Nginx Apache Lighttpd prohibit directories from executing the php configuration example

In order to enhance site security, in addition to limiting directory permissions, we also need to disable certain directories from executing php. In IIS, you can simply remove script execution permissions from a directory, but what about non-windows systems?

The following articles will briefly explain how different webserver can disable php execution...

Apache:

<Directory /website/attachments>

    php_flag engine off

</Directory>

Nginx:

Disable a single directory:

location /upload/ {

  location ~ .*\.(php)?$

    {

      deny all;

    }

  }

Disable multiple directories:

location ~* ^/(upload|images)/.*\.(php|php5)$

{

    deny all;

}

Lighthttpd:

$HTTP["url"] =~  " ^/(forumdata|templates|customavatars?)/ "  {

    fastcgi.server = ()

}
Apache
<Location  " /forumdata " >

    php_admin_flag engine off

    Options -ExecCGI

    AddType text/plain .html .htm .shtml .php

</Location>