Hello, I have a website where I allow users to upload mp4 files. On the server I have code that makes sure the mime type is only video/mp4. However, in the event that someone gets sneaky and somehow uploads a PHP file, how can I tell Apache not to execute PHP files in a certain directory?
I’m not sure about server side, but for client side I suggest checking out restricting Mime types in htaccess:
Maybe let the server check for executables and block the upload?
Did a quick search, there were many more results with your topic title as query:
Thanks, when looking I didn’t see that.
php_flag engine off to my .htaccess did the trick.
To save your video files out of root directory.