Have you tested that after Apache makes the directory prohibited from browsing, the txt file under the directory can still display the contents inside.
For example: http://www.server110.com/linux/ This visit will report a 403 error, but if there are many txt under test, when you visit this txt;
For example: http://www.server110.com/linux/a.txt, at this time all the content in a.txt will be exposed to the outside (sometimes this txt is a very confidential file), so it will not be safe.
Similarly: I also have this problem after Nginx configuration, thanks to the help of NetSeek for the solution of this problem under Apache.
The following is the way to limit this kind of things about Apache and Nginx:
Apache configuration prohibits access
1. Forbid access to certain files/directories
Add Files option to control, such as not allowing access to files with .inc extensions, and protecting php class libraries:
Order allow, deny
Deny from all
Prohibit access to certain specified directories: (can be used for regular matching)
Order allow, deny
Deny from all
Prohibit by file matching, such as prohibiting all access to pictures:
Order allow, deny
Deny from all
Forbidden access for relative URL paths:
Order allow, deny
Deny from all
Prohibit access to certain targets for proxy mode (can be used for regular matching), such as denying access to cnn.com through proxy:
http://cnn.com/*>
Order allow, deny
Deny from all
2. Prohibit certain IP access/only allow certain IP access
If you want to control the prohibition of certain illegal IP access, control in the Directory option:
Order allow, deny
Allow from all
Deny from 10.0.0.1 #block an IP
Deny from 192.168.0.0/24 #block an IP segment
Only certain IPs are allowed to access, for example, internal or cooperative companies are allowed to access:
Order deny, allow
Deny from all
All from server110.com #Allow a certain domain name
All from 10.0.0.1 #Allow an iP
All from 10.0.0.1 10.0.0.2 #Allow multiple iP
Allow from 10.1.0.0/255.255.0.0 #Allow an IP segment, mask pair
All from 10.0.1 192.168 #Allow an IP segment, do not fill in the following
All from 192.168.0.0/24 #Allow an IP segment, network number
Apache: Solution;
Options -Indexes FollowSymLinks
AllowOverride All
Order allow, deny
Deny from all
Nginx: solution;
location ~* .(txt|doc)$ {
if (-f $request_filename) {
root /home/domain/public_html/test;
break;
}
}
Under Nginx, please pay attention to the use of punctuation marks, and don’t miss the following “;”!
微信扫一扫打赏
支付宝扫一扫打赏
