I have a simple upload form that allows a file to be uploaded to

Question

0

Asked: May 25, 20262026-05-25T05:59:02+00:00 2026-05-25T05:59:02+00:00

I have a simple upload form that allows a file to be uploaded to

0

I have a simple upload form that allows a file to be uploaded to a folder in the site. I don’t want to allow anything but .pdf files to be uploaded. However, I cannot modify the form at all to limit the upload. And I can’t use PHP on the back end to limit it either. Javascript is unsecure because a user can turn it off. How can I limit the upload to a .pdf file with .htaccess?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-25T05:59:02+00:00

As far as I know, it isn’t possible. You could, however, restrict the files being returned, and force their mime type to be application/pdf, so they will be treated like PDFs, even if they aren’t. If this was combined with JavaScript, it would help honest users (ex, if someone accidentally selects a .jpg they will get a warning right away), and it will make attacks more difficult.

It seems like the third-party mod_upload might be able to help, though.

To restrict the output types, you could use a .htaccess file similar to this:

# Prevent request to non-.pdf files
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} ! \.pdf$
RewriteRule (.*) $1 [F]
# Tell the browser that this is a PDF
Header set Content-Type application/pdf
# Hint that the browser shouldn't try to auto-detect the content type
Header set X-Content-Type-Options nosniff

(note: I wrote those from memory, so make sure to test them before you trust them…)

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a simple upload form that allows a file to be uploaded to

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply