If your domain allows file uploads and content types are not specified or specified incorrectly, hackers will often attempt to upload a file and then use that file in an attack. These types of attacks are also known as MIME Sniffing or Data Sniffing or Content Sniffing attacks.
Add the following code to add a header to your nginX virtual host file to disallow sniffing.
Use this header at your own risk. If your site starts to behave unexpectedly you may need to remove the code to suit your needs.
[ez_code scroll=”1″]add_header X-Content-Type-Options nosniff;[/ez_code]
Total 0 Votes: