Re: How to filter .htaccess uploading?

["Colin Bean" <ccbean () gmail com>]

Hi Monty,

Are you referring to a file upload from a form on your website?
Don't know if you have control over the Apache config, but it's
probably a good idea to set
AllowOverride None
in whatever directory you're sending the uploaded files to (it's
probably a good idea to set this everywhere you don't need an
.htaccess, actually).  Hopefully the script that's receiving your
uploads does some filtering, too...

-Colin

On 8/9/07, Monty Ree <chulmin2 () hotmail com> wrote:
> Hello,list.
>
> I heard that some attackers upload malicious .htaccess file using upload
> program.
> So I would like to filter ".htaccess" uploading at apache, is there any
> method?
> I know that modsecurity will solve this problem.. but I can't use
> modsecurity yet for some reason.
>
>
> Thanks in advance.
>
> _________________________________________________________________
> MSN Messenger를 통해 온라인상에 있는 친구와 대화를 나누세요.
> http://www.msn.co.kr/messenger