Shell Script To Turn On or Off PHP Uploads For Php5-fpm/Apache/Nginx/Lighttpd Web Servers

in Categories Security, Web Server last updated September 5, 2016

A simple shell script wrapper to disable or enable PHP 5 upload support in an Apache or Nginx or Lighttpd web server. The script look for file_uploads directive in php.ini file and change its state from ON to OFF or vice-versa.

When you allow files to be uploaded to your system you assume a number of risks, files may not be what the appear (executables masquerading as images, php scripts uploaded and moved to a location where they may be run, et-cetera). If your site doesn’t actually require file uploads, disabling this will prevent files from being accepted inadvertently. We recommend that you always keep this to off. See our php security guide for sysadmin more information.

# A simple shell script to turn on or off Apache / Nginx / Lighttpd web server upload 
# by editing php.ini or custom.ini file
# Tested on : Debian 8 and Ubuntu LTS server but should work with any Linux and Unix-like system
# ----------------------------------------------------------------------------
# Author: nixCraft 
# Copyright: 2015 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated 12 Sep 2015
# ----------------------------------------------------------------------------
# Path to ini file
# Ubuntu command to reload php5-fpm
# Update this as per your need. For e.g. Debian 7.x or older use  /sbin/service apache2 restart
# For RHEL/CentOS7 use /sbin/systemctl reload httpd.service 
_reload="/sbin/restart php5-fpm"
# Where is sed located?
# Reload function
        echo "Reloading php5-fpm..."
# Turn on uploading
        echo "Allowing uploads..."
        $_sed -ie 's/file_uploads=Off/file_uploads=On/' $cust \
        && _reload 
# Turn off uploading
        echo "Disabling uploads..."
        $_sed -ie 's/file_uploads=On/file_uploads=Off/' $cust \
        && _reload 
# Get current status of uploading
        echo "Current file upload status in ${cust}..."
        grep -e --color '^file_upload' $cust
# Main logic #
case $arg in
        [oO][nN]) _on;;
        [oO][fF][fF]) _off;;
        [sS][tT][aA][tT][uU][sS]) _status;;
        *) echo "Usage: $0 [on|off|status]";;

Share this on:

1 comment

  1. I could be wrong, but doesn’t Bash support case-insensitive letter matching without having to use something like §[uU]§, in the main logic ?

Leave a Comment