[pmwiki-users] Disallow scripts in upload directories
list_ob at gmx.net
Sat Mar 23 12:57:34 CDT 2013
Petko Yotov wrote:
>One of the shared hostings I can test appears to have no way to prevent the
>execution of a file.php.txt. They have some custom modified version of
>Apache with PHP/FastCGI and "Options -ExecCGI" does nothing,
>"SetHandler ...", "AddType ...", "ForceType ..." and other suggested
>solutions cause internal server error.
server error always or only for file.php.txt? The latter would be
better than nothing.
BTW: One of the hostings I checked showed an error if the file had
more permissions than needed. Clever as an additional measure, but I
wouldn't rely on it.
>serving it as plain text. Your proposed solution for .htaccess works though.
>> BTW: I asked in the apache user mailing list about "Options -ExecCGI"
>> and "SetHandler default-handler" but didn't get any reply.
>The Apache documentation is excellent but there are a huge number of
>configuration options. On a particular installation not every option can
That's the problem. There are several options to configure script
execution and disabling it has to match enabling.
Asking the hosting provider is also a good idea but doesn't guarantee
a good answer (BTDT, sadly the most expensive hosting I checked).
Oliver Betz, Munich http://oliverbetz.de/
More information about the pmwiki-users