Home >Backend Development >PHP Tutorial >destoon uses Rewrite rules to set up website security_PHP tutorial
In order to enhance the security of destoon, necessary security settings are required. This article uses Rewrite rule settings to increase website security as an example as follows:
Rule 1:
Blocking dynamic files with non-php extensions, such as asp, aspx, etc., can prevent backdoor programs with suffixes such as asp, aspx, etc. from running
RewriteRule ^(.*)\.(asp|aspx|asa|asax|dll|jsp|cgi|fcgi|pl)(.*)$ /404.php
Rule 2:
Shield the PHP running permission of the site's file directory. The site's file directory has write permission by default. When an unknown vulnerability occurs on the website, a backdoor program may be written. After preventing PHP from running, even if there is a backdoor program, it will not be able to run.
RewriteRule ^(.*)/file/(.*)\.php(.*)$ /404.php
Versions 3.0 and below need to add one more
RewriteRule ^(.*)/cache/(.*)\.php(.*)$ /404.php