Reputation: 802
Deny post request to specific file types
i'm providing service which allow end user to upload thier files via application which use post request to send images and videos to my server ,
i'm trying to restrict/filter post request on Apache level and allow only images and video to proceed and drop other request carry different file type i'm trying to do it via htaccess , any advise here or tips
.htaccess example
<FilesMatch "\.(?:inc|php|py|rb)$">
Order allow,deny
Deny from all
</FilesMatch>
or is there better way ? mod_sec for example
Upvotes: 0
Views: 402
Answers (1)
Reputation: 24478
Not sure of your setup but typically you use some type of backend language to handle the files you receive. However you can restrict the POST to certain file types using rewrite. I would put what I want to Allow instead listening every possible file type that I want to deny.
e.g. If I only want to allow PHP and python files for POST method I could do this.
RewriteEngine
RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{REQUEST_URI} !\.(php|py)$ [NC]
RewriteRule ^ - [F]
Substitute the file types for yours.
Upvotes: 1
Related Questions
- Only Allow POST Requests and Deny all other REQUEST_METHOD using .htaccess
- Deny access to specific file types in specific directory
- .htaccess to restrict access by file type
- How To Allow Access to Certain File Types but Deny All Others
- Deny files with .htaccess
- Restrict POST Request The Server
- How to deny/restrict access to a particular file type in a LAMP environment?
- Restrict access to a directory by file type
- Use htaccess to allow POST, but block browsing PHP files
- .htaccess allow one specific file format only in directory listing