disable file uploads

Tue Mar 24 01:15:10 UTC 2015

On Tue, 2015-03-24 at 00:00 +0000, Francis Daly wrote:
> On Tue, Mar 24, 2015 at 12:47:38PM +1300, Steve Holdoway wrote:
> > On Mon, 2015-03-23 at 22:52 +0000, Francis Daly wrote:
> > > On Tue, Mar 24, 2015 at 09:13:50AM +1300, Steve Holdoway wrote:
> 
> Hi there,
> 
> > > > Is there any way to stop / disable random file uploads... for example,
> > > > I'm having 'fun' with mail relays being uploaded to the cache area of a
> > > > wordpress site?
> > > 
> > > What the difference between a request that is a file upload and a request
> > > that is not a file upload, on your system?
> 
> >         # set the static ones first, then the catchall
> >         # Directives to send expires headers and turn off 404 error
> > logging.
> >         location ~* ^/(?:uploads|files|cache|plugins)/.*\.(png|gif|jpg|
> > jpeg|css|js|swf|ico|txt|xml|bmp|pdf|doc|docx|ppt|pptx|zip|woff|ttf|otf|
> > xls|myo|qbb|pst|dat|qbx|bc7|cf7)$ {
> >                 expires 24h;
> >                 log_not_found off;
> >         }
> 
> For requests that match this location block, serve from the filesystem.
> 
> >         location ~* ^/wp-content/(files|uploads|cache|plugins)/.*.(|php|
> > js|swf)$ {
> >                 types { }
> >                 default_type text/plain;
> >         }
> 
> For requests that match this location block, serve from the filesystem.
> 
> None of that seems to say "handle file uploads".
> 
> I confess I'm somewhat confused about what your question is.
> 
> What request do you make of nginx, that does not give you the response
> that you want?
> 
> 	f
Sorry, 

This is the best block I can find, where the intention is that php files
are just served as text, not processed, which should be good and
annoying for the users as well.

As I said, I can't work out how on earth to stop them being uploaded in
the first place.

Steve

-- 
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa