>Hi! >Someone often uploads files to /tmp and then executing in on the server with >webserver user priveleges. How to prevent it?
>Thanks,
>G.
One possibility is this:
<Location /tmp >
<Limit GET HEAD POST>
Order Deny,Allow
# Deny from All
Allow from All
</Limit>
<LimitExcept GET HEAD POST>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</LimitExcept>
</Location>
The only one which can make than e.g. PUT /tmp/badcode.htm is than one from
localost.
Greets
Oliver
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<<winmail.dat>>
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
