Question posted in 
I have a question. I want to give one customer FTP access to the CSS folder of my webshop. I tried to prevent running PHP in this folder, but its not working. I think my problem is, that i dont want to add another .htaccess in the css folder. I must handle this with the .htaccess file from the main directory.
I tried this
RewriteRule ^css/*.php$ /404.php [NC,L]
… but its not working. My server is executing php files in the css folder.
Does somebody know how i can prevent executing php files located in subfolders? A better solution would be, to allow only text/css in specific folder.
Info: Im using Plesk.
2
Answers
You need to use regular expressions, and not wildcards. Replace the
*with(.*):You can use the following as an alternative:
I would recommend, however, that you make it clear that access to the file is denied:
A better way to do it would be to just switch PHP off in that directory if you don’t want it running… though granted this would mean that additional .htaccess file. However it would also prevent PHP from running in anything like .phtml files as well – I’d say it’s more foolproof than just 404-ing anything.php.
You can set PHP boolean type settings, in .htaccess, with
php_flagIn this case, in the relevant .htaccess file:
As Mike Rockett points out – since the user has FTP access to that folder you’ll need to change ownership of the .htaccess file (CHOWN) to prevent the user tampering with or removing it.