Created: August 19th 2013
Last updated: May 1st 2020
Categories: Joomla, Typo3, Wordpress
Author: Marcus Fleuti

Disable script execution for upload directories using htaccess to further secure your website (Joomla, Wordpress, Typo3)

Tags: Apache, cgi, disable execution, htaccess, script, web

Donate with

82uymVXLkvVbB4c4JpTd1tYm1yj1cKPKR2wqmw3XF8YXKTmY7JrTriP4pVwp2EJYBnCFdXhLq4zfFA6ic7VAWCFX5wfQbCC

Why

This setting alone won't protect you against beingt hacked but it's another step forward for securing your CMS. In case an attacker manages it to compromise your system and upload a script into the /uploads directory he won't be able to execute it and further infect your installation. You should make sure though that the protected directory (in this example it's /uploads) is the only one the web server has write permissions to.

Howto

We will simply create a .htaccess file within the directory of your choice (e.g. /uploads) and add the following content:

#disable script execution
AddHandler cgi-script .php .pl .jsp .asp .sh .cgi
Options -ExecCGI

How does it work?

The "AddHandler" command will tell the web server to interprete the given file extensions as CGI scripts (executable files). In the next line we tell the server that executing CGI scripts is prohibited. That's all 😉

August 19th 2024

Linux IPTables :: Create a basic secure iptables ruleset for your server which is automatically applied upon system boot (systemd)

February 28th 2023

Linux Bash shell script for recursively converting all files with various charsets in a directory into UTF-8 (Shell-Skript für das rekursive Konvertieren von allen Files in einem Verzeichnis mit beliebigem Charset in UTF-8)

December 8th 2011

Categories

Money money money...

Disable script execution for upload directories using htaccess to further secure your website (Joomla, Wordpress, Typo3)

Why

Howto

How does it work?

How to easily disable WordPress feeds with a simple functions.php script: block RSS, Atom, and more

[Ubuntu / Linux Mint] Docker error bind port TCP 0.0.0.0:80 already in use by apache2

Linux Bash Script: Batch- Resize, Rescale- and Sharpen images inside of a given folder to reduce storage demand

Web Development: What is HTTP/3

Linux dig Command: Extract All Domain Zone Data with a simple Bash Script

JavaScript: Why use let/const over var

JavaScript: Live event listener

Linux IPTables :: Create a basic secure iptables ruleset for your server which is automatically applied upon system boot (systemd)

BIND Nameserver :: Linux Script to retransfer all all zones registered in BIND

Send harddisk (and OwnCloud per-user) storage information via e-mail with via Cronjob and a Linux Shell Bash Script

HOW TO: Create Pretty URLs with Laragon for your projects

JavaScript & jQuery: Custom Number-Spinner Buttons

[SOLVED] Wordpress multisite to single theme

Ask for htaccess Auth except for listed IP address

BuddyNS - Script to reinitialize and resync all domains (zones) with BuddyNS & Bind

HowTo: Setting up Virtualmin with BuddyNS secondary DNS service

Create a MySQL-Dump (Backup) in Windows with mysqldump.exe

Linux Bash shell script for recursively converting all files with various charsets in a directory into UTF-8 (Shell-Skript für das rekursive Konvertieren von allen Files in einem Verzeichnis mit beliebigem Charset in UTF-8)

Optimizing web page response - compression - caching-gzip-deflate - header optimizations - MIME - htaccess - Typo3 - Joomla - Wordpress

Unsere Leistungen