htaccess preventing file upload.

Posted on 2014-08-14
Last Modified: 2014-08-14
I am using Apache with folder permissions 755.
I am having trouble understanding if this is working. I am trying to allow image files to be uploaded to content folder and prevent the upload of non-image files such as those with a .php extension. I try both of the codes below but they don't stop php files from being uploaded. My content folder is now inside my root directory. Yesterday my content folder was outside of root directory and the php files could not upload or at leased they were not visible.

1. Do I have this wrong, is the purpose of the code below not to prevent upload but instead to prevent execution of php or other unwanted file types?

2. Do I place this inside the same folder images are in or the parent folder to that. (content/images)?

3. Do I have to restart Apache each time I replace a htaccess file to get the htaccess file to work?

deny from all
<Files ~ "^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all

ForceType application/octet-stream
Header set Content-Disposition attachment
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
    ForceType none
    Header unset Content-Disposition
Header set X-Content-Type-Options nosniff

Open in new window

Question by:kadin
    LVL 58

    Accepted Solution

    It goes in the images folder and you don't need to restart Apache
    It blocks any non image file from being used or rather if anyone tries to call a file in that directory that doesn't match the image extensions allowed then it is blocked.

    Author Comment

    It sounds like your saying it doesn't prevent the php or non-image file from being uploaded. Just stops the execution of it. Is that correct?

    I guess then to test this I will have to upload a php file that has code in it that will do something when executed.
    LVL 58

    Expert Comment


    Author Closing Comment

    Thanks again.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Suggested Solutions

    Title # Comments Views Activity
    web hosting 6 111
    Idea about making free lancer website 7 157
    How to upgrade PHP on windows? 8 4,464
    Chrome Issue 6 354
    I made this because I wanted to get e-mail with a attached csv file so I'd would be able to import user input into a MS Excel template, but I also wanted to register/save all inputs from each day in a file on the server. 1st - It creates a temp C…
    In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
    The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now