Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 335
  • Last Modified:

htaccess and security with php

I'm trying to improve security / reliability of our .htaccess file

Options +FollowSymlinks
ErrorDocument 404 http://www.website.com
ErrorDocument 403 http://www.website.com
Options -Indexes


RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.website\.com$ [NC]
RewriteRule ^(.*)$ http://www.website.com/$1 [L,R=301]

Can you suggest security statements to prevent this file being hacked

or ensure that get/post requests were only handled by the server ip address

Or any other statements that would help secure the site ?
0
joomla
Asked:
joomla
  • 3
  • 2
1 Solution
 
Dave BaldwinFixer of ProblemsCommented:
If your Apache web server is configured correctly, '.htaccess' files can not be accessed or hacked from the web.  If someone breaks into the server as an authorized user, they might be able to make changes then.  

'get/post requests' normally have to be handled by the page they are sent to because it will have the code to process the information.  There is no generic way to handle those.  Sending the info to the server IP address only works if the target is the directory index which in this case should be 'index.php'.

Sending people to the index page of your web site for a 404 error is not very friendly or informative.
0
 
joomlaAuthor Commented:
Can you tell me what these setting are intended to do ?



IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>
0
 
Dave BaldwinFixer of ProblemsCommented:
indexignore  http://httpd.apache.org/docs/current/mod/mod_autoindex.html#indexignore

According to one site, the <Limit GET POST> section is not correct.  The <Limit PUT DELETE> is probably not necessary because Apache does not provide handlers for those functions.
0
 
joomlaAuthor Commented:
thanks for your help and clarifying my questions.

from my understanding of what you have said, there are no additional security options you can suggest to make the site more secure.

regards
Michael
0
 
Dave BaldwinFixer of ProblemsCommented:
Not with .htaccess.  There are things like blocking unwanted visitors but that tends to end up with long lists that take time for the server to go thru before your page is delivered.  You don't want to do that unless it is really necessary.

If you really are doing this for a Joomla site,  do a search for 'Joomla htaccess' and you'll find all kinds of different suggestions.  In general though, you want to put as little in .htaccess as you can because every single request has to be filtered by it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now