Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Php/Apache Ip Security Php/Apache Ip Security
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 03-25-2012, 10:40 AM   #1
asdasd
So Fucking Banned
 
Industry Role:
Join Date: Feb 2005
Posts: 1,225
Php/Apache Ip Security
Say I am limiting my includes folder to the localhost like so:

<Directory "/includes">
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>

Would this prevent a php script from including a file in that directory for a web server request?
asdasd is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-25-2012, 11:23 AM   #2
borked
Totally Borked
 
borked's Avatar
 
Industry Role:
Join Date: Feb 2005
Posts: 6,284
Nope - php includes don't look at htaccess or any apache directives, since they are file-based. Same goes for php command line script execution.
__________________

For coding work - hit me up on andy // borkedcoder // com
(consider figuring out the email as test #1)


All models are wrong, but some are useful. George E.P. Box. p202
borked is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-25-2012, 11:30 AM   #3
V_RocKs
Damn Right I Kiss Ass!
 
Industry Role:
Join Date: Dec 2003
Location: Cowtown, USA
Posts: 32,405
You are h4x0r3d bitch!
V_RocKs is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-25-2012, 11:46 AM   #4
asdasd
So Fucking Banned
 
Industry Role:
Join Date: Feb 2005
Posts: 1,225
V_RocKs - Preemptive , borked - presumed, thanks.
asdasd is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-25-2012, 11:56 AM   #5
Klen
 
Klen's Avatar
 
Industry Role:
Join Date: Aug 2006
Location: Little Vienna
Posts: 32,235
Lulz at your question :D
Klen is online now   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-25-2012, 12:54 PM   #6
shake
frc
 
Industry Role:
Join Date: Jul 2003
Location: Bitcoin wallet
Posts: 4,663
Unless you use php URL include http://, then it will go through apache and respect htaccess
__________________
Crazy fast VPS for $10 a month. Try with $20 free credit
shake is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 03-25-2012, 06:24 PM   #7
asdasd
So Fucking Banned
 
Industry Role:
Join Date: Feb 2005
Posts: 1,225
It's to narrow attack vectors somewhat. Namely to prevent scanning, or bypassing the flow. Way I figure it, I will not have to regard whole directories as exposed, but more simply as referenced.
asdasd is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Php/Apache Ip Security Php/Apache Ip Security
« Previous Thread | Next Thread »

Bookmarks



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.