Jump to content

Recommended Posts

Hi,

 

I am running my website on a Windows hosted server, but I am trying to secure my php pages against malicious attacks. I know with an Apache hosting server, you can implement a .htaccess file to secure unauthorised access to your files, i.e. containing your constants and db connections etc.

 

Is there any equivalent for a Windows hosted site that will allow me to secure my files in my folders against unwanted access that is similar to a .htaccess file?

 

Thanks.

Link to comment
https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/
Share on other sites

You mean with IIS? The operating system is irrelevant - what matters it the web server software.

 

Use a web.config. But unless you want to learn that, do the right thing: store these precious files in a special folder not inside the website.

Hi,

 

It is not IIS on a local machine, it is a Windows hosted site with a domain provider.

 

I already have the sensitive files in folders and subfolders on the site, they are not in the root. This isn't fully secure though, would it be?

 

Thanks.

You should keep them outside the web tree.

public_html/
dir1/
dir2/
dir3/
index.php
config/
config1.php
config2.php
config3.php

If the web server is hosting stuff out of public_html then it won't host any of those config files. That's why you would put them in a directory outside public_html.

Hi,

 

Apologies for the delay in coming back, I was caught up on other things.

 

At the moment, I have the following structure;

SITE_ROOT/

    index.php

    FILES_INDEX/

        public_files.php

        INCLUDE_FILES/

            constants.php

            db_conn.php

            sessions.php

        IMAGE_FILES/

        etc

 

This would be incorrect though, not secure? Does your structure below prevent from malicious users wanting to get access to the tree structure, or is it possible they could still potentially get access?

 

Thanks for your response.

 

Hi Thorpe,

 

Apologies, I am not too up on my hosting services. I purchased a Windows based package from a hosting provider. I've looked through my account details, but cannot see where I would find the http server in use.

 

Sorry for not being able to provide further information. Not sure what I should be looking for.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.