Trojanz
Boy
today : | at : | safemode : ON
> / Home / Facebook / Twitter /
name author perms com modified label

Mencegah serangan LFI vuln di web kita TrojanzBoy rwxr-xr-x 0 05.52

Filename Mencegah serangan LFI vuln di web kita
Permission rw-r--r--
Author TrojanzBoy
Date and Time 05.52
Label
Action
di sini saya akan memberikan sedikit clue or beberapa tips untuk mencegah Local File Inclusion Vulnerability in our website

langsung saja ini beberapa tips to handle local fie inclusion :via .htaccess file INGAT YAA . .

====================================
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory

# Allow all access
Allow from all

# Deny people from looking at the index and running SSI and CGI
Options None

# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off

# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off

# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi


===========================
-=[2]=- Via Directory directive
===========================

<DirectoryMatch "/images|/upload|/Upload|/Images">
# Ignore .htaccess files
AllowOverride None

# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi

# Don't run arbitrary PHP code.
php_admin_flag engine off
</DirectoryMatch>


==========================
-=[3]=- Via Location directive
==========================

<LocationMatch "/images|/upload">
# Ignore .htaccess files
AllowOverride None

# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi

# Don't run arbitrary PHP code.
php_admin_flag engine off
</Location>

===========================

Jika ada yg kurang Mohon di tambahkan , maklum no body`s perfect :)

 ketawa
If any something wrong feel free to correction or give critic . :) 

0 komentar:

Posting Komentar

 

2013 ./TrojanzBoy