How can I disable PHP's “easter egg” URLs?
I recently found out about the so-called \"easter egg URLs\" in PHP:
These are the four QUERY strings you can add to the end of a PHP web page to view
-
A quick HTACCESS global rewrite could regex the exact string right out of every URL thus getting rid of the only fun part of PHP without touching the ini file nor needing a function at the beginning of every file.
Haven't tested this yet, but this should work:
RewriteEngine On RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC] RewriteRule .* - [F]Of course, just copy the last 2 lines for each of the other possible queries, or write a more generic regex. I'm not good with regex. :)
This version covers all of the easter egg fun and was found here:
RewriteEngine On RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC] RewriteRule .* - [F]讨论(0) -
in php.ini
; Decides whether PHP may expose the fact that it is installed on the server ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. ; http://php.net/expose-php expose_php = OffThis will effectively remove the easter eggs
讨论(0) -
Not sure about your case, but it's work for my site. Hope, it will work for your site as well as.
RewriteEngine On RewriteCond %{QUERY_STRING} \PHPE9568F36-D428-11d2-A769-00AA001ACF42\ [NC] RewriteRule .* - [F]Of course, just copy the last 2 lines for each of the other possible queries or write a more generic regex. I'm not good with regex. :)
讨论(0) -
Update: This is removed in PHP 5.5, note how these links no longer work on php.net
http://phpsadness.com/sad/11
讨论(0)
加载中...
- 热议问题