[Modsecurity] Rule for php-sourcecode
Gerard Earley
gerard at whitecurve.com
Tue Jun 6 07:25:15 EDT 2006
Unless there was a specific http variable used its not really possible
for mod_security to do anything about it. (AFAIK)
On the other hand you could use disable_functions in the php.ini file to
disable the functions "highlight_file" and "highlight_string".
This would at least stop someone using these functions to display code
through this method.
Matthias Fechner wrote:
> Hi,
>
> is it possible to write a rule to prevent apache22 from delivering php
> source code?
>
> Best regards,
> Matthias
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3326 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.gotroot.com/pipermail/modsecurity/attachments/20060606/09515bc9/smime.bin
More information about the Modsecurity
mailing list