How to cancel the execution permissions of a server/Host space directory script

Source: Internet
Author: User
Tags php file php script

Web site security, the implementation of the directory is very sensitive to the permissions, in general, can be written to the directory is not able to have the execution permissions of the script, like the DEDECMS system, can be written to two directory data, Uploads,data directory is mainly basic configuration files and cached data, Uploads is the attachment upload saved directory, this article will be for different server environment to explain how to cancel the execution of these two directories, of course, we also recommend some other users to generate pure static HTML directory, with writable permission to remove all the execution permissions, so the system will be more secure.

IIS under Windows

IIS6.0

Open the site in IIS, right-click on the site uploads directory, data directory, and static HTML build directory, select "Properties" in the menu, and choose "None" in the Directory Properties panel. (Figure 1)

(Figure 1)

IIS7

IIS7 is similar to IIS6.0, select the corresponding directory of the site, data, uploads and static HTML file directory, double-click the function to try the panel "handler mapping" (Figure 2)

(Figure 2)

In the Edit feature permission ..., we directly remove the script execution permissions. (Figure 3)

(Figure 3)

Apache Execute permission settings for directory scripts

Standalone Host Configuration

In Apache, there is no graphical management interface for IIS under Windows, and we need to manually modify the Apache configuration file to set the execution permissions for the directory script.

First we find Apache's profile httpd.conf, which is typically in the Conf folder under the Apache installation directory (Figure 4).

(Figure 4)

Open the httpd.conf file and find the location of Figure 5 in the content:

(Figure 5)

Add the directory configuration where you want to restrict the execution of script files to the following:

Configuration content is:

1

2

3 Deny from all

4

5

Dir in configuration content is the directory that needs to limit the execution of script files, and the FilesMatch content is the name of the script suffix that needs to be qualified for execution. For example, to prevent the running of php,asp,jsp scripts under the Uploads folder in the test site, configure the following figure 6:

(Figure 6)

After the configuration is complete, restart Apache, the configuration will take effect!

Before the operation, I created a new index.php file under the Uploads folder, and Figure 7 is not configured for prior access

(Figure 7)

Figure 8 The effect of accessing this page after restarting Apache.

(Figure 8)

Virtual Host/Space configuration

Before configuring, you need to verify that your space supports. htaccess and rewrite, which is based on the use of rewrite in the. htaccess file to prevent the specified script from running.

The contents of the rules are as follows:

1RewriteEngine on Rewritecond%!^$

2RewriteRule uploads/(. *). (PHP) $–[f]

3RewriteRule data/(. *). (PHP) $–[f]

4RewriteRule templets/(. *). (PHP) $–[f]

Execute PHP script restrictions for uploads,data,templets three directories;

Store the contents to the. hatccess file, and store the file in your site root directory.

In this way, the execution permissions of the directory scripts are controlled, and the effect of the rules before and after the upload is the same as Figure 7, figure 8.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.