If you’re running APC with PHP, you have the option to download apc.php to view, monitor the usage/stats. However, the default authentication is very open. Without any credential, anyone can view the running stats and also the cached filenames (a simple search on “APC INFO” will show some site running APC). The login is to view per-directory file caching. So if you want to require login credential on ALL access change this code:
if (!isset($_SERVER[‘PHP_AUTH_USER’]) ||
!isset($_SERVER[‘PHP_AUTH_PW’]) ||
$_SERVER[‘PHP_AUTH_USER’] != ADMIN_USERNAME ||
$_SERVER[‘PHP_AUTH_PW’] != ADMIN_PASSWORD) {
Header(“WWW-Authenticate: Basic realm=\”APC Login\””);
Header(“HTTP/1.0 401 Unauthorized”);
echo <<
Rejected!
Wrong Username or Password!
Continue…