Prevention & Hardening
Overview
Comprehensive security measures to prevent file inclusion vulnerabilities and harden systems against LFI/RFI attacks.
Secure Coding Practices
Input Validation and Sanitization
Whitelist Approach:
<?php
// Secure file inclusion with whitelist
$allowed_files = ['home', 'about', 'contact', 'products'];
$page = $_GET['page'] ?? 'home';
if (in_array($page, $allowed_files)) {
include($page . '.php');
} else {
include('error.php');
}
?>Using basename() Function:
Web Server Configuration Hardening
PHP Configuration (php.ini)
Essential Security Settings:
HTB Academy Prevention Lab:
Apache/Nginx Hardening
Apache Security Configuration
Security Headers:
Web Application Firewall (WAF) Protection
ModSecurity Rules
LFI Detection Rules:
Container Security & Isolation
Docker Implementation
Secure Dockerfile Example:
Monitoring and Logging
Log Analysis for LFI Detection
Detection Patterns:
Continuous Security Testing
Automated Vulnerability Scanning
Regular Security Assessments:
[Content continues with SIEM integration and incident response...]
This guide covers prevention and hardening techniques from HTB Academy's File Inclusion module.
Last updated