mardi 13 janvier 2015

apache rewriterule htaccess security



If I configure an .htaccess like this :



RewriteEngine On
RewriteRule ^([^/]*)$ /view.php?key=$1 [L]


Which transforms



original URL   http://ift.tt/1yeGsc6
rewritten URL  http://www.test.com/123


Is there any mean for an attacker to find the real php file (here view.php) and directly access to it (in URL bar)? Cconsidering URL-bruteforce is not an option, nor .htaccess reading.


Thanks for your advices.





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)