GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Php/Apache Ip Security (https://gfy.com/showthread.php?t=1062323)

asdasd 03-25-2012 10:40 AM

Php/Apache Ip Security
 
Say I am limiting my includes folder to the localhost like so:

<Directory "/includes">
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>

Would this prevent a php script from including a file in that directory for a web server request?

borked 03-25-2012 11:23 AM

Nope - php includes don't look at htaccess or any apache directives, since they are file-based. Same goes for php command line script execution.

V_RocKs 03-25-2012 11:30 AM

You are h4x0r3d bitch!

asdasd 03-25-2012 11:46 AM

V_RocKs - Preemptive , borked - presumed, thanks. :thumbsup

Klen 03-25-2012 11:56 AM

Lulz at your question :D

shake 03-25-2012 12:54 PM

Unless you use php URL include http://, then it will go through apache and respect htaccess

asdasd 03-25-2012 06:24 PM

It's to narrow attack vectors somewhat. Namely to prevent scanning, or bypassing the flow. Way I figure it, I will not have to regard whole directories as exposed, but more simply as referenced.


All times are GMT -7. The time now is 07:17 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc