Hello,
I have my Apache main directory: /www (<Directory /www> /
DocumentRoot /www)
In this directory and its subdirectories *.php files get executed by php.
In the subdirectory /www/publications (and recoursly in its
subdirectories) I allow people (relatively trustworthy!) on the
filesystem to drop publications, documentations e.g. which are
referenced by a database as path+filename to the files. php then
produces with this database information www-pages with html-links to
these files.
If people drop *.php files as documentation for the source code(!) in
/www/publications these *.php scripts get executed, too. Dangerously(!)
and no documentation for the source code.
Therefore I want that no *.php files get executed within
/www/publications . It should be stupidely delivered like a *.html file.
I already managed this by a .htaccess file with the entry "php_flag
engine off".
But the .htaccess file could be deleted or .htaccess files with
"php_flag engine on" could get put in another subdirectory. :-(
Therefore:
a) I want to put the "php_flag engine off" in the apache2.conf.
b) Add an "AllowOverride" in this apache2.conf that allowes ONLY no
switching OF THE "PHP_FLAG ENGINE OFF" in this directory or any
subdirectory. (But I have to be able to use a .htaccess in these
directories with e.g. "Options +Indexes"!)
Does anyone of you have an idea how to implement this in the apache2.conf?
Sincerely
Klaus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org