Shulou(Shulou.com)06/02 Report--

Editor to share with you the Imperial CMS 6.5 function: website security firewall use case, I hope you will learn a lot after reading this article, let's discuss it together!

First, there are two ways to configure "website firewall":

1. Background > system Settings > website Firewall.

2. Modify the e/class/config.php file configuration.

Second, let's explain the function and use of the relevant settings:

1. Firewall encryption key:

This item must be set. Fill in 10-50 arbitrary characters, preferably multiple character combinations.

And it is recommended that you change it weekly or monthly.

2. Domain names allowed to log in at backend:

Set to allow access only to the backend domain name, which is bound to the root directory of the website, and only this domain name is allowed to access the e/admin backend. The domain name is usually the second-level domain name of the website, and you can bind a new second-level domain name if you want to be more secure. For example, the website domain name is http://www.phome.net, while the backend domain name is http://abc.digod.com.

And the bound domain name also supports adding a port, such as http://abc.phome.net:8080, provided that the server supports using this port to access the website.

After binding the domain name (http://abc.digod.com), the access background address is: http://abc.digod.com/e/admin/, while the background access through other domain names is blank.

3. The time and week at which you are allowed to log in to the background:

Convenient working hours of the unit setting, so that the website security maintenance is easier to control, do not allow users to enter the background outside working hours.

If there is an emergency exception, you can manually modify the e/class/config.php file configuration.

4. Firewall background pre-login verification variable name and firewall background pre-login authentication code

These two items must be set.

Pre-login verification variable name: can be composed of English letters + numbers (must start with a letter), 5-20 characters.

Pre-login authentication code: fill in 10-50 arbitrary characters, preferably a combination of multiple characters.

And it is recommended that you change it weekly or monthly.

5. Mask submission sensitive characters:

This function is the core of the security firewall, which can safely filter all the information entered by the foreground users. Usually set the characters related to php, mysql, and other attacks.

For example, a character commonly used in sql injection: select,outfile,union,delete,insert,update,replace,sleep,benchmark,load_file,create

After reading this article, I believe you have a certain understanding of the Imperial CMS 6.5 function: website security firewall use case, want to know more related knowledge, welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.