I have sub directory 'images' with permission 777 to upload images from visitors in this folder there is .htaccess file to prevent script execution and more security
<Files ^(*.jpeg|*.jpg|*.JPEG|*.JPG|*.png|*.gif)>
order deny,allow
deny from all
</Files>
<FilesMatch "\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi)$">
ForceType text/plain
</FilesMatch>
But when i request images/page.php in browser, it is working which is meaning .htaccess does not working. I want to prevent this folder from executable file.
Is there any mistake in my .htaccess file
Of course you can access all .php files, because you are only forbidding access to the image files. I think there also should be a $ at the end of the first regular expression. Maybe you mean something like this:
<Files *>
order deny,allow
deny from all
</Files>
<Files ^(*.jpeg|*.jpg|*.JPEG|*.JPG|*.png|*.gif)$>
order deny,allow
allow from all
</Files>
<FilesMatch "\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi)$">
ForceType text/plain
</FilesMatch>
One more comment here, I would advise to case insensitive check for your scripts rule, that would be:
<FilesMatch "(?i)\.(php5|php4|php|php3|php2|phtml|pl|py|jsp|asp|htm|shtml|sh|cgi)$">
ForceType text/plain
</FilesMatch>
This works fine for our server.