黑客预防

阻止访问你的 .htaccess 文件

<Files .htaccess>
order allow,deny
deny from all
</Files>

# Rename the file
AccessFileName thehtfile.ess

防止 URL 攻击

# Enable rewrites
RewriteEngine On

# Block <script> tags from executing in the URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

# Block scripts from setting a PHP Globals variable
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]

# Block scripts from using base64_encode
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]

# Block scripts from using the a_REQUEST variable
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

禁止在目录中使用脚本..

AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI