Portal Home > Knowledgebase > Articles Database > modsecurity rule for reject file upload

modsecurity rule for reject file upload

Posted by myserve, 01-12-2016, 02:44 PM

Hello, we need a modsecurity rule that block upload any files from our webserver (we use apache or nginx) then have a ignore list and when we specify /home/user/user allow upload there, thanks,

---

Posted by FINESEC, 01-14-2016, 12:36 PM

You can write your own script to decide whether to allow or deny upload, e.g. SecRule FILES_TMPNAMES "@inspectFile /usr/local/scan.sh" phase:2,t:none,log,block https://github.com/SpiderLabs/ModSec...al#inspectFile Also set SecUploadKeepFiles to RelevantOnly.

---

Add to Favourites    Print this Article

Looking for a reseller account (Views: 586)

SSL installation issues? (Views: 521)

1U PCI-E RAID controller (Views: 638)

Can I feel secure on a shared server? (Views: 604)

Why IPowerWeb? (Views: 541)