?
Solved

htaccess preventing file upload.

Posted on 2014-08-14
4
Medium Priority
?
1,569 Views
Last Modified: 2014-08-14
I am using Apache with folder permissions 755.
I am having trouble understanding if this is working. I am trying to allow image files to be uploaded to content folder and prevent the upload of non-image files such as those with a .php extension. I try both of the codes below but they don't stop php files from being uploaded. My content folder is now inside my root directory. Yesterday my content folder was outside of root directory and the php files could not upload or at leased they were not visible.

1. Do I have this wrong, is the purpose of the code below not to prevent upload but instead to prevent execution of php or other unwanted file types?

2. Do I place this inside the same folder images are in or the parent folder to that. (content/images)?

3. Do I have to restart Apache each time I replace a htaccess file to get the htaccess file to work?

deny from all
<Files ~ "^\w+\.(gif|jpe?g|png)$">
order deny,allow
allow from all
</Files>


ForceType application/octet-stream
Header set Content-Disposition attachment
<FilesMatch "(?i)\.(gif|jpe?g|png)$">
    ForceType none
    Header unset Content-Disposition
</FilesMatch>
Header set X-Content-Type-Options nosniff

Open in new window

0
Comment
Question by:kadin
  • 2
  • 2
4 Comments
 
LVL 58

Accepted Solution

by:
Gary earned 2000 total points
ID: 40262076
It goes in the images folder and you don't need to restart Apache
It blocks any non image file from being used or rather if anyone tries to call a file in that directory that doesn't match the image extensions allowed then it is blocked.
0
 

Author Comment

by:kadin
ID: 40262082
It sounds like your saying it doesn't prevent the php or non-image file from being uploaded. Just stops the execution of it. Is that correct?

I guess then to test this I will have to upload a php file that has code in it that will do something when executed.
0
 
LVL 58

Expert Comment

by:Gary
ID: 40262084
Yes
0
 

Author Closing Comment

by:kadin
ID: 40262086
Thanks again.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article you will learn how to create a free basic website on Bitbucket, a git service provider. Polymer creates dynamic HTML components, which allow more flexibility than static HTML. This tutorial uses Ubuntu Linux but can also be done on W…
Before we dive into the marketing strategies involved with creating an effective homepage, it’s crucial that EE members know what a homepage is. In essence, a homepage is the introductory, or default page, of a website that typically highlights the …
The purpose of this video is to demonstrate how to set up the WordPress backend so that each page automatically generates a Mailchimp signup form in the sidebar. This will be demonstrated using a Windows 8 PC. Tools Used are Photoshop, Awesome…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question