无论如何保护您的站点免受外部站点scandir [英] Anyway protecting your site from external site scandir

问题描述

只是偶然发现了一个列出所有隐藏文件的网站。我使用了Facebook的目录： hashtag /，结果显示了来自 http：// www的一大堆文件。 facebook.com/hashtag/

Just came across to a website that lists all hidden files. I utilized Facebooks directory called: "hashtag/" and the results showed a whole bunch of files from http://www.facebook.com/hashtag/

此处是执行此操作的网站： https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files

Here's the website that does this: https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files

因此，我的主要问题是，有什么方法可以保护您的网站免遭另一个显示秘密文件的网站扫描，例如： tokens.php，sessions.php， template /，models / configs / ... etc ???

So my main question here is, is there any way to protect your site from being scanned by another website showing secret files like: tokens.php, sessions.php, templates/, models/ configs/...etc???

这让我非常担心，只是说我们正在建立一个拥有重要地位的网站文件和结构，如果有人想查看我们在该特定文件夹中所保存的内容，是否有任何方法可以防止该文件从该网站或其他执行此操作的网站中显示是操作吗？

This got me really worried now, just say we are making a website that holds important files and structures and if someone wanted to see what we're holding in that specific folder, is there any kind of way to prevent this from showing from that website or any other sites that does this operation?

我知道您可以通过.htaccess做到这一点，但是您能给我看看一个防止扫描多个文件夹的示例吗？

I know you can do this by .htaccess, but could you show me an example for preventing scanning on multiple folders?

推荐答案

主要选项是索引，您可以在 .htaccess中将其关闭。 与

The main option is Indexes you can turn them off in your .htaccess with

Options -Indexes

第二种选择是阻止 Deny

Order Deny,Allow
Deny from All

说一个名为 inc 的文件夹，其中包含一些您不希望通过url访问的文件，但是您希望其他PHP脚本能够包含这些文件，然后将此规则扔进一个 inc 文件夹中的 .htaccess 文件。

Say you have a folder called inc that holds some files that you don't want accessible via a url but you want your other PHP scripts to be able to include them you toss this rule in an .htaccess file in your inc folder.

此处是指向 .htaccess 规则 https://github.com/上的大量资源的链接phanan / htaccess

这篇关于无论如何保护您的站点免受外部站点scandir的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！