Protect .php.ini file - Githubissues

AlternC / alternc-php-fpm

PHP 5.6/7.x/... FPM module for AlternC

GNU General Public License v2.0

1 stars 6 forks source link

Protect .php.ini file #12

Open camlafit opened 2 years ago

camlafit commented 2 years ago

Default vhost allow to read .php.in file

Could be interessting to prevent this and add some rules on apache as

<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>

Took from https://www.wordfence.com/help/scan/scan-results/?utm_source=plugin&utm_medium=pluginUI&utm_campaign=docsIcon#public-logs

camlafit commented 2 years ago

updated to .php.ini as as .user.ini is not a good idea cf #10