Jump to content


- - - - -

Securing Files and Directories





Securing of files and directories is an important thing any VA Admin should do. It's simple by creating a file in your webroot called .htaccess, placing the following in there:

# Some basic security for phpVMS files
# Thanks to mark1million

Options All -Indexes 

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|tpl)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>
You can also refer to this thread for more details



skymx
Jul 14 2010 02:20 AM
uhh.. I was the one who found this insecurity! (((its not a flaw is a feature?)))  :lol:

Mysterious Pilot
Dec 05 2010 12:01 AM
Hum that works fine in UNIX environments but in Windows hosting you cannot create a file called .htaccess.

mark1million
Jan 24 2011 08:33 PM
To stop leaching of your image files add this to the same file.
#disable hotlinking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?PUT YOUR DOMAIN HERE/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forum.phpvms.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?va-list.com/.*$ [NC]
RewriteRule \.(gif|png|jpg|js|css)$ - [F,NC]

Explained put your domain here is your website address, leave the ? so ?somedomain.com

If you want to allow other domains like i have then simply add them to the exception list.

phpvms and va-list.com, you can add as many as you like. :)

Kyle (Vansers)
Feb 13 2011 09:27 PM
If anyone wants suggested HTACCESS file, This is the one for the best security so you won't have sneakers in your files.....


# main page of the site
DirectoryIndex index.php

# prevent viewing of a specific file
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|tpl)$">
 Order Allow,Deny
 Deny from all
</FilesMatch>

# prevent viewing of index
Options -Indexes

Icon Search

Search Guides and Tutorials
Search through the guides and resources


phpDocs
phpDoc API documentation, function and class reference.

Internals Docs
doxygen code documentation. Very detailed, with call graphs and inline docs.

Support phpVMS

Donate $10
Donate $15
Enter an amount