.htaccess allows images only

Question

I know similar questions have been asked, but none of it guided me to the right solution.

What I want to do

Use .htaccess in a /uploads folder to ensure that only file with appropriate extension can be uploaded. (e.g. jpg, png)

What I have done

• modify /etc/httpd/conf/httpd.conf to allow overwrite of .htaccess file

• create .htaccess file in /uploads folder

To test if .htaccess has been read, I have tried to put garbage in .htaccess file and access it from the browser. Corresponding error has been generated, therefore, .htaccess file is working properly.

Problem

The following script has been added to .htaccess order deny,allow deny from all

However, I am still able to upload files with any extensions to /uploads folder.

I have tried different suggestions from similar posts with no luck. Looking for new directions from you guys.

Thanks.

Answer 1

if you are using a GET method with base64 encoded string in your url, you can use .htaccess to redirect to an upload script base on the mime-type of that string. however I guess this is not what you trynna achieve. .htaccess is not appropriate in your case. if you need to control the extension of an uploaded file, you should make the process directly in your uploading script (php, python, whatever).

Answer 2

The name of the uploaded file is part of the body of the POST request the browser is making to the server, thus the .htaccess rules can't be enforced in your situation. Unless you are using some uploading schema, like creating a placeholder on the server and then submitting the file to that placeholder.