apc.php page found
Description
The Alternative PHP Cache (APC) installation package includes a diagnostic script (apc.php) that displays detailed information about the APC configuration, cache statistics, and system performance metrics. This administrative interface is intended solely for development and testing purposes. When left accessible on production systems, it exposes internal application details and server configuration information to unauthorized users.
Remediation
Remove the apc.php file from all production web directories immediately. If diagnostic capabilities are required for troubleshooting, implement the following controls:
1. Delete the file from the web root:
rm /path/to/webroot/apc.php
2. If the file must be retained, restrict access using web server configuration. For Apache, add to .htaccess or virtual host configuration:
<Files "apc.php"> Require ip 127.0.0.1 Require ip YOUR_ADMIN_IP </Files>
3. For Nginx, add to server configuration:
location = /apc.php {
allow 127.0.0.1;
allow YOUR_ADMIN_IP;
deny all;
}4. Implement authentication requirements if administrative access is necessary from multiple locations.
5. Verify removal by attempting to access the file from an external network.