Langkah pencegahan dari sisi file .htaccess dan index.php memang krusial — dua file ini sering jadi “pintu depan” serangan injeksi skrip judi online, phishing, atau SEO spam. Berikut panduan dan contoh aman yang bisa langsung kamu terapkan
# ===============================
# SECURITY CONFIG FOR LIBRARY SITE
# ===============================
# Aktifkan mod_rewrite
<IfModule mod_rewrite.c>
RewriteEngine On
# --- Blok akses ke file berbahaya ---
RewriteRule ^(.*/)?(\.git|\.env|composer\.json|composer\.lock|phpinfo\.php|readme\.md|license\.txt)$ - [F,L,NC]
# --- Blok akses ke file PHP di folder upload ---
RewriteRule ^(images|uploads|files)/.*\.php$ - [F,L,NC]
# --- Blok akses langsung ke file konfigurasi ---
<FilesMatch "(config\.php|config\.inc\.php|sysconfig\.inc\.php|SLiMS\.inc\.php)">
Order allow,deny
Deny from all
</FilesMatch>
# --- Redirect otomatis ke folder utama situs ---
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^$ /library/index.php [L,R=302]
# --- Cegah directory listing ---
Options -Indexes
# --- Cegah hotlink (gambar diambil dari situs lain) ---
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?perpustakaan\.poltekkesbanten\.ac\.id [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [F]
# --- Tambahan keamanan header ---
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Content-Security-Policy "default-src 'self'"
</IfModule>
</IfModule>
untuk file index.php gunakan versi sederhana, tanpa celah include dinamis atau $_GET injection:
<?php
/**
* Index aman untuk mencegah injeksi / redirect tidak sah
* Poltekkes Banten Library
*/
header('X-Frame-Options: SAMEORIGIN');
header('X-Content-Type-Options: nosniff');
header('X-XSS-Protection: 1; mode=block');
header('Referrer-Policy: strict-origin-when-cross-origin');
header('Content-Security-Policy: default-src \'self\'');
// Alihkan langsung ke folder aplikasi utama
$target = __DIR__ . '/library/index.php';
// Pastikan file tujuan ada dan tidak mengandung karakter ilegal
if (file_exists($target)) {
header('Location: ./library/index.php');
exit();
} else {
http_response_code(404);
echo "404 Not Found - Sistem Perpustakaan";
}
Semoga Bermanfaat
Erwan Setyo Budi
![cara mengatasi SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘.2fa, u.admin_template as template FROM user AS u WHERE u.username=’a…’ at line 3 di slims 9.72 bulian](https://bibliothee.web.id/wp-content/themes/fasto/images/placeholder-4.png)