disable .php files uploads using php (php-fpm)
Richard Stanway
r1ch+nginx at teamliquid.net
Tue Aug 30 11:04:10 UTC 2016
File uploads are passed in the request body, not the headers so you cannot
disable or otherwise affect them by setting HTTP_X variables. This is a job
for your backend as nginx does not really interact with post body contents.
On Tue, Aug 30, 2016 at 1:54 AM, c0nw0nk <nginx-forum at forum.nginx.org>
wrote:
> Christos Chatzaras Wrote:
> -------------------------------------------------------
> > Is any way to get the body of a php post upload to match using regex
> > the filename of a php upload? I want to block file uploads with .php
> > extension. I found that I can do it with nasxi but I want to see if I
> > can avoid it.
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> To disable cookies i do this.
>
> fastcgi_param HTTP_COOKIE "";
>
> PHP accepts the following server vars.
>
> http://php.net/manual/en/reserved.variables.php
>
> It says file uploads are files so it would be this
>
> fastcgi_param HTTP_FILES "";
>
> But if that does not work you may need to do.
>
> fastcgi_param HTTP_POST "";
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,269253,269280#msg-269280
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160830/b8647690/attachment.html>
More information about the nginx
mailing list