[ALUG] Stopping Apache running scripts from writeable directories

[Mark Rogers]

Brett Parker wrote:
> Can I make the simple assumption that in this case, by "script" you mean
> a chunk of php? 

Yes, although in practise anything that's being run via an Apache 
Handler would qualify, for the following reason:

> If it was a "real" script then ExecCGI would have needed
> to be turned on, and it'd have needed to be marked as executable... so
> I'm fairly confident that it won't have been that...
>   

:-)


> Anyways - what you want is...
>
> <Directory /path/to/the/upload/directory>
>         RemoveType .php .phtml .php3 .phps
> </Directory>
>   

Sorry, I should have been clearer: I'm looking for a way to do it 
automatically by virtue of the fact that the directory is writeable, 
otherwise it's relying on me (and other site admins who tend to worry 
more about "does it work" than "is it secure", as I've discovered to my 
cost!) to not screw things up.

Presumably, now I thing about it, it would be possible to do this via 
.htaccess files? At least that way a script could be written* that 
searched for writeable directories which did not contain .htaccess files 
and alerted me (or created them).

[*] The script sounds simple but I can't quite work out how to do it.


Mark Rogers