Mencegah serangan LFI vuln di web kita

0
di sini saya akan memberikan sedikit clue or beberapa tips untuk mencegah Local File Inclusion Vulnerability in our website

langsung saja ini beberapa tips to handle local fie inclusion :via .htaccess file INGAT YAA . .

====================================
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory

# Allow all access
Allow from all

# Deny people from looking at the index and running SSI and CGI
Options None

# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off

# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off

# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi


===========================
-=[2]=- Via Directory directive
===========================

<DirectoryMatch "/images|/upload|/Upload|/Images">
# Ignore .htaccess files
AllowOverride None

# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi

# Don't run arbitrary PHP code.
php_admin_flag engine off
</DirectoryMatch>


==========================
-=[3]=- Via Location directive
==========================

<LocationMatch "/images|/upload">
# Ignore .htaccess files
AllowOverride None

# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi

# Don't run arbitrary PHP code.
php_admin_flag engine off
</Location>

===========================

Jika ada yg kurang Mohon di tambahkan , maklum no body`s perfect :)

 ketawa
If any something wrong feel free to correction or give critic . :)