htaccess preventing file upload.

I am using Apache with folder permissions 755.
I am having trouble understanding if this is working. I am trying to allow image files to be uploaded to content folder and prevent the upload of non-image files such as those with a .php extension. I try both of the codes below but they don't stop php files from being uploaded. My content folder is now inside my root directory. Yesterday my content folder was outside of root directory and the php files could not upload or at leased they were not visible.

1. Do I have this wrong, is the purpose of the code below not to prevent upload but instead to prevent execution of php or other unwanted file types?

2. Do I place this inside the same folder images are in or the parent folder to that. (content/images)?

3. Do I have to restart Apache each time I replace a htaccess file to get the htaccess file to work?

deny from all
<Files ~ "^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all
</Files>


ForceType application/octet-stream
Header set Content-Disposition attachment
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
    ForceType none
    Header unset Content-Disposition
</FilesMatch>
Header set X-Content-Type-Options nosniff

Open in new window

kadinAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

GaryCommented:
It goes in the images folder and you don't need to restart Apache
It blocks any non image file from being used or rather if anyone tries to call a file in that directory that doesn't match the image extensions allowed then it is blocked.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kadinAuthor Commented:
It sounds like your saying it doesn't prevent the php or non-image file from being uploaded. Just stops the execution of it. Is that correct?

I guess then to test this I will have to upload a php file that has code in it that will do something when executed.
0
GaryCommented:
Yes
0
kadinAuthor Commented:
Thanks again.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Components

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.