Jump to content

Recommended Posts

Hello,

 

I'd like to disable the DirectoryIndex completely for a certain directory; the reason being that users are able to upload files to this directory and I don't want some prankster uploading his/her own index.html :D. There must be a better way to do this than:

 

DirectoryIndex highly_improbable_file_name.obscure_extension

 

I looked at http://www.auburn.edu/docs/apache/mod/mod_dir.html but was unable to find an answer. Perhaps someone here might know?

Put your own index.html file in the folder and preventing any uploaded file from overwriting it, either by setting permissions or making sure the upload script never overwrites it.

 

Your upload script should be validating the file name of uploaded files or it should be building file names completely under your control (having nothing to do with any part of the uploaded file name) and then relating your built file name back to the original file name using a database table.

Err, redacted for lack of reading what you originally posted.

 

You could possibly change ownership to nobody and make it an unwritable folder, but if you need people to upload to it, you'll either have to have it set up so that they login or you may just have to hope that they don't botch it.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.