Add security hardening for shared hosting environments
Improve session cookie security with HttpOnly and SameSite attributes Add security headers via .htaccess Block direct access to sensitive files Restrict allowed HTTP methods Document cPanel-specific security configuration Add container hardening for ServerTokens and ServerSignature
This commit is contained in:
Ruben
parent
f2dc4ec647
commit
3b04a3d78c
6 changed files with 121 additions and 2 deletions
|
|
@ -5,5 +5,12 @@ if (str_starts_with($_SERVER['REQUEST_URI'], '/app/')) {
|
|||
exit;
|
||||
}
|
||||
|
||||
// Harden session cookie before any session starts
|
||||
ini_set('session.cookie_httponly', '1');
|
||||
ini_set('session.cookie_samesite', 'Lax');
|
||||
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
|
||||
ini_set('session.cookie_secure', '1');
|
||||
}
|
||||
|
||||
// All other requests go to router
|
||||
require __DIR__ . '/../app/router.php';
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue