logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.



xampp, a.jpg.xx, as jpg

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
spser



Joined: 29 Aug 2016
Posts: 55

PostPosted: Mon 18 Feb '19 7:44    Post subject: Reply with quote

https://www.atuser.com/x.png

There is a problem with xampp, visit a.jpg.xx, as jpg is executed. As picture.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2187
Location: Sun Diego, USA

PostPosted: Mon 18 Feb '19 22:19    Post subject: Reply with quote

Not a problem. It is as documented. see
http://httpd.apache.org/docs/2.4/mod/mod_mime.html#multipleext

That said, in httpd.conf (bottom is fine) add
Code:
<Files ~ "\.xx$">
  Require all denied
</Files>


That will make all files inaccessible with a .xx at the end, if that's what your looking for.
Back to top
spser



Joined: 29 Aug 2016
Posts: 55

PostPosted: Tue 19 Feb '19 3:22    Post subject: Reply with quote

This does not solve the problem at all. The user may upload a.jpg.ax next time.
A.jpg.as, a.jpg.abc, a.jpg.xat Unlimited possibilities. What about the configuration?
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 84
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Fri 22 Feb '19 9:22    Post subject: Reply with quote

Have you tried to disable the functionality for this multi-lanuage-thing. Maybe this helps (haven't tested it myself):
Code:
<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

Another idea might me to redirect everything that does not exist physically on the filesystem to an error-page:
Code:
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ / [R=302,L]
Back to top
spser



Joined: 29 Aug 2016
Posts: 55

PostPosted: Fri 22 Feb '19 10:40    Post subject: Reply with quote

The file exists, and file access with multiple suffixes will encounter similar problems.
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1