Teil 2: .htaccess anwendungen: Firewall, Link Cloaking, ordner schützen, dateien schützen, etc.

Tom|poscoins.co

Anfänger

Erhaltene Likes: 19
Punkte: 134
Beiträge: 18

30. April 2019

Teil 2

Spoiler anzeigen

# BEGIN ShortPixelWebp

# END ShortPixelWebp

# ----------------------------------------------------------------------

# | Activate CORS

# ----------------------------------------------------------------------

Header set Access-Control-Allow-Origin "*"

</FilesMatch>

</IfModule>

# | BLOCK NUISANCE REQUESTS

RedirectMatch 403 (?i)\.php\.suspected

RedirectMatch 403 (?i)\.(git|well-known)

RedirectMatch 403 (?i)apple-app-site-association

RedirectMatch 403 (?i)/autodiscover/autodiscover.xml

</IfModule>

# ----------------------------------------------------------------------

# | 6g Firewall for Security - Do not change this part @Update 2019

# ----------------------------------------------------------------------

# 6G FIREWALL/BLACKLIST - Version 2019

# @ https://perishablepress.com/6g/

# 6G:[QUERY STRINGS]

RewriteEngine On

RewriteCond %{QUERY_STRING} (eval\() [NC,OR]

RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]

RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]

RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]

RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]

RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]

RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]

RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]

RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]

RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]

RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]

RewriteRule .* - [F]

</IfModule>

# 6G:[REQUEST METHOD]

RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]

RewriteRule .* - [F]

</IfModule>

# 6G:[REFERRERS]

RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]

RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]

RewriteRule .* - [F]

</IfModule>

# 6G:[REQUEST STRINGS]

RedirectMatch 403 (?i)([a-z0-9]{2000,})

RedirectMatch 403 (?i)(https?|ftp|php):/

RedirectMatch 403 (?i)(base64_encode)(.*)(\()

RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.

RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$

RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")

RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)

RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)

RedirectMatch 403 (?i)(&pws=0|_vti_|$null$|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)

RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$

</IfModule>

# 6G:[USER AGENTS]

SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot

# Apache < 2.3

Order Allow,Deny

Allow from all

Deny from env=bad_bot

</IfModule>

# Apache >= 2.3

Require all Granted

Require not env bad_bot

</RequireAll>

</IfModule>

# 6G:[BAD IPS]

Order Allow,Deny

Allow from All

# uncomment/edit/repeat next line to block IPs

# Deny from 123.456.789

</Limit>

# ----------------------------------------------------------------------

# Block files from outside access

# ----------------------------------------------------------------------

# No access to the install.php

Order allow,deny

Deny from all

</files>

# No access to the config.php

Order allow,deny

Deny from all

</files>

# No access to the readme.html

Order Allow,Deny

Deny from all

Satisfy all

</Files>

# No error log access

Order allow,deny

Deny from all

</files>

#No access to the .htaccess und .htpasswd

#<FilesMatch "(\.htaccess|\.htpasswd)">

# Order deny,allow

# Deny from all

#</FilesMatch>

# Block access to folders

RewriteEngine On

RewriteBase /

RewriteRule ^/lib/ - [F,L]

RewriteRule !^lib/ - [S=3]

RewriteRule ^lib/[^/]+\.php$ - [F,L]

</IfModule>

RewriteEngine On

RewriteBase /

RewriteRule ^/go/ - [F,L]

RewriteRule !^go/ - [S=3]

RewriteRule ^go/[^/]+\.php$ - [F,L]

</IfModule>

RewriteEngine On

RewriteBase /

RewriteRule ^/cron/ - [F,L]

RewriteRule !^cron/ - [S=3]

RewriteRule ^cron/[^/]+\.php$ - [F,L]

</IfModule>

# ----------------------------------------------------------------------

# | Blocking the »ReallyLongRequest« Bandit - New in 2018

# https://perishablepress.com/bl…reallylongrequest-bandit/

# ----------------------------------------------------------------------

RewriteCond %{REQUEST_METHOD} .* [NC]

RewriteCond %{THE_REQUEST} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR]

RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC]

RewriteRule .* - [F,L]

</IfModule>

# -----------------------------------------------------------------------------

# HTTP SECURITY HEADER | Test on: https://securityheaders.com | UPDATE 2019

# -----------------------------------------------------------------------------

### @see https://scotthelme.co.uk/harde…our-http-response-headers

### UPDATE 2019

## No-Referrer-Header

Header set Referrer-Policy "no-referrer"

</IfModule>

## X-FRAME-OPTIONS-Header

Header set X-Frame-Options "sameorigin"

</IfModule>

## X-XSS-PROTECTION-Header

Header set X-XSS-Protection "1; mode=block"

</IfModule>

## X-Content-Type-Options-Header

Header set X-Content-Type-Options "nosniff"

</IfModule>

## Strict-Transport-Security-Header

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

</IfModule>

## This prevents that false issued certificates for this website can be used unnoticed. (Experimental)

## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02

Header set Expect-CT "enforce, max-age=21600"

</IfModule>

Inhalt melden

Riggie1000 15. Mai 2019

Teilen

Ähnliche Themen

Teil1: .htaccess anwendungen: Firewall, Link Cloaking, ordner schützen, dateien schützen, etc.