|Main Archive Page > Month Archives > full-disclosure-uk archives|
On 26/05/07, Mark Sec <email@example.com> wrote:
> does any1 how to protect about RFI (Remote file inclusion), and what i need
> to see over php files ?
1. Secure your php install - turn off allow_url_fopen and allow_url_include in php.ini
2. Make sure your PHP app is not vulnerable - an attacker shouldn't be able to control what's included. This should protect you from local file inclusion as well.
3. Use suhosin and/or mod_security
4. (maybe) configure your firewall to disallow outbound connections initiated by the webserver