Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deny access to private files to improve security #28

Open
Z9n2JktHlZDmlhSvqc9X2MmL3BwQG7tk opened this issue Dec 9, 2021 · 1 comment
Open

Deny access to private files to improve security #28

Z9n2JktHlZDmlhSvqc9X2MmL3BwQG7tk opened this issue Dec 9, 2021 · 1 comment
Labels
security

Comments

@Z9n2JktHlZDmlhSvqc9X2MmL3BwQG7tk
Copy link

All site files are in DocumentRoot, so direct request to any *.php file is allowed. Tested some of them (for example /routes.php) - got 500 Internal server error. I think it would be better to have DocumentRoot dir with only things needed to be publicly accessible and leave all other outside DocumentRoot.
What do you think ?
@SamuelTallet
Copy link
Owner

I agree with you. While waiting for a real solution, I should add a Deny from all in a .htaccess file inside source/PHP/MPG folder.

@SamuelTallet SamuelTallet changed the title Improve security Deny access to private files to improve security Dec 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Z9n2JktHlZDmlhSvqc9X2MmL3BwQG7tk @SamuelTallet