>Hi!

>Someone often uploads files to /tmp and then executing in on the server with 
>webserver user priveleges. How to prevent it?

>Thanks,
>G.

One possibility is this:

<Location /tmp >
  <Limit GET HEAD POST>
    Order Deny,Allow
#    Deny from All
    Allow from All
  </Limit>
  <LimitExcept GET HEAD POST>
    Order Deny,Allow
    Deny from all
    Allow from 127.0.0.1
  </LimitExcept>
</Location>
 
The only one which can make than e.g. PUT /tmp/badcode.htm is than one from 
localost.

Greets

Oliver


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


<<winmail.dat>>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to