Hi all,
I have a webserver where the users homes are copied to a folder, and I
want to assume that users can not make a script (for instance .php) to
let upload files.
In my httpd config file i have this directive that assumed it was
enough, but now i saw that people can still upload files with some .php
scripts that users have in their home.
<Limit GET POST OPTIONS PROPFIND>
Order allow,deny
Allow from all
</Limit>
<Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
Order deny,allow
Deny from all
</Limit>
What configuration directive can i insert in the config file to don't
allow users could upload files to their homes through php scripts
(move_uploaded_file)
Best regards,
Hugo Gomes
--
*************************************************
Hugo Gomes
LIP
Av. Elias Garcia 14, 1º
1000-149 Lisboa, Portugal
Telef.: +351- 217 998 587
URL: http://www.lip.pt
E-mail: hugo@xxxxxx
*************************************************
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
" from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|