Jecki Jecki - 3 months ago 16
Apache Configuration Question

Deny post request to specific file types

i'm providing service which allow end user to upload thier files via application which use post request to send images and videos to my server ,

i'm trying to restrict/filter post request on Apache level and allow only images and video to proceed and drop other request carry different file type
i'm trying to do it via htaccess , any advise here or tips


.htaccess example


<FilesMatch "\.(?:inc|php|py|rb)$">
Order allow,deny
Deny from all
</FilesMatch>


or is there better way ? mod_sec for example

Answer

Not sure of your setup but typically you use some type of backend language to handle the files you receive. However you can restrict the POST to certain file types using rewrite. I would put what I want to Allow instead listening every possible file type that I want to deny.

e.g. If I only want to allow PHP and python files for POST method I could do this.

RewriteEngine
RewriteCond %{REQUEST_METHOD} ^POST
RewriteCond %{REQUEST_URI} !\.(php|py)$ [NC]
RewriteRule ^ - [F]

Substitute the file types for yours.