httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hugo Gomes <h...@lip.pt>
Subject [users@httpd] Don't allow users to upload files
Date Thu, 20 Oct 2011 12:53:15 GMT
Hi all, 

	I have a webserver where the users homes are copied to a folder, and I
want to assume that users can not make a script (for instance .php) to
let upload files.

	In my httpd config file i have this directive that assumed it was
enough, but now i saw that people can still upload files with some .php
scripts that users have in their home.


 <Limit GET POST OPTIONS PROPFIND>
	Order allow,deny
	Allow from all
 </Limit>
 <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
	Order deny,allow
	Deny from all
 </Limit>


	What configuration directive can i insert in the config file to don't
allow users could upload files to their homes through php scripts
(move_uploaded_file)


	Best regards,
	Hugo Gomes

-- 
*************************************************
     Hugo Gomes                    
     LIP                                                    
     Av. Elias Garcia 14, 1ยบ                  
     1000-149 Lisboa, Portugal           
     Telef.:  +351- 217 998 587
     URL: http://www.lip.pt
     E-mail: hugo@lip.pt
*************************************************


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message