3

I would like to disable any kind of CGI execution in a directory below my document root directory. Any kind: php, perl, ruby... whatever. I would like to do it in a manner it's not depensant of the file extension. Below my document root because users have to be able to put and see HTML files.

It has to be in htaccess, because it's a shared hosting.

Using -ExecCGI alone is not working. I have to add to that line a AddHandler directive which is extension dependant.

I have found some close answer in this topic, but they are extension dependant, php dependant or global apache configuration dependant.

Is it possibly to do what I want?

Thank you very much,

Community
  • 1
  • 1
Waiting for Dev...
  • 12,629
  • 5
  • 47
  • 57

1 Answers1

5

RemoveHandler .suffix where .suffix is the filename suffix for the type of a script you want to disable should do it.

Looking for something that disallows scripts in general right now.

Edit: Aha! If you don't mind having to serve everything in the directory as static content — you probably don't, that's what your question seems to imply — you could just set the default handler for that location.

<Directory something>
    SetHandler default-handler
</Directory>

default-handler is in core so this shouldn't depend on anything. Correct me if I'm wrong.

  • Great @esalaka ! That works!! Putting `SetHandler default-handler` in .htacess make everything to be served as staic content, exactly what I wanted. HTML, CSS, and images as served without problems, and scripts result in a blank page which source code is the script code. Thank you!!! – Waiting for Dev... Sep 17 '11 at 12:27