I have a question. I want to give one customer FTP access to the CSS folder of my webshop. I tried to prevent running PHP in this folder, but its not working. I think my problem is, that i dont want to add another .htaccess in the css folder. I must handle this with the .htaccess file from the main directory.
I tried this
RewriteRule ^css/*\.php$ /404.php [NC,L]
... but its not working. My server is executing php files in the css folder. Does somebody know how i can prevent executing php files located in subfolders? A better solution would be, to allow only text/css in specific folder.
Info: Im using Plesk.
Best How To :
A better way to do it would be to just switch PHP off in that directory if you don't want it running... though granted this would mean that additional .htaccess file. However it would also prevent PHP from running in anything like .phtml files as well - I'd say it's more foolproof than just 404-ing anything.php.
You can set PHP boolean type settings, in .htaccess, with
In this case, in the relevant .htaccess file:
php_flag engine off
As Mike Rockett points out - since the user has FTP access to that folder you'll need to change ownership of the .htaccess file (CHOWN) to prevent the user tampering with or removing it.