Back to Blog

Incorrect solution to disable script execution by .htaccess

I saw some people using this code in the ā€œ.htaccessā€ file to disable script execution:

This code is not secure, and can be bypassed by uploading a ā€œtestpage.PhPā€ file as an example.

This code has a case sensitive regular expression.

Note: <FilesMatch> is similar to <Files> with this problem

One solution:

Useful links:

http://www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html

http://blog.differentpixel.com/archives/198-Lots-of-.htaccess-tips,-tricks-and-hacks.html

http://perishablepress.com/press/2006/01/10/stupid-htaccess-tricks/

This entry was posted in Security Posts

Creation date: January 2, 2009

Previous
Why using the ā€œincludeā€ techniques are dangerous for the novice developers?
Next
MongoDB NoSQL Injection with Aggregation Pipelines