如何prevent PHP文件被下载?什么是一些人可以下载呢? [英] How to prevent PHP files from being downloaded? And what are some ways someone can download them?
本文介绍了如何prevent PHP文件被下载?什么是一些人可以下载呢?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我如何起价下载非法想通过浏览器p $ pvent PHP文件。什么是一些人可以用它来下载PHP文件?
How do i prevent php files from being downloaded "illegally" like through the browser. And what are some ways someone can use to download the php files?
推荐答案
您真的不能避免被下载,如果您的应用程序是不安全的文件。下面的例子可以让恶意用户可以查看服务器上的任何文件:
You can't really avoid files from being downloaded if your application is not secure. The following example allows a malicious user to view any file on your server:
<?php
readfile($_GET['file']);
?>
如果你从暴露源$ C $ C要prevent阿帕奇如果事情是错的,使用PHP,在httpd.conf /的.htaccess补充一点:
If you want to prevent Apache from exposing the source code if something is wrong with PHP, add this in your httpd.conf / .htaccess:
# In case there is no PHP, deny access to php files (for safety)
<IfModule !php5_module>
<FilesMatch "\.(php|phtml)$">
Order allow,deny
Deny from all
</FilesMatch>
</IfModule>
# the following should be added if you want to parse .php and .phtml file as PHP
# .phps will add syntax highlighting to the file when requesting it with a browser
<IfModule php5_module>
AddType text/html .php .phtml .phps
AddHandler application/x-httpd-php .php .phtml
AddHandler application/x-httpd-php-source .phps
</IfModule>
这篇关于如何prevent PHP文件被下载?什么是一些人可以下载呢?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文