我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性

我想通过添加反跨站点脚本 (XSS) 安全措施来为我的网站增加更多安全性。

我正在尝试在我的 .htaccess 文件中设置标题以包含所需的标题以防止 XSS 和点击劫持。

但是当我添加标题时,当我检查我网站中的网络选项卡时,它们不会反映在我的网站中。

我还尝试向我的 header.php 文件添加标题,该文件包含在我网站的所有 .php 文件中,但发送的标题不会发送或显示在网络选项卡中。

这是我的代码:

.htaccess 文件:

RewriteEngine  on
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !^/.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/(?: Ballot169)?
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?: Comodo DCV)?$
RewriteRule !.*.php$ %{REQUEST_FILENAME}.php [QSA,L]
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$

RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/(?: Ballot169)?
RewriteCond %{REQUEST_URI} !^/.well-known/pki-validation/[A-F0-9]{32}.txt(?: Comodo DCV)?$
RewriteCond %{SERVER_PORT} 80
    
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
Options -Indexes
    Header set X-XSS-Protection "1; mode=block"
    Header append X-Frame-Options: "SAMEORIGIN"
    Header set X-Content-Type-Options nosniff
    
# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.

图片[1]-我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性-唐朝资源网

# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) # For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI) php_flag display_errors Off php_value max_execution_time 60 php_value max_input_time 60 php_value max_input_vars 1000 php_value memory_limit 256M php_value post_max_size 32M php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php70" php_value upload_max_filesize 64M php_flag zlib.output_compression Off

图片[2]-我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性-唐朝资源网

php_flag display_errors Off php_value max_execution_time 60 php_value max_input_time 60 php_value max_input_vars 1000 php_value memory_limit 256M php_value post_max_size 32M php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php70" php_value upload_max_filesize 64M php_flag zlib.output_compression Off # END cPanel-generated php ini directives, do not edit ### If mod_rewrite is true... Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN Header set X-Content-Type-Options nosniff ### Prevent Apache from showing its server signature... ServerSignature off ### Prevent phpinfo from showing details... RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC] RewriteRule .* - [F] # X-XSS-Protection Header set X-XSS-Protection "1; mode=block" Header always append X-Frame-Options SAMEORIGIN

图片[3]-我想通过添加反跨站(XSS)安全措施来为我的网站增加更多安全性-唐朝资源网

Header set X-Content-Type-Options nosniff # php -- BEGIN cPanel-generated handler, do not edit # Set the “ea-php70” package as the default “PHP” programming language. AddHandler application/x-httpd-ea-php70 .php .php7 .phtml # php -- END cPanel-generated handler, do not edit

header.php 文件:


© 版权声明
THE END
喜欢就支持一下吧
点赞161 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称表情代码图片