Filename | Mencegah serangan LFI vuln di web kita |
Permission | rw-r--r-- |
Author | TrojanzBoy |
Date and Time | 05.52 |
Label | Defacing |
Action |
di sini saya akan memberikan sedikit clue or beberapa tips untuk mencegah Local File Inclusion Vulnerability in our website
langsung saja ini beberapa tips to handle local fie inclusion :via .htaccess file INGAT YAA . .
====================================
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory
# Allow all access
Allow from all
# Deny people from looking at the index and running SSI and CGI
Options None
# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off
# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off
# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
===========================
-=[2]=- Via Directory directive
===========================
<DirectoryMatch "/images|/upload|/Upload|/Images">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</DirectoryMatch>
==========================
-=[3]=- Via Location directive
==========================
<LocationMatch "/images|/upload">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</Location>
===========================
Jika ada yg kurang Mohon di tambahkan , maklum no body`s perfect :)
If any something wrong feel free to correction or give critic . :)
langsung saja ini beberapa tips to handle local fie inclusion :via .htaccess file INGAT YAA . .
====================================
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory
# Allow all access
Allow from all
# Deny people from looking at the index and running SSI and CGI
Options None
# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off
# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off
# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
===========================
-=[2]=- Via Directory directive
===========================
<DirectoryMatch "/images|/upload|/Upload|/Images">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</DirectoryMatch>
==========================
-=[3]=- Via Location directive
==========================
<LocationMatch "/images|/upload">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</Location>
===========================
Jika ada yg kurang Mohon di tambahkan , maklum no body`s perfect :)
If any something wrong feel free to correction or give critic . :)
0 komentar:
Posting Komentar