I have two questions:
1) On a site that allows file uploads, I've taken some security measures (allowing only certain file extensions when the php checks the upload form, using -ExecCGI in my htaccess file, chmoding uploaded files to 0644) but would also like to have the htaccess file change php file extensions to something more innocuous. I found a piece of code that is supposed to do this, but I can't seem to get it to work:
- Code: Select all
#rename php files
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^PUT$ [OR]
RewriteCond %{REQUEST_METHOD} ^MOVE$
RewriteRule ^(.*)\.php /site_redone/uploads/$1.nophp
the site structure goes something like this (at least for now while I'm redoing the site):
mysite.com/site_redone/uploads
For now, index/main pages are in the site_redone directory, in case that's not clear. I'm on a shared server, so I don't have access to files like httpd.conf, but the host does allow mod_rewrite stuff.
My htaccess file is currently in the uploads folder. Which brings me to:
2) Is there a way to put the htaccess folder one level up (or wherever) from the uploads folder so it can't get overwritten in that folder? I only want it to affect the uploads folder, not the directory in which it's placed, though.
What I'm looking to do may be overkill anyway. It's a small site.
Thanks!