防止点点斜杠或文件路径遍历攻击。 [英] Defence against dot dot slash or file path traversal attack.

问题描述

我安装了EasyPHP，我正在考虑按照以下目录：

http://127.0.0.1/projects/Web%20Developement/aureus/files/ < br $>


我希望用户被限制在此目录中，无法访问名为 aureus 的目录。



我希望所有这些配置都使用 .htaccess 我该怎么做？

解决方案

A防止目录遍历的可能算法是：

- 在继续执行下面的过程之前，处理不会导致文件请求的URI请求，例如，执行钩子进入用户代码。 />
- 当要对文件/目录进行URI请求时，建立文件/目录的完整路径（如果存在），并规范化所有字符（例如，％20转换为空格）。 />
- 假设'Document Root'完全限定，标准化，路径已知，并且此字符串的长度为N.假设没有文件输出ide可以提供这个目录。

- 确保所请求文件的完全限定路径的前N个字符与'Document Root'完全相同。

- 如果是这样，允许返回文件。

- 如果没有，则返回错误，因为请求明显超出了Web服务器应该允许服务的范围。

- 检查字符串是否包含'..'（彼此相邻的两个句点）。

- 使用硬编码的预定义文件扩展名来后缀路径不会限制范围对该文件扩展名的文件的攻击。<​​br />

 <？php  
 include（

_GET [' file']。 ' .html'）;

用户可以使用％00（返回

_GET



[来自维基百科 - 目录遍历攻击 [ ^ ]]

I have EasyPHP installed,I am considering following as root directory:
http://127.0.0.1/projects/Web%20Developement/aureus/files/

I want user to be restricted to this directory and not able to get access to directory named aureus.

I want all this configuration using .htaccess how can I do that?

解决方案

A possible algorithm for preventing directory traversal would be to:
- Process URI requests that do not result in a file request, e.g., executing a hook into user code, before continuing below.
- When a URI request for a file/directory is to be made, build a full path to the file/directory if it exists, and normalize all characters (e.g., %20 converted to spaces).
- It is assumed that a 'Document Root' fully qualified, normalized, path is known, and this string has a length N. Assume that no files outside this directory can be served.
- Ensure that the first N characters of the fully qualified path to the requested file is exactly the same as the 'Document Root'.
- If so, allow the file to be returned.
- If not, return an error, since the request is clearly out of bounds from what the web-server should be allowed to serve.
- Check if the string contains '..' (two periods next to each other).
- Using a hard-coded predefined file extension to suffix the path does not limit the scope of the attack to files of that file extension.

<?php
include(

_GET['file'] . '.html');

The user can use %00 (return to line, \n) to bypass everything after the

_GET

[From Wikipedia - Directory traversal attack[^]]

这篇关于防止点点斜杠或文件路径遍历攻击。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！