我想通过添加反跨站点脚本 (XSS) 安全措施来为我的网站增加更多安全性。
我正在尝试在我的 .htaccess 文件中设置标题以包含所需的标题以防止 XSS 和点击劫持。
但是当我添加标题时,当我检查我网站中的网络选项卡时,它们不会反映在我的网站中。
我还尝试向我的 header.php 文件添加标题,该文件包含在我网站的所有 .php 文件中,但发送的标题不会发送或显示在网络选项卡中。
这是我的代码:
.htaccess 文件:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !^/.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/(?: Ballot169)?
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?: Comodo DCV)?$
RewriteRule !.*.php$ %{REQUEST_FILENAME}.php [QSA,L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/(?: Ballot169)?
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?: Comodo DCV)?$
RewriteCond %{SERVER_PORT} 80
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
Options -Indexes
Header set X-XSS-Protection "1; mode=block"
Header append X-Frame-Options: "SAMEORIGIN"
Header set X-Content-Type-Options nosniff
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
![图片[1]-我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性-唐朝资源网](https://images.43s.cn/wp-content/uploads//2022/06/1655540309471_1.jpg)
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
php_flag display_errors Off
php_value max_execution_time 60
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 32M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php70"
php_value upload_max_filesize 64M
php_flag zlib.output_compression Off
![图片[2]-我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性-唐朝资源网](https://images.43s.cn/wp-content/uploads//2022/06/1655540309471_2.png)
php_flag display_errors Off
php_value max_execution_time 60
php_value max_input_time 60
php_value max_input_vars 1000
php_value memory_limit 256M
php_value post_max_size 32M
php_value session.gc_maxlifetime 1440
php_value session.save_path "/var/cpanel/php/sessions/ea-php70"
php_value upload_max_filesize 64M
php_flag zlib.output_compression Off
# END cPanel-generated php ini directives, do not edit
### If mod_rewrite is true...
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
### Prevent Apache from showing its server signature...
ServerSignature off
### Prevent phpinfo from showing details...
RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
RewriteRule .* - [F]
# X-XSS-Protection
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
![图片[3]-我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性-唐朝资源网](https://images.43s.cn/wp-content/uploads//2022/06/1655540309471_4.png)
Header set X-Content-Type-Options nosniff
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php70” package as the default “PHP” programming language.
AddHandler application/x-httpd-ea-php70 .php .php7 .phtml
# php -- END cPanel-generated handler, do not edit
header.php 文件:
© 版权声明
本站下载的源码均来自公开网络收集转发二次开发而来,
若侵犯了您的合法权益,请来信通知我们1413333033@qq.com,
我们会及时删除,给您带来的不便,我们深表歉意。
下载用户仅供学习交流,若使用商业用途,请购买正版授权,否则产生的一切后果将由下载用户自行承担,访问及下载者下载默认同意本站声明的免责申明,请合理使用切勿商用。
THE END
暂无评论内容