I am writing a web application in php using Apache server. What I would like to do is have the index.php (and other files) display as *.aspx files, to confuse potential hackers.
Can this be done by editing the .htaccess file, and if so, what are the relevant lines to edit?
Answer
Serving the wrong file extension is not how you would achieve security, as it would not be enough to fool potential hackers. It might not even be enough to fool the guys at builtwith.com.
Instead of researching how to mislead the hackers with simple tricks, research on ways to secure your application better. You can start that at PHP.net and .
If you insist, you can use Apache mod_rewrite for that.
Something along this line (not tested):
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.aspx -f
RewriteRule ^(.+).aspx$ /$1.php [L,QSA]
Otherwise, you can also add mime-type in Apache to serve *aspx files as PHP.
AddType application/x-httpd-php .aspx
No comments:
Post a Comment