Securing PHP web app directories
Lemwell Jake P.
Full-Stack Developer, Entrepreneur and creator of Collideborate app | Excellence lies in details
Sometimes when we access https://cool-domain.com/images/ you will see bunch of images of your website. What's wrong with that? If your website has been compromised specially you are using shared server. It's easy for an attacker to run https://cool-domain.com/images/attacker.php.jpg in your browser. So, let's apply obscurity technique. It's a simple PHP script actually.
Obscurity for security
In your directory that you want to protect, create an index.php and write the code below. Open your browser and see it for yourself.
<?php
header($_SERVER["SERVER_PROTOCOL"] . ' 404 Not Found!');
I prefer this one compare of using .htaccess of Apache. Instead of throwing a message like "Forbidden" which is too obvious that you have something there, just use obscurity technique.
Reference: https://jakepucan.blogspot.com/2019/05/securing-web-app-directory.html