Prevent execution of uploaded php files?

Question

In my project users are allowed to upload files of any type. I need to ensure security against execution of uploaded files that can parsed by php (*.php, *.html, etc.)

Answer 1

You want the Apache SetHandler directive: http://httpd.apache.org/docs/current/mod/core.html#sethandler

This lets you force all files in a directory to be processed by a certain handler. So something along the lines of:

SetHandler None
 

should do what you want.