How to protect sensitive files of PHP website through security configuration files?

How to protect sensitive files of PHP website through security configuration files?

When developing and deploying PHP websites, protecting sensitive files is a very important task. By properly configuring your server and using security profiles, you can effectively prevent unauthorized access to sensitive files. This article will introduce how to protect sensitive files of PHP website through security configuration files.

1. Configuring the Web Server

First, we need to ensure that the Web server is configured correctly to prevent sensitive files from being accessed directly. Commonly used web servers include Apache and Nginx. The configuration methods are introduced below.

• Apache
  In the Apache configuration file (usually httpd.conf), find the following line:

  <Directory /var/www/html>
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all granted
  </Directory>

  Replace AllowOverride None Change to AllowOverride All and then restart the Apache server.

• Nginx
  In the Nginx configuration file (usually nginx.conf), find the following line:

  location / {
    try_files $uri $uri/ =404;
  }

  Place try_files $uri $uri / =404;Change totry_files $uri $uri/ /index.php?$query_string;, and then restart the Nginx server.

2. Create a security configuration file

Create a file named .htaccess in the root directory of the website (if using Apache) Or nginx.conf (if using Nginx) file, used to set access rules and protect sensitive files.

• Apache
  The sample code is as follows:

  Options -Indexes
  <Files ~ ".ini$">
    Order allow,deny
    Deny from all
  </Files>
  <Files ~ ".log$">
    Order allow,deny
    Deny from all
  </Files>
  <Files ~ "(^|.)ht(access|passwd|groups|config)$">
    Order allow,deny
    Deny from all
  </Files>

  The function of the above code is to prohibit listing directory files and accessing files ending with .ini Files, files ending with .log are prohibited, and access to .htaccess, .htpasswd, .htgroups, .htconfig is prohibited. and other files.

• Nginx
  The sample code is as follows:

  location ~ /. {
    deny all;
  }
  location ~* .(ini|log)$ {
    deny all;
  }

  The function of the above code is to prohibit access to files starting with a dot and prohibit access to .ini and files ending with .log.

3. Other security measures

In addition to the above configuration files, we can also take other security measures to further protect the security of sensitive files.

• Move sensitive files out of the Web root directory
  You can move sensitive files out of the Web root directory, so that even if the Web server is compromised, the sensitive files will not be directly accessed.
• Turn on PHP's safe mode
  By setting safe_mode = On in the php.ini configuration file, you can limit the scope of PHP scripts to access files to increase safety.
• Check file permissions
  Ensure that the permissions of sensitive files are set correctly. Use the command chmod to set appropriate permissions. Generally, set permissions for sensitive files to 600 or higher.

Summary

By correctly configuring the web server and using security configuration files, you can effectively protect the sensitive files of your PHP website. At the same time, server and application patches should be regularly updated, as well as the password security of the website should be strengthened. Combining multiple security measures, it can provide more reliable protection of sensitive files.

References:

• Apache official documentation: https://httpd.apache.org/docs/
• Nginx official documentation: https://nginx. org/en/docs/

The above is the detailed content of How to protect sensitive files of PHP website through security configuration files?. For more information, please follow other related articles on the PHP Chinese website!