Quick question
I want a .php script to write deny rules to my .htaccess file in the event an IP trys to access an area of my webserver.
.php runs as a the apache user. Is there any security risk to allowing the apache user to write to the .htaccess file?
□ΞVΞ□
Probably not, provided php doesn't have a shell account. (Usual user for apache is apache)
If you haven't done so already, you might want to read this:
http://httpd.apache.org/docs/current.../htaccess.html
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Well yes and no - the only reason yes is because if you can write to it then so can they. But the worse they should be able to do is give themselves access to files that you had set deny rules on.
Just remember that most ISPs use dynamic IPs, so you could end up blocking a lot of legitimate users because someone previously used that IP address.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote
