Jump to content

- - - - -

Securing Files and Directories

Securing of files and directories is an important thing any VA Admin should do. It's simple by creating a file in your webroot called .htaccess, placing the following in there:

# Some basic security for phpVMS files
# Thanks to mark1million

Options All -Indexes 

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|tpl)$">
 Order Allow,Deny
 Deny from all
You can also refer to this thread for more details

Jul 13 2010 09:20 PM
uhh.. I was the one who found this insecurity! (((its not a flaw is a feature?)))  :lol:

Mysterious Pilot
Dec 04 2010 07:01 PM
Hum that works fine in UNIX environments but in Windows hosting you cannot create a file called .htaccess.

Jan 24 2011 03:33 PM
To stop leaching of your image files add this to the same file.
#disable hotlinking
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?PUT YOUR DOMAIN HERE/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forum.phpvms.net/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?va-list.com/.*$ [NC]
RewriteRule \.(gif|png|jpg|js|css)$ - [F,NC]

Explained put your domain here is your website address, leave the ? so ?somedomain.com

If you want to allow other domains like i have then simply add them to the exception list.

phpvms and va-list.com, you can add as many as you like. :)

Feb 13 2011 04:27 PM
If anyone wants suggested HTACCESS file, This is the one for the best security so you won't have sneakers in your files.....

# main page of the site
DirectoryIndex index.php

# prevent viewing of a specific file
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|tpl)$">
 Order Allow,Deny
 Deny from all

# prevent viewing of index
Options -Indexes

Icon Search

Search Guides and Tutorials
Search through the guides and resources

phpDoc API documentation, function and class reference.

Internals Docs
doxygen code documentation. Very detailed, with call graphs and inline docs.