2010/04/16

Prevent php NULL byte or upload file security hole




====================================
-=[1]=- via .htaccess file
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory

# Allow all access
Allow from all

# Deny people from looking at the index and running SSI and CGI
Options None

# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off

# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off

# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi


===========================
-=[2]=- Via Directory directive
===========================


# Ignore .htaccess files
AllowOverride None

# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi

# Don't run arbitrary PHP code.
php_admin_flag engine off



==========================
-=[3]=- Via Location directive
==========================


# Ignore .htaccess files
AllowOverride None

# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi

# Don't run arbitrary PHP code.
php_admin_flag engine off

1 comment:

  1. Once again great post. You seem to have a good understanding of these themes.When I entering your blog,I felt this . Come on and keep writting your blog will be more attractive. To Your Success!
    my computer has something wrong!
    maybe it does't update for a long time.

    Classic Dresses
    Classic Bridesmaid Dresses
    Wedding Dresses with Sleeves

    ReplyDelete