besstiolle/htaccess

## htaccess
<Directory />

	#http://forum.ovh.com/showthread.php?t=19263
	<Files .htaccess>
	order allow,deny
	deny from all
	</Files>
	#######################################################################################
	Options -Indexes
	#######################################################################################

	###FILTRE CONTRE ROBOTS DES PIRATES ET ASPIRATEURS DE SITE WEB
	### LISTE ICI: http://www.bg-pro.com/?goto=badbot
	RewriteEngine On
	## EXCEPTION: TOUS LES ROBOTS MEMES ANONYMES OU BANNIS PEUVENT ACCEDER A CES FICHIERS
	RewriteCond %{REQUEST_URI} !^/robots.txt
	RewriteCond %{REQUEST_URI} !^/sitemap.xml
	## EXCEPTION: SI UTILISATION DE *PAYPAL INSTANT NOTIFICATION PAYMENT*, COMME PAYPAL N'UTILISE PAS DE HTTP_USER_AGENT, L'IPN NE MARCHERA PAS.
	RewriteCond %{REQUEST_URI} !^/paypal-ipn.php
	##
	RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR] ## ANONYMES
	RewriteCond %{HTTP_USER_AGENT} ^[bcdfghjklmnpqrstvwxz\ ]{8,}|^[0-9a-z]{15,}|^[0-9A-Za-z]{19,}|^[A-Za-z]{3,}\ [a-z]{4,}\ [a-z]{4,} [OR] ## CEUX QUI INVENTENT DES NOMS AU HASARD
	RewriteCond %{HTTP_USER_AGENT} ^<sc|<\?|8484\ Boston\ Project|autoemailspider|@nonymouse|ADSARobot|Advanced\ Email\ Extractor|^adwords|ah-ha|aktuelles|amzn_assoc|Anarchie|anonymous|Art-Online|ASPSeek|ASSORT|ATHENS|Atomz|attach|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|blogsearchbot-martin|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|compatible\ \;|Crescent|Crescent\ Internet|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|disco|DISCoFinder|Downloader|Download\ Accelerator|Download\ Demon|Download\ Wonder|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|efp@gmx\.net|EirGrabber|EmailCollector|EmailSiphon|Email\ Siphon|EmailWolf|Email\ Extractor|Express\ WebPictures|ExtractorPro [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} EyeNetIE|fastlwspider|FavOrg|Favorites\ Sweeper|^Fetch|FEZhead|FileHound|flashget|FlashGet\ WebWasher|FlickBot|fluffy|frontpage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|go-ahead-got-it|GornKer|Grabber|GrabNet|Grafula|Green\ Research|grub-client|grub\ crawler|hanzoweb|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|HTTPConnect|httpdown|httplib|HttpProxy|HTTP\ agent|http\ generic|HTTrack|ia_archive|IBM_Planetwide|IDBot|id-search|imagefetch|Image\ Stripper|Image\ Sucker|IncyWincy|Indy\ Library|informant|Ingelin|InterGET|InternetLinkAgent|InternetSeer\.com|^Internet\ Explorer|Internet\ Ninja|IPiumBot|Iria|Irvine|Jakarta\ Commons|JBH*Agent [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} JetCar|JOC|JOC\ Web\ Spider|JustView|Kapere|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|likse|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|Mac\ Finder|Mag-Net|Magnet|Mass\ Downloader|MCspider|Microsoft\ URL|Microsoft\ Data|MIDown\ tool|minibot\(NaverRobot\)|Mirror|Missigua|Mister\ PiX|MJ12bot|MMMtoCrawl\/UrlDispatcherLLL|Movable\ Type|Moozilla|^Mozilla$|^MSIE|Murzillo|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|NetZIP|NetZippy|NetZip\ Downloader|Net\ Vampire|NEWT|nicerspro|NICErsPRO|NPBot|Nutch|Nutscrape/|Octopus|Offline\ Explorer|Offline\ Navigator|OmniExplorer|OpaL|Openfind|OpenTextSiteCrawler [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} OrangeBot|PackRat|PageGrabber|Papa\ Foto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|Program\ Shareware|Proxy|psbot|PSurf|psycheclone|^puf|Pump|PushSite|PussyCat|PycURL|python|QRVA|QuepasaCreep|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|almaden|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|SpaceBison|Spegla|SpiderBot|SqWorm|Star\ Downloader|Stripper|sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|SurveyBot|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Telesoft|Templeton|TrackBack|TrueRobot|Turing|TurnitinBot [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} TV33_Mercator|UIowaCrawler|URL_Spider_Pro|^user|^User\ Agent:\ |^User-Agent:\ |UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|VoidEYE|vspider|w3mir|WebaltBot|WebAuto|webbandit|WebCapture|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|WEBsaver|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Web\ Data\ Extractor|Web\ Downloader|Web\ Image\ Collector|Web\ Sucker|web\.by\.mail|whizbang|WhosTalking|Widow|Widows|WISEbot|WISEnutbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|x-Tractor|Xaldon\ WebSpider|XGET|Yandex|Zeus|Zeus.*Webster [NC] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} ^curl|^Fetch\ API\ Request|GT\:\:WWW|^HTTP\:\:Lite|httplib|^Java/1.|^Java\ 1.|^LWP|libWeb|libwww|^PEAR|PECL\:\:HTTP|PHPCrawl|^Program\ Shareware|python|Rsync|Snoopy|^URI\:\:Fetch|WebDAV|^Wget [NC] ## BIBLIOTHEQUES / CLASSES HTTP DONT ON NE VEUT PAS. ATTENTION, CELA PEUT BLOQUER CERTAINES FONCTIONS DE VOTRE CMS. NE PAS TOUT EFFACER, MAIS CHERCHEZ LE NOM DE LA CLASSE HTTP CONCERNEE (DEMANDEZ AUX DEVELOPPEURS DE VOTRE CMS). CETTE LISTE BLOQUE 80% DES ROBOTS SPAMMEURS. IL FAUT LA CONSERVER.
	RewriteRule (.*) - [F]
	#######################################################################################
	### SEUL LE FICHIER index.php EST SERVI COMME PREMIER FICHIER PAR DEFAUT. LES AUTRES SONT INTERDITS
	DirectoryIndex index.php

