doushan7077 2012-11-05 08:35
浏览 83

htaccess用于子目录以防止脚本执行

I have sub directory 'images' with permission 777 to upload images from visitors in this folder there is .htaccess file to prevent script execution and more security 

<Files ^(*.jpeg|*.jpg|*.JPEG|*.JPG|*.png|*.gif)>
    order deny,allow
    deny from all
</Files>

<FilesMatch "\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi)$">
ForceType text/plain
</FilesMatch>

But when i request images/page.php in browser, it is working which is meaning .htaccess does not working. I want to prevent this folder from executable file.

Is there any mistake in my .htaccess file

  • 写回答

2条回答 默认 最新

  • drne47241 2012-11-05 08:56
    关注

    Of course you can access all .php files, because you are only forbidding access to the image files. I think there also should be a $ at the end of the first regular expression. Maybe you mean something like this:

    <Files *>
    order deny,allow
    deny from all
</Files>

<Files ^(*.jpeg|*.jpg|*.JPEG|*.JPG|*.png|*.gif)$>
    order deny,allow
    allow from all
</Files>

<FilesMatch "\.(php|pl|py|jsp|asp|htm|shtml|sh|cgi)$">
    ForceType text/plain
</FilesMatch>
    评论

报告相同问题?

悬赏问题

  • ¥15 c语言怎么用printf(“\b \b”)与getch()实现黑框里写入与删除?
  • ¥20 怎么用dlib库的算法识别小麦病虫害
  • ¥15 华为ensp模拟器中S5700交换机在配置过程中老是反复重启
  • ¥15 java写代码遇到问题,求帮助
  • ¥15 uniapp uview http 如何实现统一的请求异常信息提示?
  • ¥15 有了解d3和topogram.js库的吗?有偿请教
  • ¥100 任意维数的K均值聚类
  • ¥15 stamps做sbas-insar,时序沉降图怎么画
  • ¥15 买了个传感器,根据商家发的代码和步骤使用但是代码报错了不会改,有没有人可以看看
  • ¥15 关于#Java#的问题,如何解决?