Shulou(Shulou.com)06/02 Report--

This article mainly introduces the configuration method of forbidding directory access by Apache, which is one of the common and necessary apache security configurations. Friends who need it can refer to it.

In the development of PHP website, in order to consider the security of website directory files and program code, we must control the access rights of some directories or files to improve the security of the website, so how do we achieve this function? At this point, you can configure Apache to prohibit websites from listing site content in the form of directories.

If directory access is not prohibited in Apache, relevant directories and file lists will be listed when you access http://localhost. We can modify the Apache configuration file httpd.conf to disable directory / file list by using the following methods:

1. Open the configuration file "httpd.conf" of apache

2. Find the following section

The copy code is as follows:

Options Indexes

AllowOverride None

Order allow,deny

Allow from all

Just change Options Indexes to Options None.

Note: depending on the installation package of the PHP operating environment, Options Indexes may also be Options Indexes FollowSymLinks http://www.bbqmw.net/qm_bbqmbd/, which can be changed to Options None.

Save httpd.conf and restart apache. If not at this time, continue to modify the following configuration:

The copy code is as follows:

#

# Possible values for the Options directive are "None", "All"

# or any combination of:

# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews

#

# Note that "MultiViews" must be named * explicitly*-"Options All"

# doesn't give it to you.

#

# The Options directive is both complicated and important. Please see

# http://httpd.apache.org/docs/2.2/mod/core.html#options

# for more information.

#

Options none

#

# AllowOverride controls what directives may be placed in .htaccess files.

# It can be "All", "None", or any combination of the keywords:

# Options FileInfo AuthConfig Limit

#

AllowOverride None

#

# Controls who can get stuff from this server.

#

Order allow,deny

Allow from all

As above: just change the red part of it.

3. Save httpd.conf and restart Apache. When you access http://localhost again, if there are no default files such as index.html or index.php, apache http 403 forbids access error message:

The copy code is as follows: Forbidden

You don't have permission to access / on this server.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.