disable file uploads
Steve Holdoway
steve at greengecko.co.nz
Tue Mar 24 01:15:10 UTC 2015
On Tue, 2015-03-24 at 00:00 +0000, Francis Daly wrote:
> On Tue, Mar 24, 2015 at 12:47:38PM +1300, Steve Holdoway wrote:
> > On Mon, 2015-03-23 at 22:52 +0000, Francis Daly wrote:
> > > On Tue, Mar 24, 2015 at 09:13:50AM +1300, Steve Holdoway wrote:
>
> Hi there,
>
> > > > Is there any way to stop / disable random file uploads... for example,
> > > > I'm having 'fun' with mail relays being uploaded to the cache area of a
> > > > wordpress site?
> > >
> > > What the difference between a request that is a file upload and a request
> > > that is not a file upload, on your system?
>
> > # set the static ones first, then the catchall
> > # Directives to send expires headers and turn off 404 error
> > logging.
> > location ~* ^/(?:uploads|files|cache|plugins)/.*\.(png|gif|jpg|
> > jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip|woff|ttf|otf|
> > xls|myo|qbb|pst|dat|qbx|bc7|cf7)$ {
> > expires 24h;
> > log_not_found off;
> > }
>
> For requests that match this location block, serve from the filesystem.
>
> > location ~* ^/wp-content/(files|uploads|cache|plugins)/.*.(|php|
> > js|swf)$ {
> > types { }
> > default_type text/plain;
> > }
>
> For requests that match this location block, serve from the filesystem.
>
> None of that seems to say "handle file uploads".
>
> I confess I'm somewhat confused about what your question is.
>
> What request do you make of nginx, that does not give you the response
> that you want?
>
> f
Sorry,
This is the best block I can find, where the intention is that php files
are just served as text, not processed, which should be good and
annoying for the users as well.
As I said, I can't work out how on earth to stop them being uploaded in
the first place.
Steve
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa
More information about the nginx
mailing list