destoon uses Rewrite rules to set up website security_PHP tutorial

In order to enhance the security of destoon, necessary security settings are required. This article uses Rewrite rule settings to increase website security as an example as follows:

Rule 1:

Blocking dynamic files with non-php extensions, such as asp, aspx, etc., can prevent backdoor programs with suffixes such as asp, aspx, etc. from running

RewriteRule ^(.*)\.(asp|aspx|asa|asax|dll|jsp|cgi|fcgi|pl)(.*)$ /404.php

Rule 2:

Shield the PHP running permission of the site's file directory. The site's file directory has write permission by default. When an unknown vulnerability occurs on the website, a backdoor program may be written. After preventing PHP from running, even if there is a backdoor program, it will not be able to run.

RewriteRule ^(.*)/file/(.*)\.php(.*)$ /404.php

Versions 3.0 and below need to add one more

RewriteRule ^(.*)/cache/(.*)\.php(.*)$ /404.php

http://www.bkjia.com/PHPjc/825479.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/825479.htmlTechArticleIn order to enhance the security of destoon, necessary security settings are required. This article uses Rewrite rule settings to increase website security. An example is as follows: Rule 1: Block dynamic text that is not a PHP extension...