httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Oliver.Scha...@unilog.de>
Subject [users@httpd] RE:[users@httpd] how to prevent an executing from /tmp
Date Fri, 02 Jun 2006 09:49:18 GMT

>Hi!

>Someone often uploads files to /tmp and then executing in on the server with 
>webserver user priveleges. How to prevent it?

>Thanks,
>G.

One possibility is this:

<Location /tmp >
  <Limit GET HEAD POST>
    Order Deny,Allow
#    Deny from All
    Allow from All
  </Limit>
  <LimitExcept GET HEAD POST>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
  </LimitExcept>
</Location>
 
The only one which can make than e.g. PUT /tmp/badcode.htm is than one from localost.

Greets

Oliver


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org



Mime
View raw message