Apache – Secure upload directories

August 6, 2010 by: Akhthar Parvez

It’s very important to secure directories which are being used as the destination dir for web uploads. You can do this by adding the following entries into the .htaccess file:

Options -Indexes
AddHandler cgi-script .php .php3 .php4 .php5 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi .txt
Options -ExecCGI

Just a small step to miss, but the impact may be huge.

PS: Make sure that no directories are world or apache user writable unless they’re used for web uploads. It would be dangerous otherwise.

Filed under: Apache
Tags: , , , , ,

Leave a Reply

You must be logged in to post a comment.