Prevent execution of PHP files in a directory

Hello, I have a website where I allow users to upload mp4 files. On the server I have code that makes sure the mime type is only video/mp4. However, in the event that someone gets sneaky and somehow uploads a PHP file, how can I tell Apache not to execute PHP files in a certain directory?

I’m not sure about server side, but for client side I suggest checking out restricting Mime types in htaccess:

https://developer.mozilla.org/en-US/docs/Learn/Server-side/Configuring_server_MIME_types

Maybe let the server check for executables and block the upload?

Did a quick search, there were many more results with your topic title as query:

Thanks, when looking I didn’t see that.

Adding php_flag engine off to my .htaccess did the trick.

3 Likes

To save your video files out of root directory.