目录

Web 相关的安全性加强

目录

apache:

1
2
ServerTokens Prod
ServerSignature Off

nginx.conf

1
2
3
http {
    server_tokens  off;
}

php.ini

1
expose_php = Off

codeigniter:

  • httponly:
1
2
3
4
5
// ci/core/Input.php
// ci/core/Security.php
// ci/libraries/Session.php
// ci/libraries/captcha.php
setcookie($prefix.$name, $value, $expire, $path, $domain, $secure, TRUE);
  • secure:
1