Security Basics mailing list archives
Re: How to filter .htaccess uploading?
From: "Colin Bean" <ccbean () gmail com>
Date: Fri, 10 Aug 2007 08:43:05 -0700
Hi Monty, Are you referring to a file upload from a form on your website? Don't know if you have control over the Apache config, but it's probably a good idea to set AllowOverride None in whatever directory you're sending the uploaded files to (it's probably a good idea to set this everywhere you don't need an .htaccess, actually). Hopefully the script that's receiving your uploads does some filtering, too... -Colin On 8/9/07, Monty Ree <chulmin2 () hotmail com> wrote:
Hello,list. I heard that some attackers upload malicious .htaccess file using upload program. So I would like to filter ".htaccess" uploading at apache, is there any method? I know that modsecurity will solve this problem.. but I can't use modsecurity yet for some reason. Thanks in advance. _________________________________________________________________ MSN Messenger를 통해 온라인상에 있는 친구와 대화를 나누세요. http://www.msn.co.kr/messenger
Current thread:
- How to filter .htaccess uploading? Monty Ree (Aug 10)
- Re: How to filter .htaccess uploading? security.xentek (Aug 10)
- Re: How to filter .htaccess uploading? Colin Bean (Aug 10)