10-04-2013, 01:31 AM #1
Prevent htaccess overrides, PHP on cPanel
I have folders that users will be FTP'ing to.
By default, cPanel allows PHP. That's not safe, not what I want.
The domain root will be unavailable to them.
Using htaccess, I want to
- disable PHP extensions via htaccess,
- prevent htaccess overrides --- so somebody can't just override it and re-enable the PHP extensions
I'm not seeing what to do here.
My own trials were wrong, and some things I found via Google were wrong.
I kept getting 500 errors.
This was so much easier on Windows.
10-04-2013, 02:18 AM #2Retired Moderator
- Join Date
- Feb 2005
Does it have to be done in .htaccess or can you edit the config files (httpd.conf et al)? This is much better done in the config files (in a Directory or DirectoryMatch container). Other than having root change ownership / permissions on .htaccess IDK how you'd protect it against modification.
Then it depends how you run PHP: "php_admin_flag engine off" works for DSO but for suPHP I think you need a different php.ini.
IIRC cPanel used to have a stupid default allow-cgi-everywhere setup - if that's still the case you'll also need "Options -ExecCGI".
Last edited by foobic; 10-04-2013 at 02:22 AM.Chris
"Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter
10-04-2013, 02:47 AM #3Web Hosting Master
- Join Date
- Mar 2005
Is there a need to allow the FTP access to the folder that is inside the docroot?
I would have thought that choosing the appropriate permissions and directory location is a better option than potentially allowing something that is not wanted to be available once uploaded.CPanel Shared and Reseller Hosting, OpenVZ VPS Hosting. West Coast (LA) Servers and Nodes
Running Linux since 1.0.8 Kernel!
Providing Internet Services since 1995 and Hosting Since 2004
10-04-2013, 03:15 AM #4
The entire domain (subdomain actually) can be disabled, if needed.
There's going to be dozens of users, and I want to prevent any common security risks -- PHP, ini files, htaccess, etc. I trust them all, but I'd rather be safe than sorry. They will all need FTP access. It's for large files to be attached to a forum manually.
htaccess was just am idea. I'm open to others.
Because users will be added as needed, frequency unknown but assumed several monthly, I want this to be as easy as possible. htaccess was easy. If that means disabling it on the whole domain, then so be it.
By ezak in forum Hosting Security and TechnologyReplies: 3Last Post: 09-26-2010, 11:30 AM
By yohanesw in forum Programming DiscussionReplies: 3Last Post: 01-18-2009, 03:15 PM
By zooserve in forum Hosting Security and TechnologyReplies: 4Last Post: 07-26-2008, 04:18 PM
By jackburton2006 in forum Hosting Security and TechnologyReplies: 0Last Post: 02-03-2006, 07:23 PM
By papi in forum Hosting Security and TechnologyReplies: 5Last Post: 12-03-2004, 03:08 AM