4

I want to disable php in a directory on my server. I thought that setting Options -ExecCGI in httpd.conf would prevent php scripts from being executed, but obviously I am wrong.

So, this is what I have in my httpd.conf, which obviously does not work:

<Directory "C:/xampp/htdocs/(path_to_directory)/dirname">
    Options -ExecCGI
    AllowOverride None
</Directory>

The question is, how can I prevent php scripts from being executed in a specific folder? Can in be done in httpd.conf or do I have to use a .htaccess file?

user1660218
  • 83
  • 2
  • 2
  • 7
  • 3
    This question appears to be off-topic because it is about Apache administration and as such better fits to http://webmasters.stackexchange.com/. – TLama Jan 05 '15 at 09:16
  • 1
    possible duplicate of [Disable PHP in directory (including all sub-directories) with .htaccess](http://stackoverflow.com/questions/1271899/disable-php-in-directory-including-all-sub-directories-with-htaccess) – Yazan Jan 05 '15 at 09:17

3 Answers3

13

php_flag engine offonly works if you are using mod_php(as well as mod_php7.x) than php-fpm

Seems you are using php-fpm, so add the further lines into httpd.conf:

<Directory "C:/xampp/htdocs/(path_to_directory)/dirname">
<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>
</Directory>

or these in .htaccess in the Directory you don't expect the execution of PHP:

<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>

I have tested it on an Unix Platform rather than a Windows, Hope it would help U.

Regolith
  • 2,944
  • 9
  • 33
  • 50
Hardrain
  • 331
  • 3
  • 4
  • 2
    Other solutions did not work for me probably due to server configuration. `Sethandler !` Did the work for me! – Kyborek Nov 06 '17 at 10:47
  • 1
    SetHandler worked for me as well, thank you! Although you can simplify your answer by changing from a FilesMatch block to just `` which should give the same effect with less regex. :) – Nick Jan 07 '18 at 06:28
  • Is there something wrong with the regex? `.+\.*$` matches files ending with dot characters? – remram Oct 29 '21 at 14:24
9

you can do this with .htaccess file. you need to place a .htaccess file in the folder you don't want to execute the php with following htaccess code.

<Files *.php>
deny from all
</Files>

see here in more details http://www.wpbeginner.com/wp-tutorials/how-to-disable-php-execution-in-certain-wordpress-directories/

Also you can Try to disable the engine option in your .htaccess file:

php_flag engine off
Dipak
  • 495
  • 1
  • 4
  • 12
  • .htaccess parent not affected on child .htaccess . – Think Big Feb 12 '17 at 16:27
  • 1
    For Apache 2.4 use `Require all denied` instead of `deny from all` – Aley Dec 11 '17 at 09:59
  • With PHP FPM, you can't use `php_admin_flag` or any similar ilk in your apache configs any more. On high performance sites, htaccess processing also slows your site down just a touch with extra disk I/O looking at every single directory for .htaccess files. So if you can avoid using them, do so. – Nick Jan 07 '18 at 06:35
0

Go to php.ini in the root folder of xampp inside PHP and set engine to off:

engine=off
James Risner
  • 5,451
  • 11
  • 25
  • 47
user20343069
  • 1
  • 1