I allow people to upload their project files, I have tightened my security but I just got a simple point Need to go on
I'm thinking .htaccess but I'll need to generate one for each new subdirectory (I think), let me scrap my current code and enter a .php to use the file to send the header to force DL instead of running the file?
Do you think an easy and secure solution for this? It just uploads a subdirectory like uploads / ~ foo / bar.html or something else, it looks good, so it would be good if it could live like that format.
upload it /. In the Htaccess :
RemoveType application / x-Httpd-php .php
This will work for all subfolders, also ensure that you have .htaccess in user folders. Do not parse. This can be done by not allowing override in main server config, or it can be done in the first place by not allowing upload of .htaccess files.
Comments
Post a Comment