Nginx Apache Lighttpd prohibit directories from executing the php configuration example
- 2020-05-09 19:52:11
- OfStack
In order to enhance site security, in addition to limiting directory permissions, we also need to disable certain directories from executing php. In IIS, you can simply remove script execution permissions from a directory, but what about non-windows systems?
The following articles will briefly explain how different webserver can disable php execution...
Apache:
<Directory /website/attachments>
php_flag engine off
</Directory>
Nginx:
Disable a single directory:
location /upload/ {
location ~ .*\.(php)?$
{
deny all;
}
}
Disable multiple directories:
location ~* ^/(upload|images)/.*\.(php|php5)$
{
deny all;
}
Lighthttpd:
$HTTP["url"] =~ " ^/(forumdata|templates|customavatars?)/ " {
fastcgi.server = ()
}
Apache
<Location " /forumdata " >
php_admin_flag engine off
Options -ExecCGI
AddType text/plain .html .htm .shtml .php
</Location>