查看“Mediawiki/Secure”的源代码

mediawiki 会在安装时提示，文件上传目录有脚本执行漏洞。

== 阻止脚本执行 ==
目前官网提供以下配置文件（apache2）

<syntaxhighlight lang="nginx">
<Directory "/Library/MediaWiki/web/images">
   # Ignore .htaccess files
   AllowOverride None
   
   # Serve HTML as plaintext, don't execute SHTML
   AddType text/plain .html .htm .shtml .phtml
   
   # Don't run arbitrary PHP code.
   php_admin_flag engine off

   # Tell browsers to not sniff files
   Header set X-Content-Type-Options nosniff
   
   # If you've other scripting languages, disable them too.
</Directory>
</syntaxhighlight>

如果是nginx
只需要以下内容
 location ^~ /images/ {
 }

== nosniff ==
nginx
 add_header X-Content-Type-Options nosniff;