	### INTERDIRE LES AUTRES TYPES DE FICHIER INDEX
	<Files ~ "^(index)\.(p?s?x?htm?|txt|aspx?|cfml?|cgi|pl|php[3-9]|jsp|xml)$">
	order allow,deny
	deny from all
	</Files>
	### INTERDIRE L'AFFICHAGE DE CERTAINS FORMATS DE FICHIER
	### EXECUTEE PAR LE SERVEUR MAIS INTERDIT D'AFFICHAGE PAR LE NAVIGATEUR WEB
	<Files ~ "\.(inc|class|sql|ini|conf|exe|dll|bin|tpl|bkp|dat|c|h|py|spd|theme|module)$">
	deny from all
	</Files>

	### INTERDIRE L'AFFICHAGE DE CERTAINS FICHIERS COMME config, option, login, setup, install, admin.
	### A ADAPTER SI CELA POSE PROBLEME
	#<Files ~ "^((wp-)?config(\.inc)?|configure|configuration|options?\.inc|option|settings?(\.inc)?|setup(\.inc)?|default|home|install?|admin|errors?|hacke?r?d?|[-_a-z0-9.]*mafia[-_a-z0-9.]*|[-_a-z0-9.]*power[-_a-z0-9.]*|[-_a-z0-9.]*jihad[-_a-z0-9.]*|php|shell|ssh|root|cmd|[0-9]{1,6}|test|data)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml)$">
	#order allow,deny
	#deny from all
	#</Files>

	#######################################################################################
	### ON EVITE LE VOL D'IMAGES, VIDEO, SON, FEUILLE DE STYLE, PDF ET ZIP
	### LES VISITEURS DOIVENT PASSER PAR LE SITE.
	RewriteEngine on
	RewriteCond %{HTTP_REFERER} !^$
	RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*example\.fr$ [NC]
	RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*example\.fr/.*$ [NC]
	RewriteRule .*\.(gif|jpe?g?|jp2|png|svgz?|ico|pdf|zip|gz|js|mp3|m4a|mp4|mov|divx|avi|wma?v?|wmp|swf|flv|docx?|xlsx?|pptx?|vbs|rtf|asf?x?|odt|ods|odp|odg|odb)$ - [NC,F]

	#######################################################################################
	### DES FAUX URLS, ON LES NEUTRALISE
	RedirectMatch gone ^/_vti.*
	RedirectMatch gone ^/MSOffice.*
	RedirectMatch gone ^[-_a-z0-9/\.]*//.*
	RedirectMatch gone ^.*/etc/passwd.*


	#######################################################################################
	### CUSTOM ATTACKS
	RewriteEngine On
	RewriteCond %{QUERY_STRING} ^(.*)(option)?=com_jce(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)wp-content(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)extras(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)images/stories(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)components(.*)$
	RewriteRule (.*) - [F]


	RewriteEngine On
	RewriteCond %{REQUEST_URI} /forum/viewtopic.php [OR]
	RewriteCond %{REQUEST_URI} /forum/viewforum.php
	RewriteCond %{QUERY_STRING} ^(.*)agree=Agree(.*)$
	RewriteRule (.*) - [F]

