Mencegah serangan LFI vuln di web kita
di sini saya akan memberikan sedikit clue or beberapa tips untuk mencegah Local File Inclusion Vulnerability in our website
langsung saja ini beberapa tips to handle local fie inclusion :via .htaccess file INGAT YAA . .
====================================
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory
# Allow all access
Allow from all
# Deny people from looking at the index and running SSI and CGI
Options None
# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off
# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off
# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
===========================
-=[2]=- Via Directory directive
===========================
<DirectoryMatch "/images|/upload|/Upload|/Images">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</DirectoryMatch>
==========================
-=[3]=- Via Location directive
==========================
<LocationMatch "/images|/upload">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</Location>
===========================
Jika ada yg kurang Mohon di tambahkan , maklum no body`s perfect :)
If any something wrong feel free to correction or give critic . :)
langsung saja ini beberapa tips to handle local fie inclusion :via .htaccess file INGAT YAA . .
====================================
Put following in .htaccess and
put it in the appropriate directory
====================================
# Sample '.htaccess' file for 'pub' subdirectory
# Allow all access
Allow from all
# Deny people from looking at the index and running SSI and CGI
Options None
# If you have PHP4 or PHP5 installed make sure the directive
# below is enabled. If you do not have PHP installed you will
# need to comment out the directory below to avoid errors:
php_flag engine off
# If you have PHP3 installed make sure the directive below is
# enabled:
#php3_engine off
# This line will redefine the mime type for the most common
# types of scripts. It will also deliver HTML files as if they
# are text files:
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
===========================
-=[2]=- Via Directory directive
===========================
<DirectoryMatch "/images|/upload|/Upload|/Images">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</DirectoryMatch>
==========================
-=[3]=- Via Location directive
==========================
<LocationMatch "/images|/upload">
# Ignore .htaccess files
AllowOverride None
# Serve scripts as plaintext
AddType text/plain .html .htm .shtml .php .php3 .php5 .phtml .phtm .pl .py .cgi
# Don't run arbitrary PHP code.
php_admin_flag engine off
</Location>
===========================
Jika ada yg kurang Mohon di tambahkan , maklum no body`s perfect :)
If any something wrong feel free to correction or give critic . :)