donglu9743 2016-05-12 19:52
浏览 19
已采纳

如何限制从所有子目录查看php.ini?

I'm currently able to alter .htaccess file as such to prevent opening of the php.ini and other files via a web browser:

# Prevent .ini and other files from being open from web browser
<filesMatch "\.(htaccess|htpasswd|ini|log|sh)$">
 Order Allow,Deny
 Deny from all
</filesMatch>

But this seems to work only for the root directory, where I place this .htaccess file, so if I navigate to www.mysite.com/sub/php.ini it can still open that file.

Any idea how to make a filter for all such files in all subdirectories?

  • 写回答

1条回答 默认 最新

  • dongyukang7006 2016-05-12 19:56
    关注

    You could add this to your apache configuration httpd.conf, or to your .htaccess itself.

    <Files "*.ini">
    Require all denied
</Files>

    Or this would work as well:

    <Files "*.ini">
    Order Allow,Deny
    Deny from all
</Files>

    If you want to keep it the format you have at the moment, you could do this:

    <filesMatch ".*\.(htaccess|htpasswd|ini|log|sh)$">
    Order Allow,Deny
    Deny from all
</filesMatch>
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 R语言Rstudio突然无法启动
  • ¥15 关于#matlab#的问题:提取2个图像的变量作为另外一个图像像元的移动量,计算新的位置创建新的图像并提取第二个图像的变量到新的图像
  • ¥15 改算法,照着压缩包里边,参考其他代码封装的格式 写到main函数里
  • ¥15 用windows做服务的同志有吗
  • ¥60 求一个简单的网页(标签-安全|关键词-上传)
  • ¥35 lstm时间序列共享单车预测,loss值优化,参数优化算法
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值