How can I disable specific file type uploads globally in Apache?

linux apache-2.2 security debian
6,522

I am unaware of anything that would stop uploads (if using sftp or something else), from Apache, though if using PHP for the uploads, then the file extensions can be disabled.

Likely there would be some setting in whatever SSH/FTP server one is using.

However, from Apache there are various ways of disabling execution of files from given directories, using things like FilesMatch / deny from all, or SetHandler / None. These could be in .htaccess files or in httpd.conf.

See https://stackoverflow.com/questions/5689423/how-to-ban-all-executable-files-on-apache for a similar discussion.

Share:
6,522

Related videos on Youtube

Michiel Pater
Author by

Michiel Pater

Hi, My name is Michiel, I am owner and lead developer at Tradosoft. You can find more information about me on my Portfolio and on LinkedIn. Michiel

Updated on September 18, 2022

Comments

  • Michiel Pater
    Michiel Pater almost 2 years

    In order to secure my webserver, I would like to block specific file types from being uploaded globally, independent of what FTP users configure in their webpages.

    Is there a way to globally block specific file types from being uploaded (such as PHP files) in Apache?

    • dawud
      dawud over 9 years
      What do you want to prevent? execution of those files? is it an option to mount the target filesystem noexec?
    • Michiel Pater
      Michiel Pater over 9 years
      I would like to prevent visitors from uploading PHP (and other) files through PHP file upload.
    • dawud
      dawud over 9 years
      Again, PHP is plain text, what do you want to prevent? what would be allowed?
    • Michiel Pater
      Michiel Pater over 9 years
      PHP can access the mailserver and use it for spamming.
    • NuTTyX
      NuTTyX over 9 years
      Are you serving PHP on your Apache? If not, disable that module and also similars like cgi. If you do serve PHP, just do not allow your users to upload files to the DocumentRoot of your Apache. If you serve PHP and your users need to upload files to the DocumentRoot of your Apache... well, I'd go to force a text/plain response on the Apache for your users files.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to grant access permission on network interface?
How do I fix the Shellshock security vulnerability in debian testing/jessie?
Write permissions on uploaded files - Linux, Apache, PHP
Java process eating CPU; Why?
How to hide web server name and openssh version on linux when scanning server ports?
Is adding users to the group www-data safe on Debian?
ip_conntrack_count has way too many connections
Server freeze - how to debug
Apache other_vhosts_access.log and access.log log files
OpenVPN bad source address from client