Hello
We have a Laravel project, and a question came up - can we make the public or htdocs folder writable for PHP scripts (www-data)? It's usually denied, but in this project, it would be nice if PHP could write .html and .js files in the public folder. Then those files don't have to go thru the the regular PHP/Laravel routes and will be cached by the browser.
So I thought it could be ok, except I would like to disable PHP execution everywhere except to the root - /index.php. There could be a bug somewhere, and if someone managed to put .php files in the public folder, the server will execute it. So I made this Apache rule:
Code:
<FilesMatch "!(^index\.php$)">
php_flag engine off
</FilesMatch>
It worked. The project still works (/ or /index.php is executed) and other php files are not. But, when there are subdirectories like /foo or /foo/index.php the php is still executed.
I looked at DirectoryMatch and LocationMatch, but couldn't figure out a rule like that. Any ideas how to solve this?