How to hide extensions in php: 1. Set "expose_php = off" in the "php.ini" file; 2. Let the web server use PHP to parse different extensions; 3. Hide PHP as another language.
Recommended: "PHP Tutorial"
Generally speaking, improving security through hidden means is considered An ineffective approach.
But in some cases, it is worth adding as much security as possible.
Some simple methods can help hide PHP, and doing so can make it more difficult for attackers to discover system weaknesses.
Setting expose_php = off in the php.ini file can reduce the useful information they can obtain.
Another strategy is to have the web server parse the different extensions using PHP. Whether through .htaccess files or Apache configuration files, you can set file extensions that can mislead attackers:
Hide PHP as another language
Apache code
# 使PHP看上去像其它的编程语言 AddType application/x-httpd-php .asp .py .pl
Or simply hide it completely:
Use an unknown extension as the PHP extension
Apache code
# 使 PHP 看上去像未知的文件类型 AddType application/x-httpd-php .bop .foo .133t
Or hide it as an HTML page, so that all All HTML files will pass through the PHP engine, which will add some burden to the server:
Use HTML to make PHP file suffix
Apache code
# 使 PHP 代码看上去像 HTML 页面 AddType application/x-httpd-php .htm .html
For this method to take effect, you must Change the extension of the PHP file to the above extension. This improves security through concealment, although defense capabilities are low and have some drawbacks.
The above is the detailed content of How to hide extension in php. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
