Allow only certain extensions

Hi there,

Is there a way to configure a virtual host to only be allowed to view (and execute) files of certain extensions (in other words, deny all, allow some)?

That seems right to me, Rémon.



Alright, here’s another scenario…

What happens if somebody uploaded a PHP file, with a .gif extension? How can I always make sure that the header output is image/gif and not application/php?

AFAIK Apache bases the MIME type of a file on its extension. So a .gif would always be sent as an image/gif file, even if its contents are PHP code.
Might be wrong though…

The following works for me (Apache 2.2.11, win7 64bit, WampServer 2)

<Directory "/some/path">
    # Put default options for the Directory here ...
    Order Allow,Deny
    Deny from all
    <FilesMatch "\\.(gif|jpe?g|png)$">  
        Allow from all


This denies access to all files except for gif, jpg, jpeg and png files :slight_smile:
You can also reverse it to allow everything except for files matching the regular expression.