新建一个.htaccess文件, 内容如下:
Code:
# deny *everything*
<FilesMatch ".*">
Order Allow,Deny
Deny from all
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch ".*\.(jpe?g|JPE?G|gif|GIF|png|PNG|swf|SWF)$" >
Order Allow,Deny
Allow from all
</FilesMatch>
IndexIgnore */*
## NOTE: If you want even greater security to prevent hackers from running scripts in this folder, uncomment the following line (if your hosting company will allow you to use OPTIONS):
# OPTIONS -Indexes -ExecCGI
AddHandler cgi-script .php .pl .py .rb .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI
上传到data/attachment/forum下就可以了.