On Thu, Oct 20, 2011 at 1:53 PM, Hugo Gomes <hugo@xxxxxx> wrote: > Hi all, > > I have a webserver where the users homes are copied to a folder, and I > want to assume that users can not make a script (for instance .php) to > let upload files. > > In my httpd config file i have this directive that assumed it was > enough, but now i saw that people can still upload files with some .php > scripts that users have in their home. > > > <Limit GET POST OPTIONS PROPFIND> > Order allow,deny > Allow from all > </Limit> > <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK> > Order deny,allow > Deny from all > </Limit> > > > What configuration directive can i insert in the config file to don't > allow users could upload files to their homes through php scripts > (move_uploaded_file) > > File uploads through PHP et al (as opposed to via WebDAV or mod_ftp) are handled through POST requests. There may be PHP directives that allow you to control this, but I'm not aware of them, try a PHP list. Cheers Tom --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|