Securing a server is at hard task especially for beginners.
On todays topic we gonna protect server config files using htaccess.
Why we should do that ?
well if another site on same server with you gets hacked, then he can read your configuration files like config.php wp-config.php etc..
Ok lets get into point
<Files config.php>
Order allow,deny
Deny from all
</Files>
When the attacker tryes to read the config.php (as example) file it gets a 403 permission denyied.
Protecting same type files
Lets for example we wanna protect all .ini files
We can do
<Files *.ini>
Order allow,deny
Deny from all
</Files>
I just explainded what can we do to protect our config files if we dont have enough access to php.ini
If you are a server administrator you can automate this (future tutorial).
Few notes to remember
a. If you deny all .txt robots.txt will get blocked, or .xml when sitemap.xml gets blocked, but if you dont have this 2 files do whatever you want.
b. Make an separated config file, you cant protect article.php which has seme configurations(database password) since it will disallow all users to access normal files.
c. Make shure you have the right chmod (permossion) for files.
d. Dont forget to share :D :D
No comments:
Post a Comment