How can I disable specific file type uploads globally in Apache?

Posted on

How can I disable specific file type uploads globally in Apache? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, apache-2.2, security, debian, .

In order to secure my webserver, I would like to block specific file types from being uploaded globally, independent of what FTP users configure in their webpages.

Is there a way to globally block specific file types from being uploaded (such as PHP files) in Apache?

Solution :

I am unaware of anything that would stop uploads (if using sftp or something else), from Apache, though if using PHP for the uploads, then the file extensions can be disabled.

Likely there would be some setting in whatever SSH/FTP server one is using.

However, from Apache there are various ways of disabling execution of files from given directories, using things like FilesMatch / deny from all, or SetHandler / None. These could be in .htaccess files or in httpd.conf.

See https://stackoverflow.com/questions/5689423/how-to-ban-all-executable-files-on-apache for a similar discussion.

I’m pretty sure you can accomplish this using mod_security’s SecRule FILES directive. Check out http://sourceforge.net/p/mod-security/mailman/message/18919856/ or the top of https://gist.github.com/nopslider/452b652850cf359c3738 for two different examples.

Leave a Reply

Your email address will not be published.