Okay, so this is a wiki entry for restricting file upload to certain filetypes only. I fully expect it'll need some clarification so feel free to contribute edits.. but basically it restricts directory listing and only permits particular filetypes.
https://github.com/opencats/OpenCATS/wi ... .htaccess)
these restrictions for the upload directory COULD be added to the single htaccess you (should) have in your webroot but to prevent a .htaccess file being uploaded to your upload directory I like to add this in separately to all the folders under the upload subdirectory, owned by root (so it can't be overwritten by a file from the apache user).. just in case someone manages to upload htaccess.txt as their CV/resume and then manages to rename it to .htaccess.
At the moment it restricts file uploads to (pdf, rtf, odf, doc, docx, txt, wpd). If you want images to be uploaded (e.g. photos for proof of ID) then this will have to be amended.
Note you will have to change syntax if you're running apache 2.2 or 2.4.. and of course you need to create your own if you're on nginx.
Last but not least - haven't tested this yet. WIll do though!!