I have a website that users can upload images to uploads directory. I have prevented user to upload files whose extension is other than jpg,gif and png. But if user uploads a php file that has no extension or extension like filename1.php.jpg the server will accept the file. What I am trying to do is make uploads folder not accessible by PHP. php should not try to execute any file under that directory (recursively). How can I do that? What modification is needed in httpd.config? Is there a need for modification to http.config file
It'd be better to modify the script controlling the upload to verify that the file is of type jpeg, that way you don't have to worry about all the other possibilities you've not thought of yet.
Hello, This can be controlled through scripts only. As there is no specification of uploading a particular range of files for a particular directory in httpd configuration file, as whatever entries we make, the effect is on domain. The control that you are talking about has to be controlled through a code only. Thank you. Regards, Hostech Support