	RewriteEngine On
	RewriteCond %{REQUEST_URI} /(.*)add.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)fckeditor/ [OR]
	RewriteCond %{REQUEST_URI} /(.*)FCKeditor/ [OR]
	RewriteCond %{REQUEST_URI} /(.*)components/com_oziogallery [OR]
	RewriteCond %{REQUEST_URI} /(.*)admin/ [OR]
	RewriteCond %{REQUEST_URI} /(.*)wp-login.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)administrator [OR]
	RewriteCond %{REQUEST_URI} /(.*)xtAdmin [OR]
	RewriteCond %{REQUEST_URI} /(.*)backend [OR]
	RewriteCond %{REQUEST_URI} /(.*)jtl.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)signup [OR]
	RewriteCond %{REQUEST_URI} /(.*)signin [OR]
	RewriteCond %{REQUEST_URI} /(.*)join [OR]
	RewriteCond %{REQUEST_URI} /(.*)quicklogin.one [OR]
	RewriteCond %{REQUEST_URI} /(.*)join.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)join_form.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)action-blog [OR]
	RewriteCond %{REQUEST_URI} /(.*)blogs/load [OR]
	RewriteCond %{REQUEST_URI} /(.*).aspx$ [OR]
	RewriteCond %{REQUEST_URI} /(.*).asp$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)sign_up.html$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)member.php$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)reg.php$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)logging.php$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)register$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)default-extensions/modules$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)php-source.html$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)\+\+Resu
	RewriteRule (.*) - [F]

	RewriteEngine On
	RewriteCond %{REQUEST_URI} !/(.*)listmodules.php
	RewriteCond %{REQUEST_URI} /(.*)modules.php
	RewriteRule (.*) - [F]

	RewriteEngine On
	RewriteCond %{REQUEST_URI} !/(.*)viewforum.php
	RewriteCond %{REQUEST_URI} /(.*)forum.php
	RewriteRule (.*) - [F]


	#######################################################################################
	### FILTRE CONTRE XSS, REDIRECTIONS HTTP, base64_encode, VARIABLE PHP GLOBALS VIA URL, MODIFIER VARIABLE _REQUEST VIA URL, TEST DE FAILLE PHP, INJECTION SQL SIMPLE
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
	RewriteCond %{QUERY_STRING} ^(.*)(%3C|<)/?script(.*)$ [NC,OR]
	RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)?javascript(%3A|:)(.*)$ [NC,OR]
	RewriteCond %{QUERY_STRING} ^(.*)document\.location\.href(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)http(%3A|:)(/|%2F){2}(.*)$ [NC,OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER CERTAINES REDIRECTIONS RESSEMBLANT A: http://www.truc.fr/index.php?r=http://www.google.fr ##
	RewriteCond %{QUERY_STRING} ^(.*)base64_encode(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)GLOBALS(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)_REQUEST(=|[|%[0-9A-Z]{0,2})(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)(SELECT(%20|\+)|UNION(%20|\+)ALL|INSERT(%20|\+)|DELETE(%20|\+)|CHAR\(|UPDATE(%20|\+)|REPLACE(%20|\+)|LIMIT(%20|\+))(.*)$ [NC]
	RewriteRule (.*) - [F]

	#######################################################################################
	### FILTRE CONTRE PHPSHELL.PHP, REMOTEVIEW, c99Shell et autres
	RewriteEngine On
	RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
	RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
	RewriteCond %{QUERY_STRING} ^(.*)=/home(.+)?/loginftp/(.*)$ [OR]
	RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
	RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
	RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)cmd=.*$ [OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER VOTRE SITE ##
	RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
	RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
	RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
	RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|concat|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
	RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
	RewriteRule (.*) - [F]

	#######################################################################################
	## Fin de la conf de securite
	#######################################################################################

	ExpiresActive On
	ExpiresByType image/jpg "access plus 1 year"
	ExpiresByType image/jpeg "access plus 1 year"
	ExpiresByType image/gif "access plus 1 year"
	ExpiresByType image/png "access plus 1 year"
	ExpiresByType text/css "access plus 1 month"
	ExpiresByType application/pdf "access plus 1 month"
	ExpiresByType text/x-javascript "access plus 1 month"
	ExpiresByType application/x-shockwave-flash "access plus 1 month"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresDefault "access plus 2 days"


	#Turn Off ETag
	Header unset ETag
	FileETag None

	#Suppression si possible des cookies pour les fichiers plats
	<IfModule mod_headers.c>
		<FilesMatch "\\.(js|css|jpg|png|jpeg|gif)$">
			RequestHeader unset Cookie
			Header unset Set-Cookie
			Header set Cache-Control "max-age=86400"
		</FilesMatch>
	</IfModule>

