought everything was pretty secure, but it appears I was wrong.

Thanks so much! Feel free to PM :-)