Home >Backend Development >PHP Tutorial >destoon uses Rewrite rules to set up website security_PHP tutorial

destoon uses Rewrite rules to set up website security_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 10:24:26969browse

In order to enhance the security of destoon, necessary security settings are required. This article uses Rewrite rule settings to increase website security as an example as follows:

Rule 1:

Blocking dynamic files with non-php extensions, such as asp, aspx, etc., can prevent backdoor programs with suffixes such as asp, aspx, etc. from running

RewriteRule ^(.*)\.(asp|aspx|asa|asax|dll|jsp|cgi|fcgi|pl)(.*)$ /404.php

Rule 2:

Shield the PHP running permission of the site's file directory. The site's file directory has write permission by default. When an unknown vulnerability occurs on the website, a backdoor program may be written. After preventing PHP from running, even if there is a backdoor program, it will not be able to run.

RewriteRule ^(.*)/file/(.*)\.php(.*)$ /404.php

Versions 3.0 and below need to add one more

RewriteRule ^(.*)/cache/(.*)\.php(.*)$ /404.php

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/825479.htmlTechArticleIn order to enhance the security of destoon, necessary security settings are required. This article uses Rewrite rule settings to increase website security. An example is as follows: Rule 1: Block dynamic text that is not a PHP extension...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn