disable .php files uploads using php (php-fpm)

c0nw0nk nginx-forum at forum.nginx.org
Mon Aug 29 23:54:11 UTC 2016


Christos Chatzaras Wrote:
-------------------------------------------------------
> Is any way to get the body of a php post upload to match using regex
> the filename of a php upload? I want to block file uploads with .php
> extension. I found that I can do it with nasxi but I want to see if I
> can avoid it.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


To disable cookies i do this.

fastcgi_param HTTP_COOKIE "";

PHP accepts the following server vars.

http://php.net/manual/en/reserved.variables.php

It says file uploads are files so it would be this

fastcgi_param HTTP_FILES "";

But if that does not work you may need to do.

fastcgi_param HTTP_POST "";

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269253,269280#msg-269280



More information about the nginx mailing list