prevent执行上传的PHP文件吗? [英] Prevent execution of uploaded php files?
本文介绍了prevent执行上传的PHP文件吗?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在我的项目允许用户上传任何类型的文件。我需要确保对执行上传的文件,可以通过PHP解析的安全性(* .PHP,*。html的,等等。)
In my project users are allowed to upload files of any type. I need to ensure security against execution of uploaded files that can parsed by php (*.php, *.html, etc.)
有没有办法告诉Apache不解析任何文件使用PHP的Web /上传,只是它们显示为纯文本?有什么其他选择?
Is there a way to tell apache not to parse any files with php in web/uploads and simply display them as plain text? What are other options?
推荐答案
请它们都放在同一个文件夹,并设置该行目录的的.htaccess
文件:
Keep them all under the same folder and set this line in the directory's .htaccess
file:
php_flag engine off
这也将照顾其他攻击,如在.gif文件中嵌入PHP code。
That will also take care of other exploits such as embedding PHP code in .gif files.
这篇关于prevent执行上传的PHP文件吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文