How disallow .php in .htaccess ?

freedom

I know how to allow .php interpretation in .htaccess files by adding the line:
AddType application/x-httpd-php .htm .html

But how do I revoke it in the .htaccess file in a subdirectory?
I am considering subletting some subdirectories ('own web-interface uploader),

and don't want users putting script files in there.
I can't just block .php uploads, since I have allowed .htm and .html to be passed

through Zend in my root.

bretticus

I would probably throw this in a Directory directive...

<IfModule mod_php4.c>
php_admin_flag engine off
</IfModule>

freedom

Thank you; using that as the basis for a search, I found that php_admin_flag is used in the Apache configuration files, which I am not allowed to tamper with, whereas php_value is used in local .htaccess (or so it seem's).

Sorry this reply is so late; I just switched from my test domain real.freedom.is to freedom.is , and found I had been swapped to a different server with greater power/privileges/permissions in the process. And then there's a big new development at a trade show in Birmingham, and some prototyping, and earlier debugging, and all the Christmas stuff, and...

Now I know what to search on, I see there is a previous thread here addressing these issues:
http://www.phpbuilder.com/board/showthread.php?t=10293142

As there will be (eventually) many user directories, having identical local .htaccess files in each one, instead of a controoling one in the parent directory, seem's to be the easiest option.

I have control of what the user will upload, as they can only go through my own web-interface, so I will block .* names, including uploads, deletions, and renames to. (If the user need's php I will either restrict their access to a subdirectory of their area, or switch off their direct access and take their files via mannual email, uploading them myself.)

Didn't use:

<Location "/fuser">
...
</Location>

-If I was selling freedom.is/user/music , then it would be easier, but of course would not sell as well as freedom.is/music . I suppose I could muck around with /user being an alias of / , but something's bound to go wrong if I need to transfer to a dedicated server later on: 'Best to keep things as simple as possible.

This was the basic .htaccess test file I used, called for test purposes
freedom.is/fuser/.htaccess :

# Dunno if this is necessary or functional:
php_value engine off

# Disable native & embedded php:
##RemoveType application/x-httpd-php .php .htm .html
AddType text/html .htm .html
AddType application/x-httpd-php-source .php

# Disable [future] CGI & SSI:
Options -ExecCGI -Includes

Testing that found that:

RemoveType made output plaintext, subsequent AddTypes did not override.
php_value engine off Stopped any output at all, ie blank screen when files accessed.

This came down to this revised .htaccess :

# Disable native & embedded php:
AddType text/html .htm .html
AddType application/x-httpd-php-source .php

# Disable [future] CGI & SSI:
Options -ExecCGI -Includes

This will block CGI, display HTML files as just that (embedded php behave's like comments), and php files as syntax-coloured text.

There is a test php file at freedom.is/fuser/test.php

Please note, this is not ready for selling yet; there is no pricing structure, clear tax/charity position, user web interface, etc yet. Advert when it is ready, will be at http://freedom.is/here