logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: xampp, a.jpg.xx, as jpg
Author
spser



Joined: 29 Aug 2016
Posts: 97

PostPosted: Mon 18 Feb '19 7:44    Post subject: Reply with quote

https://www.atuser.com/x.png

There is a problem with xampp, visit a.jpg.xx, as jpg is executed. As picture.
Back to top
glsmith
Moderator


Joined: 16 Oct 2007
Posts: 2268
Location: Sun Diego, USA

PostPosted: Mon 18 Feb '19 22:19    Post subject: Reply with quote

Not a problem. It is as documented. see
http://httpd.apache.org/docs/2.4/mod/mod_mime.html#multipleext

That said, in httpd.conf (bottom is fine) add
Code:
<Files ~ "\.xx$">
  Require all denied
</Files>


That will make all files inaccessible with a .xx at the end, if that's what your looking for.
Back to top
spser



Joined: 29 Aug 2016
Posts: 97

PostPosted: Tue 19 Feb '19 3:22    Post subject: Reply with quote

This does not solve the problem at all. The user may upload a.jpg.ax next time.
A.jpg.as, a.jpg.abc, a.jpg.xat Unlimited possibilities. What about the configuration?
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 152
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Fri 22 Feb '19 9:22    Post subject: Reply with quote

Have you tried to disable the functionality for this multi-lanuage-thing. Maybe this helps (haven't tested it myself):
Code:
<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

Another idea might me to redirect everything that does not exist physically on the filesystem to an error-page:
Code:
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ / [R=302,L]
Back to top
spser



Joined: 29 Aug 2016
Posts: 97

PostPosted: Fri 22 Feb '19 10:40    Post subject: Reply with quote

The file exists, and file access with multiple suffixes will encounter similar problems.
Back to top


Reply to topic   Topic: xampp, a.jpg.xx, as jpg View previous topic :: View next topic
Post new topic   Forum Index -> Apache