堆栈内存溢出
  简体   繁体   English

如何保护.htaccess的php文件免于php5下载时崩溃

[英]how to protect php file with .htaccess from downloading with php5 crashed

 原文  2010-10-15 02:19:54       php/ .htaccess

问题描述

Last night I made some admin changes to my webserver. 昨晚,我对网络服务器进行了一些管理员更改。 I use php. 我使用php。 The php processor failed after the update and if someone went to my homepage, the php page would simply download and show the proprietary code and password to anyone visiting. 更新后php处理器失败,如果有人进入我的主页,则php页面将简单下载并向访问的任何人显示专有代码和密码。 So I was wondering if there is a way to prevent any form of download for php files using .htaccess -- but still allow for normal viewing of the files. 所以我想知道是否有一种方法可以防止使用.htaccess进行php文件的任何形式的下载-但仍允许正常查看文件。

3 个解决方案

解决方案1
 5 已采纳  2010-10-15 02:32:25

A good pattern to follow during development is to use a minimal initialization file, which invokes the actual application which resides outside the webroot. 在开发过程中遵循的一个好的模式是使用最小的初始化文件,该文件调用驻留在webroot之外的实际应用程序。 That way only a minimal stub with no critical information is exposed in a case like this. 这样,在这种情况下,只暴露了没有关键信息的最小存根。

Simplified example: 简化示例: 

/
  /app
    critical_code.php
  /webroot
    .htaccess   <- rewrites all requests to index.php
    index.php   <- invokes ../app/critical_code.php (or other files as requested)

解决方案2
 3  2010-10-15 02:23:25

The trouble here is that either .htaccess is serving your files to the user or it's not. 这里的问题是.htaccess是否正在向用户提供文件。 You can't tell it to deny access to the .php files, because then access will be denied during normal use, as well. 您不能告诉它拒绝访问.php文件,因为在正常使用期间,访问也会被拒绝。 There is no fallback behavior for the PHP processor simply not running correctly. 没有正确运行的PHP处理器没有后备行为。

Maybe it's worth temporarily moving the web root to point to an "under maintenance" site when doing big things like that, to minimize risk as much as possible. 这样做时,也许值得暂时将网络根目录移到“维护中”的站点,以最大程度地降低风险。

解决方案3
 1  2010-10-15 04:18:13

Assuming you're using Apache, your .htaccess file would look something like this. 假设您使用的是Apache,那么您的.htaccess文件将如下所示。 

<FilesMatch ".*\.php">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>
<IfModule php5_module>
    <FilesMatch ".*\.php">
        Allow from all
        Satisfy All
    </FilesMatch>
</IfModule>

The first rule denies access to all .php files. 第一条规则拒绝访问所有.php文件。 By default, the user will see a 403 (Forbidden) error. 默认情况下,用户将看到403(禁止)错误。

If the PHP5 module successfully loads, the second rule will take affect, which grants access. 如果PHP5模块成功加载,第二条规则将生效,这将授予访问权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用PHP登录以防止下载文件 - Login using PHP to protect from downloading a file 如何使用htaccess保护php文件以供外部使用或直接使用 - how to Protect Php file with the htaccess to protevent external use or a direct use 正在下载php_mysql.dll for php5 - Downloading php_mysql.dll for php5 如何保护免受PHP中的文件上传攻击? - How to protect from file upload attack in php? 保护PHP包括(与htaccess?) - protect php includes (with htaccess?) 如何使用htaccess保护单个php页面? - How to protect a single php page with htaccess? 在PHP5中使用htaccess在register_globals - register_globals on in PHP5 using htaccess 通过.htaccess RewriteRule保护文件夹到php - Protect a folder by .htaccess RewriteRule to php 通过.htaccess和PHP保护文件 - protect files via .htaccess and PHP PHP5如何添加simplexml? - PHP5 how to add simplexml?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM