In my server (cpanel) I see now that with a simple DIR script (PHP) I can list files of all users over public_html
/home/[user]/public_html/
How can I prevent users from accessing the files of other users?
1条回答 默认 最新
dongyuling0312 2010-02-18 04:44关注The easiest method is by using PHP's open_basedir configuration setting. Unless you're using PHP 5.3+, you'll need to add the directive to apache's virtual host container for each site:
# restrict PHP access to /home/[user] php_value open_basedir /home/[user]Note that open_basedir isn't a 100% secure solution, but is a great way to restrict random code form reading things it should not.
解决 无用评论 打赏举报
分享
- 2018-10-05 14:24回答 1 已采纳 I would like to run my custom php script only if script has not contain any function which can
- 2016-06-22 12:52回答 1 已采纳 I'm not really sure what and why you want to do. There is no way to only allow a script to open a
- 2011-06-13 19:23回答 1 已采纳 Since forms (and therefor also cforms) are submitted via a browser, you can't completely block bro
- 2019-07-14 05:14出于网站安全考虑,如果根据自身网站服务器的安全规则判定当前用户为恶意攻击行为的话,可以使用此插件快速阻止该用户访问,并于$expire cookie时间之后解除阻止。 3.使用方法: 实例化BlockUserByCookie.class类...
- 2011-07-21 06:15回答 3 已采纳 You could use .htaccess rules or put them outside of your web directory! EDIT: It seems you are
- 2014-10-16 09:52回答 3 已采纳 Mention the below line in your .htaccess file. It'll definitely solve your problem. RewriteRule ^
- 2014-05-12 01:31回答 2 已采纳 Why not split the project up? Upload the contents of public to your document root and the rest som
- 2021-03-24 00:49weixin_39570530的博客 如果请求路径上存在某个文件或目录,则htaccess允许访问此文件,如css,js,images等…现在我有这样的链接:example.com/profile/martin-slicker-i231使用Zend Router,它指向控制器帐户和操作viewprofile.我想为我...
- 2012-01-31 14:04回答 4 已采纳 It seems like a simple redirect is what you're looking for here. Add something like this to the t
- 2015-11-08 17:00回答 2 已采纳 I don't see that there are any bullet proof ways of solving this. The only way I can think of is t
- 2013-05-14 16:23回答 2 已采纳 RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?yoursite.com.br/.*$ [
- 2021-01-10 10:01禁止访问扩展名为bat的文件,配置如下: location ~* /.bat { deny all; } 禁止访问configs目录,以及其下所有子目录或文件,配置如下: location ^~ /configs/ { deny all; } 注意上述configs后面的斜杠...
- 2011-03-19 15:12回答 1 已采纳 I doubt you really want to prevent users from accessing images folder or robots.txt It's only php
- 2020-08-04 21:58culuo8053的博客 .htaccess文件When I build websites for clients and myself, I use numerous include files to make my website easy to maintain. These include files may: 当我为客户和我自己建立网站时,我使用大量的包含文件...
- 2021-07-05 10:54weixin_39564807的博客 我正在/ test /上托管一个网站,但如果用户知道文件名,可以通过访问网址来访问文件.例如:domain.com/test/readmesample.txt我有它像上面设置但现在当我去domain.com/test index.html文件不会加载,我得到403禁止.如何...
- 没有解决我的问题, 去提问
悬赏问题
- ¥15 关于#Java#的问题,如何解决?
- ¥15 加热介质是液体,换热器壳侧导热系数和总的导热系数怎么算
- ¥15 想问一下树莓派接上显示屏后出现如图所示画面,是什么问题导致的
- ¥100 嵌入式系统基于PIC16F882和热敏电阻的数字温度计
- ¥15 cmd cl 0x000007b
- ¥20 BAPI_PR_CHANGE how to add account assignment information for service line
- ¥500 火焰左右视图、视差(基于双目相机)
- ¥100 set_link_state
- ¥15 虚幻5 UE美术毛发渲染
- ¥15 CVRP 图论 物流运输优化