| View previous topic :: View next topic |
| Author |
Message |
scheuri
n00b
Joined: 21 Aug 2002
Posts: 22
Location: region basel, switzerland
|
 Posted: Thu Sep 05, 2002 9:17 am Post subject: OT(?): apache and rejecting files which are uploaded |
 |
|
hi all...
I am sorry if that is too much off topic...
but I need some help...
I have apache 1.3.19 up and running and users have possibilities to upload files...
is there a possibility within a apache-module to check file-extensions and reject them if I want? (such as rejecting exe's or bat's).
is something like that possbile with a module within 1.3.x?
thanks 1000time...
scheuri
_________________
if someone finds any grammar errors...easy...keep them... |
|
| Back to top |
|
 |
kashani
Advocate
Joined: 02 Sep 2002
Posts: 2032
Location: San Francisco
|
| Posted: Thu Sep 05, 2002 6:53 pm Post subject: apache and rejecting files |
|
|
You'll probably want to upgrade to the latest apache 1.3.26. There are some security issues for running easlier versions.
As far a rejecting files do you not want to allow users to upload certain files to begin with or allow them to server these files after the fact?
kashani
_________________
Will personally fix your server in exchange for motorcycle related shop tools in good shape. |
|
| Back to top |
|
|
scheuri
n00b
Joined: 21 Aug 2002
Posts: 22
Location: region basel, switzerland
|
| Posted: Fri Sep 06, 2002 5:56 am Post subject: |
|
|
hi there...
well, I have a script that allows the upload (with http) to the server...
what I would like to do is...checking this files if they have certain extensions (such as exe, bat, and so on) and then reject them...
best is, if that happens before it begins uploading...but that doesnt matter actually...it is just important, that the server rejects it...
is there a apache-module-based solution for that?
I actually havent found any...so...maybe someone may enlighten me...
thanks
scheuri
_________________
if someone finds any grammar errors...easy...keep them... |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Fri Sep 06, 2002 6:09 am Post subject: |
|
|
I'm not sure, but I think the reason for kashani's question might be because there are two vastly different ways to do this, depending on whether you want to stop the upload or stop the uploaded thing being downloaded. To prevent the download, you could create a custom content handler that, for example, flashes "forbidden content type" in giant 72-point letters instead of actually serving the file.
To prevent the upload in the first place, it's really out of Apache's hands. You would need to modify the script that is handling the upload. What language is it written in? If it's Perl, and it uses CGI.pm, you can do something like this example from the CGI.pm man page: | Code: | $filename = $query->param('uploaded_file');
$type = $query->uploadInfo($filename)->{'Content-Type'};
unless ($type eq 'text/html') {
die "HTML FILES ONLY!";
} |
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
|
Networking & Security
