someone trying to access pages like
//mysqladmin//scripts/setup.php
Is it some hack attempt or .. ?
If yes then how i can block its ip from acc开发者_如何学运维essing mine website ?
Via htaccess or something else ?
As an update to this old question for those who still land here:
Order Allow Deny
are deprecated as of Apache 2.4 and Require
should be used.
<RequireAll>
Require all granted
Require not ip 1.2.3.4
</RequireAll>
Ranges, netmasks, etc. can also be specified.
https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html (Deprecated) https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
To block special IP addresses you can put the following in a .htaccess file located in your directory, you like to restrict:
order allow,deny
deny from 1.2.3.4
allow from all
Where 1.2.3.4 is the IP you like to block.
But note that IP adresses change users and also attackers change IP adresses.
So this will not secure your application and potentially block leagal visitors.
The better solution will be to make sure your script does not accept malicious paths.
- Append a base path to the path you get from the user
- Make sure the path you get from the user does not contain '../'
精彩评论