I have a main .htaccess in my site root and I have a folder e.g /user_uploads/01, /user_uploads/02, etc where I want to block additional .htaccess from being processed. Can I do this from my main htaccess in site root?
Maybe I asked this the wrong way. Actually I am trying to block scripts to run in the user uploads area (by redirecting any .php, .asp, etc to site root), but I found that if user uploads another .htaccess then it is allowed to overwrite my scripts redirect that I had in main .htaccess.
So asking it differently now: What directives can I use in main .htaccess file in order to prevent all scripts to run in user uploads folders like /user_uploads/01, /user_uploads/02, etc ?
Renaming files was what I used until now, but I thought there must be some more elegant, more direct way than just brush all files each time a user uploads or edits the current files.
For now I am renaming the files with extensions: htaccess,asp,cgi,jsp,php,php3,php4,php5,php6 , do you think this should be safe enough ? mail.php would become mail.php_safe
If not, I would also try editing the file permission codes but I do not think that works well, in case I move files on another server I permission code might change and expose files. And I want to display other extensions to users, like index.html files, images, etc. Would this renaming be ok?
Don't allow uploading into your site root would be a better approach IMO. You could create a subdomain eg. users.example.com, as a VirtualHost with an entirely separate document root, use RemoveHandler etc. to disable the parsing of PHP and other such files, and use
to disallow .htaccess files - in short, lock it down as much as possible.