Hello,
I use XAMPP v.1.8.2 with Apache2.4 and Win2008R2
I have a directory structure like this:
c:\xampp\htdocs\users\ [document root][uploader.html][uploader.php]
c:\xampp\htdocs\users\user1 [.htaccess]
c:\xampp\htdocs\users\user2 [.htaccess]
c:\xampp\htdocs\users\userX [.htaccess]
I need to upload files to the user directories.
This is done with uploader.html, here the usere can select a file to be uploaed and the directory to which the file is uploadted (eg. upload : http://www.myserver.com/user1/data.zip)
Each user directory is password protected using a .htaccess file that points to a .htpasswd file.
My question is:
How can I prevent a user to upload certain filetypes file like .exe, .com, .vbs, .php, etc.?
I did some searching and I have found many articles that recommend to use <filesMatch> for this purpose.
So I have add the following to the end of httpd.conf:
<Directory c:/xamp/htdocs/users/user1>
<FilesMatch "(?i)\.(exe|com|vbs|php|php3?|phtml)$">
Order Deny,Allow
Deny from All
</FilesMatch>
</Directory>
And I have tried this:
<FilesMatch "\.(php|.exe|php3|phtml)$">
Order Deny,Allow
Deny from All
</FilesMatch>
I have restarted the Apache service.
But still I can upload evil.exe to the user1 directory.
thanks
problem with <FilesMatch> to prevent certain uploads
1 post
• Page 1 of 1
problem with <FilesMatch> to prevent certain uploads
by spacewalker » 15. April 2014 09:25
- spacewalker
- Posts: 13
- Joined: 25. July 2013 09:46
- Operating System: Windows 2008R2
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 183 guests