troubleshooting Question

htaccess preventing file upload.

Avatar of kadin
kadinFlag for United States of America asked on
Web Components
4 Comments1 Solution2830 ViewsLast Modified:
I am using Apache with folder permissions 755.
I am having trouble understanding if this is working. I am trying to allow image files to be uploaded to content folder and prevent the upload of non-image files such as those with a .php extension. I try both of the codes below but they don't stop php files from being uploaded. My content folder is now inside my root directory. Yesterday my content folder was outside of root directory and the php files could not upload or at leased they were not visible.

1. Do I have this wrong, is the purpose of the code below not to prevent upload but instead to prevent execution of php or other unwanted file types?

2. Do I place this inside the same folder images are in or the parent folder to that. (content/images)?

3. Do I have to restart Apache each time I replace a htaccess file to get the htaccess file to work?

deny from all
<Files ~ "^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all
</Files>


ForceType application/octet-stream
Header set Content-Disposition attachment
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
    ForceType none
    Header unset Content-Disposition
</FilesMatch>
Header set X-Content-Type-Options nosniff
ASKER CERTIFIED SOLUTION
Join our community to see this answer!
Unlock 1 Answer and 4 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros