tambahkan dalam file .htaccess
1. Mencegah access ke .htaccess
<Files .htaccess>
order allow,deny
deny from all
</Files>
2. mencegah access ke file tertentu
<files contoh.txt>
order allow,deny
deny from all
</files>
(boleh diganti ikut keperluan)
3. mencegah access ke banyak file
<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>
4. mencegah user dari browse pd setiap direktories dalam server kita.
Options All -Indexes
5. menyamar extension php.
-cara ni sgt berguna utk secure aplication
AddType application/x-httpd-php .hacking
6. berikan pasword pada file
<Files rahasia.php>
AuthType Basic
AuthName "Prompt"
AuthUserFile /home/path/.htpasswd
Require valid-user
</Files>
7. berikan password pada byk file
<FilesMatch "^(execute|index|secure|insanity|biscuit)*$">
AuthType basic
AuthName "Development"
AuthUserFile /home/path/.htpasswd
Require valid-user
</FilesMatch>
8. beri password pada direktori yang ada .htaccess
resides
AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user
9. automatik berikan CHMOD pada setiap file
chmod .htpasswd files 640
chmod .htaccess files 644
chmod php files 600
10. melindungi dari serang DOS dengan had kan upload file
LimitRequestBody 10240000
0 comments