How to disable execution file in Webserver

By   Last Updated : August 5, 2024

In OJS/OMP/OPS (Open Journal Systems), authors have the capability to upload various types of files, including potentially dangerous ones that could be used as backdoors or for other malicious purposes. To enhance security and prevent the execution of such files, it’s important to take measures that restrict or disable the execution of uploaded files. Here’s how you can do that:

Steps to Disable Execution of Files in OJS

Configure file/directory permission Settings:

Ensure that the file upload settings in OJS/OMP/OPS are configured to only accept safe file types. You can limit the types of files that authors can upload to prevent the upload of executable files.

Ensure that the directory where uploaded files are stored has the correct permissions to prevent the execution of files.

Locate the directory where OJS stores uploaded files. This is usually within the files directory under your OJS installation path (e.g., /var/www/html/ojs/files and /var/www/html/ojs/public).
Adjust the permissions so that files in this directory cannot be executed. You can do this by setting the directory permissions to 755 and the files to 644.

chmod 755 /var/www/html/ojs/files
find /var/www/html/ojs/files -type f -exec chmod 644 {} \;

Disable File Execution

For Apache/Litespeed/OpenLiteSpeed

If you’re using Apache, you can use an .htaccess file to deny the execution of scripts in the upload directory.

Create or edit the .htaccess file in the upload directory (e.g., /var/www/html/ojs/files and /var/www/html/ojs/public/).
Add the following rules to prevent execution:

Disable script execution

# Disable script execution
<FilesMatch "\.(?:inc|php|rb|phtml|phar)$">
    Order allow,deny
    Deny from all
</FilesMatch>

Configure your web server (e.g., Apache, Nginx) to prevent the execution of files in the upload directory.

For Nginx:

Edit the Nginx configuration file (e.g., /etc/nginx/sites-available/your_ojs_domain.conf).
Add the following location block for the upload directory:

location /files/ {
  # Disable script execution
  location ~* .(php|pl|cgi|exe|bat)$ {
  deny all;
  }
}

By following these steps, you can significantly reduce the risk of executing malicious files uploaded through OJS and enhance the overall security of your system.

Tags :
About the Author
user-avatar

Project Manager

Hendra here, I love writing about OJS and share knowledge about OJS. My passion is about OJS, OMP platform and doing some research on creating innovated products for that platform to help publisher to improve their publication.

Open Journal Theme

Professional Publishing system services OJS, OMP, Eprints

Need More Services  or Question?

Contact us

Openjournaltheme.com started in 2016 by a passionate team that focused to provide affordable OJS, OMP,  OPS,  Dspace, Eprints products and services. Our mission to help publishers to be more focus on their content research rather than tackled by many technical OJS issues.

Under the legal company name :
Inovasi Informatik Sinergi Inc.

About
OJS Services
OJS Themes

Secure Payment :

All the client’s financial account data is stored in the respective third-party site (such as Paypal, Wise and Direct Payment).
*Payment on Credit card can be done by request
Your financial account is guaranteed protection. We never keep any of the clients’ financial data.

Table of Contents

Index