In this tutorial we will show how to set up the additional security configurations for your PHP application hosted with Apache application server.
There are two ways of setting up your main security configurations:
- make changes in main configuration file of the Apache (httpd.conf)
- create special .htaccess file, which contains one or more configuration directives and is placed inside your application directory
The directives are able to override a subset of the server's global configuration for that directory and all subdirectories thereof. What you can put in this file is determined by the AllowOverride directive.
AllowOverride is valid only in < directory > sections specified without regular expressions. When this directive is set to None - .htaccess files are completely ignored. When this directive is set to All, then any directive which has the .htaccess Context is allowed in .htaccess files.
Let’s examine the every kind of security configs you can apply in order to protect your application: