开发者

Deny Access To Configuration Files VS redirect to 404 file not found

开发者 https://www.devze.com 2023-03-21 04:53 出处：网络

So my site is ready and it\'s going live in 2 days the last thing on the todo list is: deny access to /inc/ /classes/ /sources/ so as i always do i investigated, and found that none of the big websit

相关专题：.htaccess php

So my site is ready and it's going live in 2 days the last thing on the todo list is:

deny access to /inc/ /classes/ /sources/ so as i always do i investigated, and found that none of the big websites denying access to the private folders.

i'v trolled around the web and found no one mentioning this method for denying access by saying 'this directory do开发者_StackOverflowesn't exists'.

is it safe to show 404 error pages for directories? and if it is safe... how can i do it. and if not what is the best way to secure directories?

The best way not to allow access is by actually moving them outside the document root, so there's no direct path through the web to those files. Some hosters don't allow this, to which there are 2 solutions: (1) go to another hoster, plenty of proper ones, or (2) the hard way, indeed, give annoying crackers as little information as possible, and go for the standard 404, you can set it up in .htaccess files.