Hiding the extension of PHP files?

S

sasha19922015-03-12 07:58:01

PHP

sasha1992, 2015-03-12 07:58:01

I read it in the PHP Hiding documentation . An idea arose, what if in .htaccess to prohibit the execution of scripts using standard extensions and make php run through * .habr, for example like this:

AddType application/x-httpd-php .habr
<Files ~ "\.(php[2-5]?|cgi|pl|fcgi|fpl|phtml|shtml|asp|jsp)$">
    Deny from all
</Files>

Actually, the question is, does this greatly increase the security of the system or is it pointless to do this?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

F

FanatPHP, 2015-03-12
@FanatPHP

This moronic section should have been removed from the documentation long ago.
Because no security from this is not increased.
Not to mention that for many, many years, the de facto standard has been CNC addressing, in which no .php files are visible from the outside anyway.

S

Sergey, 2015-03-12
Protko @Fesor

We organize one entry point (index.php for example) and allow only this file to be executed. We will organize routing with some ready-made components, since now there are no problems with them. And there is no need to invent any perversions.

H

He11ion, 2015-03-12
@He11ion

It makes sense only with an integrated approach to protection, and even X-Powered-By will most likely give you away with your head.
The best security advice is daily updates of everything from trusted sources, IMHO.