Answer the question
In order to leave comments, you need to log in
G
G
gemolo2016-12-01 11:30:43
gemolo, 2016-12-01 11:30:43
How to disable the execution of scripts (php) in the directory for downloading files?
Greetings!
Please tell me how to make a directory in which users can upload files of any type, but which cannot be executed on the server.
For example, the user uploaded the file test.php, but when accessing test.ru/attach/test.php , the source code of this file will simply be downloaded.
How to do this as safely as possible?
Thank you!
UPD: I forgot to clarify that fast-cgi is used
3 answer(s)
@ant1vit
@xpert13
A
ant1vit, 2016-12-01 @ant1vit
Options -Indexes
php_flag engine off
RemoveHandler .phtml .php .php3 .php4 .php5 .php6 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .wml
AddType application/ x-httpd-php-source .phtml .php .php3 .php4 .php5 .php6 .phps .cgi .exe .pl .asp .aspx .shtml .shtm .fcgi .fpl .jsp .htm .html .wml
A
Alexander, 2016-12-01 @xpert13
Add an .htaccess
file to this directory with the following content:
<Files *.* >
ForceType application/octet-stream
Header add Content-Disposition "attachment"
</Files>
Similar questions
A
S
S
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question