CODEWITHSUNDEEP
phpsecurity
xjshiya
xjshiya

Reputation: 925

How to secure PHP website (not yet uploaded in the internet)

I have a PHP system inside a server which is not yet uploaded in the internet and can only be accessed using networking. (E.g. 192.168.1.190/php_system/index.php) How can I fix the URL of this to avoid other computers to accessing files inside the php_system folder? And how can avoid them to accessing file using CTRL + Left Click or opening files inside iframe using another window?

Upvotes: 0

Views: 159

Answers (3)

Floris
Floris

Reputation: 46435

In the directory you want to protect, add a file called .htaccess (the period matters)

In this file, put the following three lines (EDITED based on Sven's inputs)

order deny,allow
allow from 127.0.0.1
deny from all

Now it should be impossible for anyone but you (logged in on the machine where Apache is running) from seeing the contents. Any file sharing that is active has to be turned off separately. Alternatively, you add a line that includes the IP address of the machine from which you want to access the server instead of 127.0.0.1 - you can even have multiple lines of allowed addresses, include ranges, ...

You will find a ton more information at http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html#order

Upvotes: 0

Tigger
Tigger

Reputation: 9130

Edit your Apache Virtual host to allow access only from certain IPs. Something like this:

<VirtualHost *:80>
    ServerName EDIT.THIS.com
    ServerAlias EDIT.THIS.IF.YOU.HAVE.ONE.com
    DocumentRoot "/full/path/to/root"
    <Directory /full/path/to/root>
            Options FollowSymLinks
            Order Allow,Deny
            Allow from 192.168.0.1 EDIT.TO.ANOTHER.IP AND.ANOTHER
    </Directory>
</VirtualHost>

Alternatively, add a "auth" value (that will require a login and password) like this:

<Directory /full/path/to/root>
        AuthType Basic
        AuthName "Admin"
        // NOTE: do not include this in your website folder
        AuthUserFile /path/to/.passwd_file 
        Require user user1 user2
</Directory>

Edit: Corrected the Order values.

Upvotes: 2

Mark
Mark

Reputation: 8451

Try http://httpd.apache.org/docs/trunk/platform/windows.html. this will show you directives on how to configure your Apache server on windows.

Upvotes: 0

Related Questions