The 9 most important security settings in .htaccess
According to the Apache site:
Below you see a list of the most important rules that you can add to your .htaccess file to enhance security, by greatly limiting the exposure of your website to many types of attacks.
Tip:
First of all, you must rename the htaccess.txt file to .htaccess
First of all, you must rename the htaccess.txt file to .htaccess
1. Disable the Server Signature
# Disable the server signature ServerSignature Off
2. No Access to .htaccess
# Prevent access to .htaccess <Files .htaccess> Order allow, deny Deny from all </Files>
3. Bandwidth Preservation
# Limit bandwidth consumption <ifmodule mod_php5.c> php_value zlib.output_compression 16386 </ifmodule>
4. Disable Directory Browsing
# Disable unauthorized directory browsing Options All - Indexes
5. No Access to Files
# Block access to specific file <files myfile.doc> Order allow, deny Deny from all </files>
This will block access to multiple file types.
# Block access to multiple file types <FilesMatch "\.(htaccess|htpasswd|ini|psd|log|sh)$"> Order allow, deny Deny from all </FilesMatch>
6. No Access to IP's or Domains
# Restrict access to IP's & domains (replace x with numbers) <Limit GET POST PUT> Order allow, deny allow from all deny from xx.xxx.xx.xxx deny from .*domain\.com.* </Limit>
7. Disguise File Extensions
# Disguise php files as html files AddType application/x-httpd-html .php
8. Protect Files & Directories with Passwords
# Protect a single file <Files myfile.php> AuthType Basic AuthName "Mypassword" AuthUserFile /home/path/.htpasswd Require valid-user </Files>
# Protect multiple files <FilesMatch "^(execute|index|myfile|anotherfile)*$"> AuthType Basic AuthName "Mypassword" AuthUserFile /home/path/.htpasswd Require valid-user </FilesMatch>
9. Display Custom Error Pages
# Display custom error pages ErrorDocument 400 /errors/400.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/500.html
0 comments:
Post a Comment