Apache: disabling PHP execution in selected directories

From lxadm | Linux administration tips, tutorials, HOWTOs and articles
Jump to: navigation, search

Not allowing PHP execution in some folders can improve security on your server in some cases.

To disable PHP execution in selected directories, here is an example which can be added to your virtual host configuration (on most servers, you won't be able to use it in your .htaccess file):

    <Directory /var/www/example.com/uploads>
        php_admin_value engine Off
    </Directory>


To test it, create a "test.php" file inside /var/www/example.com/uploads/ directory with the following content:

<?php
phpinfo();


And finally, try to request this file - you should be seeing PHP source exactly as it the file you've placed on the server. If you're seeing PHP executed, double check what might be wrong.

$ curl https://example.com/uploads/test.php
<?php

phpinfo();