(预防PHP源代码泄漏的建议)
1)使用mod_security过滤输出严防泄漏 Use mod_security to filter output and prevent leakage (例如)
PHP代码
1. SecFilterOutput On
2. SecFilterSelective OUTPUT "<?php" log,deny
2)不要将关键敏感代码放到根目录中 Code should live outside of the web root (例如)
PHP代码
1. index.php:
2.
3. <?php
4. include('../realroot/index.php');
5. ?>
3)更改默认的文件类型 Change the default file type (例如对http.conf做如下修改)
PHP代码
1. httpd.conf:
2.
3. DefaultType application/x-httpd-php
4)绝对禁止访问根目录 Deny all outside of the webroot (假设你的根目录是 ‘www’ ,例如)
PHP代码
1. http.conf: (or .htaccess)
2.
3. <directory />
4. Order Deny,Allow
5. Deny from all
6. Options None
7. AllowOverride None
8.
9. <directory /www>
10. Order Allow,Deny
11. Allow from all
12. </directory>
1)使用mod_security过滤输出严防泄漏 Use mod_security to filter output and prevent leakage (例如)
PHP代码
1. SecFilterOutput On
2. SecFilterSelective OUTPUT "<?php" log,deny
2)不要将关键敏感代码放到根目录中 Code should live outside of the web root (例如)
PHP代码
1. index.php:
2.
3. <?php
4. include('../realroot/index.php');
5. ?>
3)更改默认的文件类型 Change the default file type (例如对http.conf做如下修改)
PHP代码
1. httpd.conf:
2.
3. DefaultType application/x-httpd-php
4)绝对禁止访问根目录 Deny all outside of the webroot (假设你的根目录是 ‘www’ ,例如)
PHP代码
1. http.conf: (or .htaccess)
2.
3. <directory />
4. Order Deny,Allow
5. Deny from all
6. Options None
7. AllowOverride None
8.
9. <directory /www>
10. Order Allow,Deny
11. Allow from all
12. </directory>
3851
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
