About the features of Imperial CMS 6.5: Instructions for using website security firewall

The following tutorial column of Empire cms will introduce to you how to use the website firewall in Imperial cms. I hope it will be helpful to friends in need!

This article explains how to use the website firewall:

1. There are two methods to configure the "website firewall":

1 ,Backstage>"System Settings">"Website Firewall".

2. Modify the e/class/config.php file configuration.

2. The following explains the function and use of related settings:

1. Firewall encryption key:

This item must be set , fill in any 10 to 50 characters, preferably a combination of characters.

And it is recommended to change it once a week or every month.

2. Domain name that allows backend login:

Set the domain name that only allows access to the backend. The domain name is bound to the root directory of the website. Only access to the e/admin backend through this domain name is allowed. . Generally, the domain name can be the second-level domain name of the website. If you want to be more safe, you can also bind a new second-level domain name to the domain name. For example: website domain name: http://www.phome.net, and to access the backend domain name, use http://abc.digod.com

and the bound domain name also supports adding ports, such as: http: //abc.phome.net:8080, provided that the server supports using this port to access the website.

After binding the domain name (http://abc.digod.com), the access backend address is: http://abc.digod.com/e/admin/, while accessing the backend through other domain names is: blank.

3. The time point when logging into the backend and the week when logging into the backend are allowed:

Convenient unit settings during working hours, making it easier to control website security maintenance and preventing users from working during working hours Go backstage.

If there is an emergency exception, you can manually modify the e/class/config.php file configuration.

4. The firewall background pre-login verification variable name and the firewall background pre-login authentication code

must be set.

Pre-login verification variable name: It can be composed of English letters and numbers (must start with a letter), and consists of 5 to 20 characters.

Pre-login authentication code: fill in any 10 to 50 characters, preferably a combination of characters.

And it is recommended to change it once a week or every month.

5. Block submission of sensitive characters:

This function is the core of the security firewall and can safely filter all information entered by front-end users. Usually set the relevant characters for PHP, MySQL and other attacks.

For example: characters commonly used in sql injection: select, outfile, union, delete, insert, update, replace, sleep, benchmark, load_file, create

More imperial cms technical articles , please visit the Empire cms secondary development column!

The above is the detailed content of About the features of Imperial CMS 6.5: Instructions for using website security firewall. For more information, please follow other related articles on the PHP Chinese website!