block MIME types

N

Nerigal

Verified User
Joined
Jul 6, 2009
Messages
124
Hi,

for a very important security reason,

i have to find a way within the httpd.conf and / or the htaccess
to block every mime type execpt php and html

all other need to be forwarded to a 404 or 403

if any of you have clue about this.


Thanks.
 
Hello,

There is no such a MIME as php. What exactly do you want to do? You probably need or want to block all requests and allow only those for .php or .htm(l) ?
 
well...

i use to disable CGI because of the lack of security control of this type of execution
by doing

AddHandler cgi-script .pl .py .jsp .asp .sh .cgi
Options -ExecCGI

on linux.

the problem is that you can just make a file .v346yb34.txt

and just shebang it to perl.

so need to figure the real MIME type of the file but not assume the extension of the file.

and so prevent users to change the application handler definition for mime type
because in htaccess users can tell apache to run... for example .ttt files as python script

but you dont want this to happen so.
 
You must log in or register to reply here.
Back
Top