如何防止PHP文件被下载?有人可以通过哪些方式下载它们? [英] How to prevent PHP files from being downloaded? And what are some ways someone can download them?
本文介绍了如何防止PHP文件被下载?有人可以通过哪些方式下载它们?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
如何防止 php 文件像通过浏览器那样非法"下载.有人可以使用哪些方式下载 php 文件?
How do i prevent php files from being downloaded "illegally" like through the browser. And what are some ways someone can use to download the php files?
推荐答案
如果您的应用程序不安全,您就无法真正避免下载文件.以下示例允许恶意用户查看您服务器上的任何文件:
You can't really avoid files from being downloaded if your application is not secure. The following example allows a malicious user to view any file on your server:
<?php
readfile($_GET['file']);
?>
如果您想在 PHP 出现问题时阻止 Apache 暴露源代码,请在 httpd.conf/.htaccess 中添加:
If you want to prevent Apache from exposing the source code if something is wrong with PHP, add this in your httpd.conf / .htaccess:
# In case there is no PHP, deny access to php files (for safety)
<IfModule !php5_module>
<FilesMatch ".(php|phtml)$">
Order allow,deny
Deny from all
</FilesMatch>
</IfModule>
# the following should be added if you want to parse .php and .phtml file as PHP
# .phps will add syntax highlighting to the file when requesting it with a browser
<IfModule php5_module>
AddType text/html .php .phtml .phps
AddHandler application/x-httpd-php .php .phtml
AddHandler application/x-httpd-php-source .phps
</IfModule>
这篇关于如何防止PHP文件被下载?有人可以通过哪些方式下载它们?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文