rorybing Posted March 1, 2012 Share Posted March 1, 2012 Hi, I am running my website on a Windows hosted server, but I am trying to secure my php pages against malicious attacks. I know with an Apache hosting server, you can implement a .htaccess file to secure unauthorised access to your files, i.e. containing your constants and db connections etc. Is there any equivalent for a Windows hosted site that will allow me to secure my files in my folders against unwanted access that is similar to a .htaccess file? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/ Share on other sites More sharing options...
requinix Posted March 1, 2012 Share Posted March 1, 2012 You mean with IIS? The operating system is irrelevant - what matters it the web server software. Use a web.config. But unless you want to learn that, do the right thing: store these precious files in a special folder not inside the website. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1322731 Share on other sites More sharing options...
rorybing Posted March 1, 2012 Author Share Posted March 1, 2012 Hi, It is not IIS on a local machine, it is a Windows hosted site with a domain provider. I already have the sensitive files in folders and subfolders on the site, they are not in the root. This isn't fully secure though, would it be? Thanks. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1322737 Share on other sites More sharing options...
requinix Posted March 2, 2012 Share Posted March 2, 2012 You should keep them outside the web tree. public_html/ dir1/ dir2/ dir3/ index.php config/ config1.php config2.php config3.php If the web server is hosting stuff out of public_html then it won't host any of those config files. That's why you would put them in a directory outside public_html. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1322994 Share on other sites More sharing options...
rorybing Posted March 6, 2012 Author Share Posted March 6, 2012 Hi, Apologies for the delay in coming back, I was caught up on other things. At the moment, I have the following structure; SITE_ROOT/ index.php FILES_INDEX/ public_files.php INCLUDE_FILES/ constants.php db_conn.php sessions.php IMAGE_FILES/ etc This would be incorrect though, not secure? Does your structure below prevent from malicious users wanting to get access to the tree structure, or is it possible they could still potentially get access? Thanks for your response. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1324402 Share on other sites More sharing options...
trq Posted March 6, 2012 Share Posted March 6, 2012 As requinix has already said, the operating system is of no relevance to your question. What http server are you using? Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1324404 Share on other sites More sharing options...
rorybing Posted March 6, 2012 Author Share Posted March 6, 2012 Hi Thorpe, Apologies, I am not too up on my hosting services. I purchased a Windows based package from a hosting provider. I've looked through my account details, but cannot see where I would find the http server in use. Sorry for not being able to provide further information. Not sure what I should be looking for. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1324409 Share on other sites More sharing options...
trq Posted March 6, 2012 Share Posted March 6, 2012 Ask your host. You might be using Apache. Quote Link to comment https://forums.phpfreaks.com/topic/258040-windows-version-of-a-htaccess-file/#findComment-1324413 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.