How to disable PHP temporarily due to vulnerability
I have a new client that is running several websites on some Mandrake boxes. They are mostly running 9.1, with an old PHP version with multiple high risk vulnerabilities. Rather than update PHP, I'm going to build a new server and get them current altogether.
What I need to do temporarily is to disable PHP on one server that is only serving images to the other sites. There are no active PHP pages, but the box has 24 high risk vulnerabilities due to old PHP. I want to completely disable PHP on that box, since it's just hosting images anyway. I googled and found one site that mentioned adding the following line to httpd.conf:
php_admin_flag engine off
This seems like what I want, but I'll admit that I don't know much about PHP at all, and I'm just wanting confirmation that this will do what I want, or that it is the best way. Will this work, or is there another, or better way to disable PHP?
|