Home page logo
/

basics logo Security Basics mailing list archives

Re: How to filter .htaccess uploading?
From: "Colin Bean" <ccbean () gmail com>
Date: Fri, 10 Aug 2007 08:43:05 -0700

Hi Monty,

Are you referring to a file upload from a form on your website?
Don't know if you have control over the Apache config, but it's
probably a good idea to set
AllowOverride None
in whatever directory you're sending the uploaded files to (it's
probably a good idea to set this everywhere you don't need an
.htaccess, actually).  Hopefully the script that's receiving your
uploads does some filtering, too...

-Colin

On 8/9/07, Monty Ree <chulmin2 () hotmail com> wrote:
Hello,list.

I heard that some attackers upload malicious .htaccess file using upload
program.
So I would like to filter ".htaccess" uploading at apache, is there any
method?
I know that modsecurity will solve this problem.. but I can't use
modsecurity yet for some reason.


Thanks in advance.

_________________________________________________________________
MSN Messenger를 통해 온라인상에 있는 친구와 대화를 나누세요.
http://www.msn.co.kr/messenger



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault