Last active
May 17, 2016 13:46
-
-
Save bannostookaylo/7698fc87085431ca5c9d75116d70aef7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Deny All Access | |
| Order deny,allow | |
| Deny from all | |
| ## Here you can define an IP that is allowed access | |
| ## Allow from xxx.xxx.xxx.xxx | |
| ## --------------------------------------------------------------- ## | |
| ## Deny Access to Hidden Files and Directories | |
| ## Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg... | |
| ## RewriteCond %{SCRIPT_FILENAME} -d [OR] | |
| ## RewriteCond %{SCRIPT_FILENAME} -f | |
| ## RewriteRule "(^|/)\." - [F] | |
| ## Alternatively, you can just raise a “Not Found” error, giving the attacker no clue: | |
| RedirectMatch 404 /\..*$ | |
| ## --------------------------------------------------------------- ## | |
| ## Deny Access to Backup and Source Files | |
| ## These files may be left by some text/HTML editors (like Vi/Vim) and pose a great security danger if exposed to public. | |
| <FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$"> | |
| ## Apache 2.2 | |
| Order allow,deny | |
| Deny from all | |
| Satisfy All | |
| ## Apache 2.4 | |
| # Require all denied | |
| </FilesMatch> | |
| Source | |
| ## --------------------------------------------------------------- ## | |
| ## Disable Directory Browsing | |
| Options All -Indexes | |
| ## --------------------------------------------------------------- ## | |
| ## Disable Image Hotlinking | |
| RewriteEngine on | |
| ## Remove the following line if you want to block blank referrer too | |
| RewriteCond %{HTTP_REFERER} !^$ | |
| RewriteCond %{HTTP_REFERER} !^https?://(.+\.)?example.com [NC] | |
| RewriteRule \.(jpe?g|png|gif|bmp)$ - [NC,F,L] | |
| ## If you want to display a “blocked” banner in place of the hotlinked image, | |
| ## replace the above rule with: | |
| ## RewriteRule \.(jpe?g|png|gif|bmp) http://example.com/blocked.png [R,L] | |
| ## --------------------------------------------------------------- ## | |
| ## Prevent Framing the Site | |
| ## This prevents the website to be framed (i.e. put into an iframe tag), when still allows framing for a specific URI. | |
| SetEnvIf Request_URI "/starry-night" allow_framing=true | |
| Header set X-Frame-Options SAMEORIGIN env=!allow_framing | |
| ## --------------------------------------------------------------- ## | |
| ## MORE EXAMPLES | |
| ## https://github.com/phanan/htaccess | |
| ## --------------------------------------------------------------- ## | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment