destoon利用Rewrite规则设置网站安全_PHP
Rewrite
为增强destoon的安全性,需要进行必要的安全设置,本文以Rewrite规则设置来增加网站安全性为例说明如下:
规则一:
屏蔽非php扩展的动态文件,例如asp、aspx等,可以阻止asp、aspx等后缀的后门程序运行
RewriteRule ^(.*)\.(asp|aspx|asa|asax|dll|jsp|cgi|fcgi|pl)(.*)$ /404.php
规则二:
屏蔽站点file目录php运行权限,站点的file目录默认具有写入权限,当网站出现未知漏洞时,可能会被写入后门程序,阻止php运行之后,即使有后门程序也将无法运行。
RewriteRule ^(.*)/file/(.*)\.php(.*)$ /404.php
3.0及以下版本需要再加一条
RewriteRule ^(.*)/cache/(.*)\.php(.*)$ /404.php
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
php CodeIgniter Security Guide: Protect your website from attacks
Feb 19, 2024 pm 06:21 PM
1. Use the latest version of CodeIgniter The CodeIgniter team regularly releases security patches and updates to fix known vulnerabilities. Therefore, it is important to ensure that you are always using the latest version of CodeIgniter. You can download the latest version by visiting CodeIgniter’s official website. 2. Enforce the use of secure connections (HTTPS) https can encrypt the data passed between your website and users, making it more difficult for malicious users to intercept and steal. You can enable HTTPS by installing an SSL certificate on your server. 3. Avoid using default configurations CodeIgniter provides many default configurations to simplify the development process. However, these default configurations may not
Website security development practices: How to prevent SSRF attacks
Jun 29, 2023 am 11:58 AM
Website Security Development Practice: How to Prevent SSRF Attacks With the rapid development of the Internet, more and more companies and individuals choose to move their business to the cloud, and website security issues have also attracted increasing attention. One of the common security threats is SSRF (Server-SideRequestForgery, server-side request forgery) attack. This article will introduce the principles and harms of SSRF attacks, and provide some common preventive measures to help developers strengthen the security of their websites. The principles and dangers of SSRF attacks
Website security development practices: How to prevent XML external entity attacks (XXE)
Jun 29, 2023 am 08:51 AM
Website Security Development Practice: How to Prevent XML External Entity Attacks (XXE) With the development of the Internet, websites have become an important way for people to obtain and share information. However, the risks that come with it are also increasing. One of them is XML External Entity Attack (XXE), which is an attack method that exploits vulnerabilities in XML parsers. In this article, we will explain what an XXE attack is and how to prevent it. 1. What is XML External Entity Attack (XXE)? XML external entity attack (XXE) is a
Using ThinkPHP6 to implement website security detection
Jun 20, 2023 am 09:03 AM
With the continuous development of the Internet, more and more websites have emerged, but at the same time, website security problems have become more and more serious. Security vulnerabilities such as hacker attacks, malware, and SQL injection cause headaches for website operators. In order to ensure the security of the website, security testing during website construction and operation is also particularly important. This article will introduce how to use ThinkPHP6 to implement website security detection and help website operators further improve website security. 1. What is ThinkPHP6? ThinkPHP6 is a PH
Use Pagoda Panel for HTTPS upgrade to improve website security
Jun 21, 2023 am 10:15 AM
With the development of the Internet, websites have become an important channel for enterprises to display their image and communicate with the outside world. However, the network security issues that come with it are indeed worrying. Many website administrators may already be aware of the importance of protecting user data and transaction information by using the HTTPS protocol, but may not yet have a good understanding of how to implement HTTPS upgrades. This article will introduce how to use the Pagoda Panel to upgrade HTTPS and improve the security of the website. 1. What is HTTPS? HTTP is Hypertext Transfer Protocol, a
Detailed explanation of the impact of Discuz canceling the verification code function on website security
Mar 11, 2024 am 10:45 AM
"Discussion on the Impact of Discuz's Canceling the Verification Code Function on Website Security" With the rapid development of the Internet, website security issues have become increasingly prominent. As a common security verification mechanism, verification code is widely used on websites. However, some websites may cancel the verification code function in order to improve user experience. Will this have a negative impact on website security? This article will discuss the impact of Discuz's cancellation of verification code function on website security and provide specific code examples. 1. The function and principle of verification code Verification code (CAP)
Preventing HTTP Response Splitting Attacks: Website Security Development Practices
Jun 30, 2023 pm 12:45 PM
Website security has always been an important topic in the Internet field. With the continuous development of network technology, hackers' attack methods have become more and more complex and hidden. One of the common attack methods is HTTP response splitting attack. This article will introduce how to effectively prevent this attack from both the principle and practice aspects to protect the security of the website. First, let’s understand the principle of HTTP response splitting attack. This attack exploits a vulnerability in the HTTP protocol, which inserts a newline character between the response header and the response body to split the response, causing the server to
PHP website security and protection measures
May 04, 2024 pm 10:48 PM
PHP website security measures include: Preventing SQL injection: using prepared statements or escaping user input. Prevent XSS: Escape user input. Prevent CSRF: Use CSRF tokens. Prevent buffer overflow: Set the maximum input length. Stay updated, use security frameworks, enable firewalls, monitor websites, conduct security audits.
