Hi Will this break file uploads using web forms? Med vänliga hälsningar Stefan Midjich aka nocturnal [Swehack] http://swehack.se Oliver.Schaudt@xxxxxxxxx wrote:
Hi!Someone often uploads files to /tmp and then executing in on the server with webserver user priveleges. How to prevent it?Thanks, G.One possibility is this: <Location /tmp > <Limit GET HEAD POST> Order Deny,Allow # Deny from All Allow from All </Limit> <LimitExcept GET HEAD POST> Order Deny,Allow Deny from all Allow from 127.0.0.1 </LimitExcept> </Location>The only one which can make than e.g. PUT /tmp/badcode.htm is than one from localost.Greets Oliver --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx ------------------------------------------------------------------------ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|