Tag: apache

Posted on

The uploaded file was only partially uploaded

“The uploaded file was only partially uploaded” Error

Background:

Having functioned correctly for years, I was confronted with the ” Uploaded file was only partially uploaded” error when trying to upload media files for an article. This error seems to have occurred since upgrading to the latest version of WordPress – 4.1.1

Solution:

Some solutions advocate changing the upload directory permissions to 777 which, apart from being a gaping security hole, does not help in all situations and certainly not this one.

The solution in this case is to tell Apache not to keep the connection open. Modifying this in Apache – site-wide – is not recommended and could break more than it fixes so in this case we can do this for just the upload functionality of the single wordpress site.

Simply add the following code

<?php header ("Connection: close"); ?>

to the top of the

wp-admin/include/file.php

to make it look like this:

Job done, happy uploading!

No related posts.

Posted on

Linux: Cut Down on the Information Leaked by Apache2 Webserver

It’s a given that information leakage in the form of server / mod versions can seriously aid an attacker in compromising your server and / or web application. By cutting down the amount of information that your server freely surrenders you can make the attacker’s job that much harder – these very quick tips will do just that!

ServerTokens

In your /etc/apache2/conf.d/security file, look for “ServerTokens” and set the parameter to “Prod” – this will identify the server software only, no versions, or extensions.

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod

Description:

ServerTokens Prod[uctOnly]
Server sends (e.g.): Server: Apache
ServerTokens Major
Server sends (e.g.): Server: Apache/2
ServerTokens Minor
Server sends (e.g.): Server: Apache/2.0
ServerTokens Min[imal]
Server sends (e.g.): Server: Apache/2.0.41
ServerTokens OS
Server sends (e.g.): Server: Apache/2.0.41 (Unix)
ServerTokens Full (or not specified)
Server sends (e.g.): Server: Apache/2.0.41 (Unix) PHP/4.2.2 MyMod/1.2

expose_php

In the same vein, we want to remove any information shown by the php install which is done by setting the “expose_php” directive to “Off”.

Locate this in the /etc/php5/apache2/php.ini file and set accordingly:

; Decides whether PHP may expose the fact that it is installed on the server
; (e.g. by adding its signature to the Web server header).  It is no security
; threat in any way, but it makes it possible to determine whether you use PHP
; on your server or not.
; http://php.net/expose-php
expose_php = Off

No related posts.

Exit mobile version
%%footer%%