限制WAMP文件系统访问

I have a WAMP stack installed in my PC. Yesterday, I was working with file system with PHP and noticed that I can access any directory in my hard disk even above the website document root directory. This is a clear security issue that I want to avoid.

Currently, I am using several virtual hosts in my WAMP stack along with custom domain using hosts file.

I am looking for some configuration that I can made in httpd.conf file or better if possible in .htaccess file that will limit the access of scripts in various sites to their document root. It will be better if the code doesn't require any changes when I add or remove virtual hosts.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongzhong8691 2014-01-06 13:42
关注
People should not ever be able to access folders you haven't allowed in any virtual hosts in conjunction with the .htaccess files

If you have a virtual host, say ben.mydevelopment which routes to a certain folder, there will be no way to "go up", you cannot access folders "above" that one.

You can use the .htaccess file to deny access to certain folders by using

Deny from all

and placing it in the relevant folders. You cannot block a whole filesystem since apache shouldn't serve you entire filesystem to start with.

Can you list the folders that you've been able to gain access to and the ones on which apache are running (either through the main config or virtual hosts)?

(Note: Also, I wouldn't worry too much about people being able to access your data, most firewalls deny inbound connections over HTTP and almost all home routers refuse inbound connections and don't know which computer to connect them to, so unless you've intentionally tried to setup you're own live web server, then you should be fine)
解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

报告相同问题？

关注问题

从HTML文件WAMP运行php脚本 html php
2015-06-17 09:33

回答 2 已采纳 Open the file via http://localhost/... The reason for the blank screen is: You can open a html-fil
用于测试上传PHP文件的Wamp问题 php
2015-06-30 09:20

回答 2 已采纳 This works for me: <?php if( $_FILES['file']['name'] != "" ) { $uploadfolder = $_S
如何在完成php动作后限制wamp服务器显示空白页？ php
2017-04-05 11:25

回答 2 已采纳 Such behavior of a http server actually is a pretty bold thing to do and kind of violates how web
php移动d盘文件系统,文件系统
2021-03-25 10:48

weixin_39699746的博客 文件系统一、文件系统的概述1.系统分类windows: win95 ...文件系统概念php的文件系统不是一个系统是php处理文件的一个模块给我们提供了一组操作文件的函数那么我们学习文件系统其实就是学习相关函数二、文件类型及...
在PHP WAMP窗口中更新CURL php
2016-07-11 07:09

回答 1 已采纳 As far as I know there is no such thing as downloading vanilla cURL and binding it with PHP. You n
使用其他设备访问localhost（wamp） apache php
2017-11-07 12:41

回答 1 已采纳 Try disabling Windows firewall. If that works, open port 80 in the firewall settings and reenable.
Sendmail Wamp Php php
2014-01-24 16:39

回答 4 已采纳 Finally I found the answer. The problem is that sendmail has to be run as an administrator. This
其他机器无法访问php,解决WAMP搭建PHP环境后后局域网其他机器无法访问的问题...
2021-03-26 12:54

weixin_39581719的博客刚安装wamp以后本地访问localhost或者127.0.0.1可以访问，但是如果局域网内其他电脑访问则出现403错误。从网上找了很多，各种说法都有了，却没几个好用的。解决问题方法如下：1，首先确定关闭了防火墙并且80端口没有...
如何在wamp服务器中重定向.htaccess文件 apache php
2016-01-06 10:44

回答 2 已采纳 You can use this rule in site root .htaccess: RewriteEngine on RewriteRule ^((?!moodle/).*)$ moo
如何在wamp服务器上使用Tesseract PHP包装器 php
2018-01-17 10:19

回答 2 已采纳 Does new.php contain the include for autoload.php? You most probably have to add require_once __DI
在php和wamp中使用<> php
2016-04-26 10:57

回答 1 已采纳 I assume it doesn't have anything to do with WAMP, and I'm not even sure I understand the situatio
其他机器无法访问php,WAMP搭建PHP环境后后局域网其他机器无法访问怎么办
2021-03-26 12:54

weixin_39862484的博客下面是WAMP搭建PHP环境后后局域网其他机器无法访问怎么办，让我们一起来看看WAMP搭建PHP环境后后局域网其他机器无法访问怎么办的具体内容吧！WAMP搭建PHP环境后后局域网其他机器无法访问怎么办...
Php网页无法显示带有Wamp Server的产品列表 mysql php
2018-07-05 00:12

回答 2 已采纳 Your $con is probably empty. You need to call Connection.php at the top of your category.php page.
wamp环境解决局域网不能访问的问题！
2023-06-29 20:34

Alan_Wdd的博客 wamp环境解决局域网不能访问的问题！
php 网页文件上传教程,PHP文件上传
2021-03-23 13:44

靠谱电竞的博客要想顺利实现上传功能，首先要在php.ini中开启文件上传，并对其中一些参数作出合理的设置，找到 File Upload 项可以看到下面有三个属性，表示含义如下。file_upload ：如果值为 on ，说明服务器支持文件上传。否则...
PHP：1、简介WAMP
2021-06-21 15:38

饱饱的煲鲍包的博客初学者学习路线 ... (2) 理解动态语言的概念和运做机制，熟悉基本... (5) 不断巩固PHP语法，熟悉大部分的PHP常用函数，理解面向对象编程，MySQL优化，以及一些模板和框架。 (6) 最终完成一个功能齐全的动态站点。 ...
PHP开发-文件上传
2021-05-28 17:16

_abcdef的博客后端处理2.1 错误信息解读2.2 PHP文件上传原理2.3 move_uploaded_file() 关键函数ifelse实现switch 实现2.4 文件格式与重名问题随机文件名2.5 后缀名pathinfo 函数2.6 控制文件格式，大小文件格式in_array 函数...
没有解决我的问题, 去提问

悬赏问题

¥100 set_link_state
¥15 虚幻5 UE美术毛发渲染
¥15 CVRP 图论物流运输优化
¥15 Tableau online 嵌入ppt失败
¥100 支付宝网页转账系统不识别账号
¥15 基于单片机的靶位控制系统
¥15 真我手机蓝牙传输进度消息被关闭了，怎么打开？(关键词-消息通知)
¥15 装 pytorch 的时候出了好多问题，遇到这种情况怎么处理？
¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
¥15 手机接入宽带网线，如何释放宽带全部速度

限制WAMP文件系统访问

2条回答 默认 最新

悬赏问题

2条回答默认最新