Part-DB-server/public/media/.htaccess at 3db982b60ec82b2d798a01f8e60ef22bf2ce0ebd - groove/Part-DB-server - Forgejo: Beyond coding. We Forge.

groove/Part-DB-server

mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-06-13 06:01:34 +00:00

Jan Böhmer 6e5d1c967f Block access to all php and phar files that are uploaded into the media folder

2026-06-07 20:40:15 +02:00

10 lines

312 B

ApacheConf

Raw Blame History

 # Deny access to PHP and PHP-like files to prevent remote code execution
 <FilesMatch "(?i)\.(php[3-8]?|phar|phtml|pht|phps)$">
     <IfModule mod_authz_core.c>
         Require all denied
     </IfModule>
     <IfModule !mod_authz_core.c>
         Order deny,allow
         Deny from all
     </IfModule>
 </FilesMatch>