如何prevent PHP文件被下载?什么是一些人可以下载呢? [英] How to prevent PHP files from being downloaded? And what are some ways someone can download them?

查看:222
本文介绍了如何prevent PHP文件被下载?什么是一些人可以下载呢?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我如何起价下载非法想通过浏览器p $ pvent PHP文件。什么是一些人可以用它来下载PHP文件?

How do i prevent php files from being downloaded "illegally" like through the browser. And what are some ways someone can use to download the php files?

推荐答案

您真的不能避免被下载,如果您的应用程序是不安全的文件。下面的例子可以让恶意用户可以查看服务器上的任何文件:

You can't really avoid files from being downloaded if your application is not secure. The following example allows a malicious user to view any file on your server:

<?php
readfile($_GET['file']);
?>

如果你从暴露源$ C ​​$ C要prevent阿帕奇如果事情是错的,使用PHP,在httpd.conf /的.htaccess补充一点:

If you want to prevent Apache from exposing the source code if something is wrong with PHP, add this in your httpd.conf / .htaccess:

# In case there is no PHP, deny access to php files (for safety)
<IfModule !php5_module>
    <FilesMatch "\.(php|phtml)$">
        Order allow,deny
        Deny from all
    </FilesMatch>
</IfModule>
# the following should be added if you want to parse .php and .phtml file as PHP
# .phps will add syntax highlighting to the file when requesting it with a browser
<IfModule php5_module>
    AddType text/html .php .phtml .phps
    AddHandler application/x-httpd-php .php .phtml
    AddHandler application/x-httpd-php-source .phps
</IfModule>

这篇关于如何prevent PHP文件被下载?什么是一些人可以下载呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