-php_value post_max_size 25M
-php_value upload_max_filesize 20M
+php_value post_max_size 250M
+php_value upload_max_filesize 200M
php_flag register_globals off
php_flag magic_quotes_gpc off
DirectorySlash Off
AddDefaultCharset UTF-8
AddCharset UTF-8 .css
RewriteEngine on
-RewriteRule ^[^/.]*$ /wfpl_main.php [L]
-# Close loophole in security restriction/exception below
-RewriteRule ^.*/.*wfpl_main.php$ /wfpl_main.php [L]
+RewriteRule ^[^/.]*$ /wfpl_main.php [L]
<FilesMatch "\.(css|jpg|png)$">
- ExpiresActive On
- ExpiresDefault A31536000
+ ExpiresActive On
+ ExpiresDefault A31536000
</FilesMatch>
# SECURITY: don't execute code on the server (exception below)
Options SymlinksIfOwnerMatch
php_flag engine off
RemoveHandler .cgi .php .php3 .php4 .php5 .phtml .pl .py .pyc .pyo
-# Exception: allow access to wfpl_main.php
-#
-# this allows access to any files named "wfpl_main.php" anywhere, so there's a
-# rewrite rule above to use the top-level one, no matter which was requested.
+# code execution exception: allow only /wfpl_main.php
+# <Files> matches regardless of directory/path, so rewrite php in subdirs
+RewriteRule ^(wfpl_main\.php|paypal_ipn\.php|cms_images_autoresize\.php)$ - [L]
+RewriteRule .*\.php$ - [L,R=404]
<Files "wfpl_main.php">
- php_flag engine on
- SetHandler application/x-httpd-php
+ php_flag engine on
+ SetHandler application/x-httpd-php
</Files>
+<Files "paypal_ipn.php">
+ php_flag engine on
+ SetHandler application/x-httpd-php
+</Files>
+<Files "cms_images_autoresize.php">
+ php_flag engine on
+ SetHandler application/x-httpd-php
+</Files>
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteRule ^cms_images/[0-9a-f]+w[0-9]+\.[pj][np]g$ /cms_images_autoresize.php
Got questions, comments, patches, etc.? Contact Jason Woofenden