Php/Apache Ip Security - GoFuckYourself.com

asdasd · 03-25-2012, 10:40 AM

Say I am limiting my includes folder to the localhost like so:

<Directory "/includes">
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>

Would this prevent a php script from including a file in that directory for a web server request?

borked · 03-25-2012, 11:23 AM

Nope - php includes don't look at htaccess or any apache directives, since they are file-based. Same goes for php command line script execution.

V_RocKs · 03-25-2012, 11:30 AM

You are h4x0r3d bitch!

asdasd · 03-25-2012, 11:46 AM

V_RocKs - Preemptive , borked - presumed, thanks.

KlenTelaris · 03-25-2012, 11:56 AM

Lulz at your question

shake · 03-25-2012, 12:54 PM

Unless you use php URL include http://, then it will go through apache and respect htaccess

asdasd · 03-25-2012, 06:24 PM

It's to narrow attack vectors somewhat. Namely to prevent scanning, or bypassing the flow. Way I figure it, I will not have to regard whole directories as exposed, but more simply as referenced.

03-25-2012, 10:40 AM	#1
asdasd So Fucking Banned Industry Role: Join Date: Feb 2005 Posts: 1,229	Php/Apache Ip Security Say I am limiting my includes folder to the localhost like so: <Directory "/includes"> Order allow,deny Allow from 192.168.1.0/24 Allow from 127 </Directory> Would this prevent a php script from including a file in that directory for a web server request?

03-25-2012, 11:23 AM	#2
borked Totally Borked Industry Role: Join Date: Feb 2005 Posts: 6,129	Nope - php includes don't look at htaccess or any apache directives, since they are file-based. Same goes for php command line script execution. __________________ For coding work - hit me up on andy // borkedcoder // com (consider figuring out the email as test #1) All models are wrong, but some are useful. George E.P. Box. p202

03-25-2012, 11:56 AM	#5
KlenTelaris There is always a choice Industry Role: Join Date: Aug 2006 Location: Croatia Posts: 22,820	Lulz at your question __________________ Addtrades List of avalaible tgp/mgp sites for trades and link exchanges. Contact : http://scr.im/addtrades

03-25-2012, 12:54 PM	#6
shake Registered User Industry Role: Join Date: Jul 2003 Location: Vancouver Island, Canada Posts: 2,769	Unless you use php URL include http://, then it will go through apache and respect htaccess __________________ Blazing fast Virtual Private Server FULL SSD hosting from $5 a month - 20 GIG - 512 RAM

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode

03-25-2012, 11:30 AM	#3
V_RocKs Sooo fucken bannned!! Industry Role: Join Date: Nov 2003 Location: Cowtown, USA Posts: 32,046	You are h4x0r3d bitch!

03-25-2012, 11:46 AM	#4
asdasd So Fucking Banned Industry Role: Join Date: Feb 2005 Posts: 1,229	V_RocKs - Preemptive , borked - presumed, thanks.

03-25-2012, 06:24 PM	#7
asdasd So Fucking Banned Industry Role: Join Date: Feb 2005 Posts: 1,229	It's to narrow attack vectors somewhat. Namely to prevent scanning, or bypassing the flow. Way I figure it, I will not have to regard whole directories as exposed, but more simply as referenced.