turner2f Posted September 22, 2020 Report Share Posted September 22, 2020 In the interest of SECURITY and server storage . . . We need the ability to Limit the File Size and Restrict certain File types from Upload within the Support Manager ? Such as for restricting .exe and .zip and .rar files 1) - This way the system does not get exploited via a shell script 2) - So that huge files do not get uploaded to the system and eat up server storage. Need an option for this within the system's " Support Manager " . ========== NOTE : Some Wordpress plugins have this ability. Just inquiring to see if the same restriction function can be implemented into Blesta. ========== If there is a way to accomplish this via an .htaccess or C-Panel, please let us know with some intuitive instruction on how to do so . Thanks in advance. Quote Link to comment Share on other sites More sharing options...
0 Jono Posted September 22, 2020 Report Share Posted September 22, 2020 1) Make sure your uploads directory is not publicly accessible and this should not be an issue 2) Max file upload size can be controlled through your php.ini file using the upload_max_filesize option Quote Link to comment Share on other sites More sharing options...
0 turner2f Posted September 22, 2020 Author Report Share Posted September 22, 2020 47 minutes ago, Jono said: 1) Make sure your uploads directory is not publicly accessible and this should not be an issue 2) Max file upload size can be controlled through your php.ini file using the upload_max_filesize option @Jono How do we make it so that the uploads folder is not publicly accessible ? Instructions, please . ==========IMPORTANT NOTE : I was referring to restricting certain exploit file types directly through the Support Manager interface. So that a person could not upload exploitative files as attachments to Support Tickets. Such as "RAR", "ZIP", and "TXT" files . How do we prevent that from happening ? Quote Link to comment Share on other sites More sharing options...
0 Jono Posted September 22, 2020 Report Share Posted September 22, 2020 8 minutes ago, turner2f said: How do we make it so that the uploads folder is not publicly accessible ? Just make sure the folder is not under your root web directory. 9 minutes ago, turner2f said: I was referring to restricting certain exploit file types directly through the Support Manager interface. Certainly could, though I wouldn't call it a major security issue since filenames are already overwritten and there is no way for the files to be accessed unless someone has access to your server. Still, https://dev.blesta.com/browse/CORE-3903 Quote Link to comment Share on other sites More sharing options...
0 turner2f Posted October 2, 2020 Author Report Share Posted October 2, 2020 @Jono I tried reducing the file size to " 0MB " within C-Panel's " Multi PHP INI " editor. upload_max_filesize ( The maximum size of an uploaded file. ) ------------ Regardless of the change, I was STILL able to upload a file to Blesta . Please advise if there is a different way. Quote Link to comment Share on other sites More sharing options...
0 Paul Posted October 2, 2020 Report Share Posted October 2, 2020 Sounds like whatever you changed did not work. Check that the value is set in your PHP Info. <?php phpinfo(); ?> Quote Link to comment Share on other sites More sharing options...
0 turner2f Posted October 7, 2020 Author Report Share Posted October 7, 2020 On 10/2/2020 at 7:07 PM, Paul said: Sounds like whatever you changed did not work. Check that the value is set in your PHP Info. <?php phpinfo(); ?> @Paul @Jono 1ST ) - After making a change within C-Panel's " Multi PHP INI " editor. NOTE : Within the dropdown I chose the home directory ( or the domain’s document ) root to open the corresponding PHP configuration for the SUB-folder that my "Blesta" installation is in. I made the upload_max_filesize within C-Panel's " Multi PHP INI " editor to be " 0M " ------------- 2ND ) - I created a PHP Info file and inserted into the SUB-folder of my "Blesta" install, and got . . . upload_max_filesize= 0M Local Value & 2M Master Value ========= Not certain how to override this "Master Value" or even how to locate it . Does it mean that there might be a different PHP.INI file that is outside the "Blesta" folder that is overriding the one on the inside ? If yes, could this be at the ROOT level of the server ? If yes, how do I get to it ? Quote Link to comment Share on other sites More sharing options...
Question
turner2f
In the interest of SECURITY and server storage . . .
We need the ability to Limit the File Size and Restrict certain File types from Upload within the Support Manager ?
Such as for restricting .exe and .zip and .rar files
1) - This way the system does not get exploited via a shell script
2) - So that huge files do not get uploaded to the system and eat up server storage.
Need an option for this within the system's " Support Manager " .
==========
NOTE : Some Wordpress plugins have this ability.
Just inquiring to see if the same restriction function can be implemented into Blesta.
==========
If there is a way to accomplish this via an .htaccess or C-Panel,
please let us know with some intuitive instruction on how to do so .
Thanks in advance.
Link to comment
Share on other sites
6 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.