Jump to content
  • 0

Need ability to Limit the File Size and Restrict certain File types from Upload


turner2f

Question

In the interest of SECURITY and server storage . . .
 

We need the ability to Limit the File Size and Restrict certain File types from Upload within the Support Manager ?

Such as for restricting .exe and .zip and .rar files

1) - This way the system does not get exploited via a shell script

2) - So that huge files do not get uploaded to the system and eat up server storage.

Need an option for this within the system's " Support Manager " .
 

==========

NOTE : Some Wordpress plugins have this ability.

Just inquiring to see if the same restriction function can be implemented into Blesta.

==========
 

If there is a way to accomplish this via an .htaccess or C-Panel,
please let us know with some intuitive instruction on how to do so .


Thanks in advance.

Link to comment
Share on other sites

6 answers to this question

Recommended Posts

  • 0
47 minutes ago, Jono said:

1) Make sure your uploads directory is not publicly accessible and this should not be an issue

2) Max file upload size can be controlled through your php.ini file using the upload_max_filesize option

 

 

@Jono

How do we make it so that the uploads folder is not publicly accessible ?

Instructions, please .

==========

IMPORTANT NOTE :

I was referring to restricting certain exploit file types directly through the Support Manager interface.

So that a person could not upload exploitative files as attachments to Support Tickets.

Such as "RAR", "ZIP", and "TXT" files .

 

How do we prevent that from happening ?

Link to comment
Share on other sites

  • 0
8 minutes ago, turner2f said:

How do we make it so that the uploads folder is not publicly accessible ?

Just make sure the folder is not under your root web directory.

9 minutes ago, turner2f said:

I was referring to restricting certain exploit file types directly through the Support Manager interface.

Certainly could, though I wouldn't call it a major security issue since filenames are already overwritten and there is no way for the files to be accessed unless someone has access to your server.  Still, https://dev.blesta.com/browse/CORE-3903

Link to comment
Share on other sites

  • 0

@Jono

I tried reducing the file size to  " 0MB "  within C-Panel's " Multi PHP INI " editor.

upload_max_filesize          (  The maximum size of an uploaded file. )

------------

Regardless of the change, I was STILL able to upload a file to Blesta .

 

Please advise if there is a different way.

   
Link to comment
Share on other sites

  • 0
On 10/2/2020 at 7:07 PM, Paul said:

Sounds like whatever you changed did not work. Check that the value is set in your PHP Info.


<?php phpinfo(); ?>

 

 

@Paul @Jono
 

1ST ) - After making a change within C-Panel's " Multi PHP INI " editor.

NOTE : Within the dropdown I chose the home directory ( or the domain’s document ) root to open the corresponding PHP configuration for the SUB-folder that my "Blesta" installation is in.

I made the
upload_max_filesize within C-Panel's " Multi PHP INI " editor to be " 0M "

-------------

 

2ND ) - I created a PHP Info file and inserted into the SUB-folder of my "Blesta" install, and got  . . .

 

upload_max_filesize= 0M  Local Value    &     2M   Master Value

 

=========

 

Not certain how to override this  "Master Value" or even how to locate it .

Does it mean that there might be a different PHP.INI file that is outside the "Blesta" folder that is overriding the one on the inside ?

If yes, could this be at the ROOT level of the server ?

If yes, how do I get to it ?

 

 

 

 

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...