无论如何保护您的站点免受外部站点scandir [英] Anyway protecting your site from external site scandir
问题描述
只是偶然发现了一个列出所有隐藏文件的网站。我使用了Facebook的目录: hashtag /,结果显示了来自 http:// www的一大堆文件。 facebook.com/hashtag/
Just came across to a website that lists all hidden files. I utilized Facebooks directory called: "hashtag/" and the results showed a whole bunch of files from http://www.facebook.com/hashtag/
此处是执行此操作的网站: https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files
Here's the website that does this: https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files
因此,我的主要问题是,有什么方法可以保护您的网站免遭另一个显示秘密文件的网站扫描,例如: tokens.php,sessions.php, template /,models / configs / ... etc ???
So my main question here is, is there any way to protect your site from being scanned by another website showing secret files like: tokens.php, sessions.php, templates/, models/ configs/...etc???
这让我非常担心,只是说我们正在建立一个拥有重要地位的网站文件和结构,如果有人想查看我们在该特定文件夹中所保存的内容,是否有任何方法可以防止该文件从该网站或其他执行此操作的网站中显示是操作吗?
This got me really worried now, just say we are making a website that holds important files and structures and if someone wanted to see what we're holding in that specific folder, is there any kind of way to prevent this from showing from that website or any other sites that does this operation?
我知道您可以通过.htaccess做到这一点,但是您能给我看看一个防止扫描多个文件夹的示例吗?
I know you can do this by .htaccess, but could you show me an example for preventing scanning on multiple folders?
推荐答案
主要选项是索引
,您可以在 .htaccess中将其关闭。
与
The main option is Indexes
you can turn them off in your .htaccess
with
Options -Indexes
第二种选择是阻止 Deny
Order Deny,Allow
Deny from All
说一个名为 inc
的文件夹,其中包含一些您不希望通过url访问的文件,但是您希望其他PHP脚本能够包含这些文件,然后将此规则扔进一个 inc
文件夹中的 .htaccess
文件。
Say you have a folder called inc
that holds some files that you don't want accessible via a url but you want your other PHP scripts to be able to include them you toss this rule in an .htaccess
file in your inc
folder.
此处是指向 .htaccess
规则 https://github.com/上的大量资源的链接phanan / htaccess
这篇关于无论如何保护您的站点免受外部站点scandir的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!