Restricting Access to PHP within Image Folders

To prevent PHP scripts from being executed when placed within an images folder, create a .htaccess file within the image folder containing the following lines.

RewriteEngine On
RewriteCond %{THE_REQUEST} \.php[0-9]*[\ /?].*HTTP/ [NC]
RewriteRule ^.*$ - [R=404,L]

The second line defines the rule that detects a PHP file. That rule will match any file ending in .php with or without a trailing number (ie: .php5).

You can expand the criteria depending on your needs by extending the match parameters. The following example matches .cgi and .php extensions.

RewriteCond %{THE_REQUEST} \.(cgi|php[0-9]*)[\ /?].*HTTP/ [NC]