Hi all, 

        I have a webserver where the users homes are copied to a folder, and I
want to assume that users can not make a script (for instance .php) to
let upload files.

        In my httpd config file i have this directive that assumed it was
enough, but now i saw that people can still upload files with some .php
scripts that users have in their home.


 <Limit GET POST OPTIONS PROPFIND>
        Order allow,deny
        Allow from all
 </Limit>
 <Limit PUT DELETE PATCH PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
        Order deny,allow
        Deny from all
 </Limit>


        What configuration directive can i insert in the config file to don't
allow users could upload files to their homes through php scripts
(move_uploaded_file)


        Best regards,
        Hugo Gomes

-- 
*************************************************
     Hugo Gomes                    
     LIP                                                    
     Av. Elias Garcia 14, 1ยบ                  
     1000-149 Lisboa, Portugal           
     Telef.:  +351- 217 998 587
     URL: http://www.lip.pt
     E-mail: h...@lip.pt
*************************************************


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Reply via email to