mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2026-07-03 16:01:39 +00:00
Block access to all php and phar files that are uploaded into the media folder
This commit is contained in:
parent
c2ec0ee12b
commit
6e5d1c967f
5 changed files with 29 additions and 1 deletions
10
public/media/.htaccess
Normal file
10
public/media/.htaccess
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# Deny access to PHP and PHP-like files to prevent remote code execution
|
||||
<FilesMatch "(?i)\.(php[3-8]?|phar|phtml|pht|phps)$">
|
||||
<IfModule mod_authz_core.c>
|
||||
Require all denied
|
||||
</IfModule>
|
||||
<IfModule !mod_authz_core.c>
|
||||
Order deny,allow
|
||||
Deny from all
|
||||
</IfModule>
|
||||
</FilesMatch>
|
||||
Loading…
Add table
Add a link
Reference in a new issue