Welcome! Log In Create A New Profile

Advanced

How can i remove execution permission for php in any directory

Posted by lucid7 
How can i remove execution permission for php in any directory
February 21, 2011 11:47PM
Hi, all.
Sorry my foor English. :)


I have found out a security hole in my nginx webserver.
if an attacker upload the malicious php code to image directory, it wil excuted.

How can I remove execution permission for php such as apache example?

<DirectoryMatch "/home/userid/public_html/images/">
AddType application/x-httpd-php3-source .phps .php .ph .php3 .cgi .sh .pl .html .htm .shtml .vbs .ins .php4
AddType application/x-httpd-php-source .phps .php .ph .php3 .cgi .sh .pl .html .htm .shtml .vbs .ins .php4
<Files ~ ".*\.ph$">
Order allow,deny
Deny from all
</Files>
</DirectoryMatch>

thank you.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 239
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready