I use a .htaccess file in my images directory to block scripts from running. I exclude .php .cgi and so on. But some malware are disguised by naming them with an image extension. I did not previously add various image extensions fearing it could prevent images from displaying on site pages. My question is three fold.
1> would adding image extensions prevent any malware with an image extension from being executed?
2> would adding extensions to the .htaccess impact the normal loading of an image as asset into content pages?
3> Could I place limit in the /root .htaccess file to prevent running anything with image extensions as a script to protect entire site from this kind of exploit without causing issues with proper display of images? (obviously not including any actual scripts that are required to run)
<Files .htaccess> order allow,deny deny from all </Files> Options -Indexes Options -ExecCGI AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi ## No directory listings <IfModule autoindex> IndexIgnore * </IfModule> ## Suppress mime type detection in browsers for unknown types <IfModule mod_headers.c> Header always set X-Content-Type-Options "nosniff" </IfModule>