Difference between revisions of "Securing apache upload folders"
(Created page with "<yambe:breadcrumb>Apache_web_server_configuration|Apache web server configuration</yambe:breadcrumb> =Securing apache upload folders= To secure apache upload folders from scr...") |
m |
||
| Line 1: | Line 1: | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Securing apache upload folders]] | |||
To secure apache upload folders from script execution use: | To secure apache upload folders from script execution use: | ||
| Line 12: | Line 11: | ||
For extreme protection set permissions on .htaccess file such that apache user through which apache is running. This would cause apache to generate =500 Internal Server Error= whenever the directory is accessed. This method is future proof and protects against all languages and not just php. | For extreme protection set permissions on .htaccess file such that apache user through which apache is running. This would cause apache to generate =500 Internal Server Error= whenever the directory is accessed. This method is future proof and protects against all languages and not just php. | ||
[[Main Page|Home]] > [[CentOS]] > [[CentOS 6.x]] > [[Apache web server configuration]] > [[Securing apache upload folders]] | |||
Latest revision as of 07:27, 6 March 2022
Home > CentOS > CentOS 6.x > Apache web server configuration > Securing apache upload folders
To secure apache upload folders from script execution use:
php_flag engine off Options -ExecCGI
in a .htaccess file in the upload folder.
This is important because apache treats .php.jpeg extension as an executable file. So if upload code checks for files ending with .jpeg then attacker can upload his/her code easily and then execute desired commands.
For extreme protection set permissions on .htaccess file such that apache user through which apache is running. This would cause apache to generate =500 Internal Server Error= whenever the directory is accessed. This method is future proof and protects against all languages and not just php.
Home > CentOS > CentOS 6.x > Apache web server configuration > Securing apache upload folders
