堆栈内存溢出
  简体   繁体   English

修改 PHP 中的 .htaccess 文件是否安全?

[英]Is it safe to modify a .htaccess file in PHP?

 原文  2011-04-27 13:45:27       php/ .htaccess

问题描述

In my .htaccess file, I use variables ( SetEnv ) to toggle ON/OFF the website when I do updates, is it safe or is it even possible to modify that .htaccess file via a PHP script?在我的 .htaccess 文件中,我在更新时使用变量 ( SetEnv ) 来打开/关闭网站,是否安全,甚至可以通过 Z2FEC392304A5C23AC138DA22847F9 修改 .htaccess 文件?

To be more specific, I need to comment/un-comment those lines:更具体地说,我需要评论/取消评论这些行:

#RewriteCond %{REMOTE_ADDR} !LOCALIPHERE
#RewriteCond %{REQUEST_URI} !^/Site/maintenance.htm
#RewriteCond %{REQUEST_URI} !^/Site/styles/style.css
#RewriteCond %{REQUEST_URI} !^/Site/includes/jquery-1.4.4.min.js
#RewriteCond %{REQUEST_URI} !\.(jpg|jpeg|png|gif|swf)$
#RewriteRule ^.* /Site/maintenance.htm [L]

Thank you谢谢

Edit:编辑:

My definition of safe is: I would like to know how the site will behave if the .htaccess file is opened by a PHP script and the website is being visited in the same time.我对安全的定义是:我想知道如果 .htaccess 文件由 PHP 脚本打开并且同时访问该网站,该网站将如何运行。

3 个解决方案

解决方案1
 6 已采纳  2011-04-27 13:46:23

If the file is writable by the PHP process it can be modified like every other file.如果该文件可由 PHP 进程写入,则可以像其他所有文件一样对其进行修改。

However, instead of commenting/uncommenting your code you should use a RewriteCond checking your env var.但是,您应该使用RewriteCond检查您的环境变量,而不是注释/取消注释您的代码。

解决方案2
 1  2011-04-27 13:49:55

I would gauge the "safe to modify" under the consideration if it is reliable to do so - without introducing syntax errors.如果这样做是可靠的,我会根据考虑来衡量“修改的安全” - 不会引入语法错误。 To accomplish that I would recommend you use more specific comment tokens:为此,我建议您使用更具体的评论标记:

#<off>#RewriteCond %{RE...

That's safer to scan for and replace using simple string manipulation, thus reducing the likelihood of causing a 500 error on modifying .htaccess files.使用简单的字符串操作进行扫描和替换会更安全,从而减少在修改 .htaccess 文件时导致 500 错误的可能性。 If you have different types of settings you want to enable/disable, then use multiple more specific tokens.如果您要启用/禁用不同类型的设置,请使用多个更具体的令牌。

Regarding security itself, having them world-writable has the same implications has having world-writable php scripts or configuration files.关于安全性本身,让它们世界可写与拥有世界可写的 php 脚本或配置文件具有相同的含义。

解决方案3
 0  2011-04-27 13:48:19

As long as you know, what you are doing, its safe.只要你知道,你在做什么,它是安全的。 However, if you edit the file manually and doesnt reflect this situation in your script, it is quite easy to break it.但是,如果您手动编辑文件并且没有在脚本中反映这种情况,则很容易破坏它。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 可以用PHP修改htaccess文件吗? - Possible to modify htaccess file with PHP? 是否允许PHP修改当前文件夹中的.htaccess文件? - Is PHP allowed to modify .htaccess file in current folder? 通过.htaccess文件修改URL - Modify the URL through an .htaccess file 拒绝访问 .htaccess 中的 .ini 文件是否安全? - Is it safe to deny access to .ini file in .htaccess? 尝试使用PHP修改文件 - Trying to modify a file with PHP 修改PHP中文件的内容 - Modify content of file in php 使用Web界面修改htaccess文件 - Use web interface to modify htaccess file htaccess不能缓存php文件吗? - htaccess not caching php file? PHP中的动态.htaccess文件 - Dynamic .htaccess file in PHP 在PHP中更改htaccess文件 - changing the htaccess file in php
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM