Allow only certain extensions

Panduola · September 7, 2010, 2:51pm

Hi there,

Is there a way to configure a virtual host to only be allowed to view (and execute) files of certain extensions (in other words, deny all, allow some)?

dklynn · September 7, 2010, 10:42pm

That seems right to me, Rémon.

Regards,

DK

Panduola · September 7, 2010, 6:43pm

Alright, here’s another scenario…

What happens if somebody uploaded a PHP file, with a .gif extension? How can I always make sure that the header output is image/gif and not application/php?

rpkamp · September 7, 2010, 9:44pm

AFAIK Apache bases the MIME type of a file on its extension. So a .gif would always be sent as an image/gif file, even if its contents are PHP code.
Might be wrong though…

rpkamp · September 7, 2010, 3:36pm

The following works for me (Apache 2.2.11, win7 64bit, WampServer 2)


<Directory "/some/path">
    # Put default options for the Directory here ...
    Order Allow,Deny
    Deny from all
    
    <FilesMatch "\\.(gif|jpe?g|png)$">  
        Allow from all
    </FilesMatch>

</Directory>

This denies access to all files except for gif, jpg, jpeg and png files
You can also reverse it to allow everything except for files matching the regular expression.

Topic		Replies	Views
Htaccess: Allow only gif, jpg and png images Server Config	9	14409	October 8, 2014
.htaccess to only allow images to display in directory Server Config	5	13446	October 8, 2014
Only allowing images in a directory using .htaccess Server Config	7	2148	February 8, 2011
I want to disallow all PHP files except Server Config	1	433	October 8, 2014
Apache disallow execution of two or more file types Server Config	1	614	October 8, 2014

Allow only certain extensions

Related topics