-
Notifications
You must be signed in to change notification settings - Fork 371
Secure RosarioSIS
If you have succesfully installed RosarioSIS on your production server, this article might help you secure RosarioSIS.
Here is the list of files you should remove or rename and why:
- diagnostic.php: displays the PHP info.
Here is the list of files that contains the version number of RosarioSIS, if you would like to hide it:
Be careful when you update RosarioSIS. If you overwrite the files, the above files will be accessible again!
The .htaccess file prevents access to the config.inc.php file. You can add this rule to your site / Apache configuration and remove the .htaccess if you want to avoid the use of .htaccess files for performance reasons.
Finally, and more generally, here is a good set of rules to block attacks: 5G Blacklist 2013
But you should remove this line for RosarioSIS to work:
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]