	<filesmatch ".(php|html|css|js)$">
	SetOutputFilter DEFLATE
	</filesmatch>


	Options +FollowSymLinks

</Directory>
	<Directory />

	#http://forum.ovh.com/showthread.php?t=19263
	<Files .htaccess>
	order allow,deny
	deny from all
	</Files>
	#######################################################################################
	Options -Indexes
	#######################################################################################

	###FILTRE CONTRE ROBOTS DES PIRATES ET ASPIRATEURS DE SITE WEB
	### LISTE ICI: http://www.bg-pro.com/?goto=badbot
	RewriteEngine On
	## EXCEPTION: TOUS LES ROBOTS MEMES ANONYMES OU BANNIS PEUVENT ACCEDER A CES FICHIERS
	RewriteCond %{REQUEST_URI} !^/robots.txt
	RewriteCond %{REQUEST_URI} !^/sitemap.xml
	## EXCEPTION: SI UTILISATION DE PAYPAL INSTANT NOTIFICATION PAYMENT, COMME PAYPAL N'UTILISE PAS DE HTTP_USER_AGENT, L'IPN NE MARCHERA PAS.
	RewriteCond %{REQUEST_URI} !^/paypal-ipn.php
	##
	RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR] ## ANONYMES
	RewriteCond %{HTTP_USER_AGENT} ^[bcdfghjklmnpqrstvwxz\ ]{8,}\|^[0-9a-z]{15,}\|^[0-9A-Za-z]{19,}\|^[A-Za-z]{3,}\ [a-z]{4,}\ [a-z]{4,} [OR] ## CEUX QUI INVENTENT DES NOMS AU HASARD
	RewriteCond %{HTTP_USER_AGENT} ^<sc\|<\?\|8484\ Boston\ Project\|autoemailspider\|@nonymouse\|ADSARobot\|Advanced\ Email\ Extractor\|^adwords\|ah-ha\|aktuelles\|amzn_assoc\|Anarchie\|anonymous\|Art-Online\|ASPSeek\|ASSORT\|ATHENS\|Atomz\|attach\|autoemailspider\|BackWeb\|Bandit\|BatchFTP\|bdfetch\|big.brother\|BlackWidow\|blogsearchbot-martin\|bmclient\|Boston\ Project\|BravoBrian\ SpiderEngine\ MarcoPolo\|Bullseye\|bumblebee\|capture\|CherryPicker\|ChinaClaw\|CICC\|clipping\|compatible\ \;\|Crescent\|Crescent\ Internet\|Custo\|cyberalert\|Deweb\|diagem\|Digger\|Digimarc\|DIIbot\|DirectUpdate\|disco\|DISCoFinder\|Downloader\|Download\ Accelerator\|Download\ Demon\|Download\ Wonder\|Drip\|DSurf15a\|DTS.Agent\|EasyDL\|eCatch\|echo\ extense\|ecollector\|efp@gmx\.net\|EirGrabber\|EmailCollector\|EmailSiphon\|Email\ Siphon\|EmailWolf\|Email\ Extractor\|Express\ WebPictures\|ExtractorPro [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} EyeNetIE\|fastlwspider\|FavOrg\|Favorites\ Sweeper\|^Fetch\|FEZhead\|FileHound\|flashget\|FlashGet\ WebWasher\|FlickBot\|fluffy\|frontpage\|GalaxyBot\|Generic\|Getleft\|GetRight\|GetSmart\|GetWeb!\|GetWebPage\|gigabaz\|Girafabot\|Go!Zilla\|go-ahead-got-it\|GornKer\|Grabber\|GrabNet\|Grafula\|Green\ Research\|grub-client\|grub\ crawler\|hanzoweb\|Harvest\|hhjhj@yahoo\|hloader\|HMView\|HomePageSearch\|HTTPConnect\|httpdown\|httplib\|HttpProxy\|HTTP\ agent\|http\ generic\|HTTrack\|ia_archive\|IBM_Planetwide\|IDBot\|id-search\|imagefetch\|Image\ Stripper\|Image\ Sucker\|IncyWincy\|Indy\ Library\|informant\|Ingelin\|InterGET\|InternetLinkAgent\|InternetSeer\.com\|^Internet\ Explorer\|Internet\ Ninja\|IPiumBot\|Iria\|Irvine\|Jakarta\ Commons\|JBH*Agent [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} JetCar\|JOC\|JOC\ Web\ Spider\|JustView\|Kapere\|KWebGet\|Lachesis\|larbin\|LeechFTP\|LexiBot\|lftp\|likse\|Link*Sleuth\|LINKS\ ARoMATIZED\|LinkWalker\|Mac\ Finder\|Mag-Net\|Magnet\|Mass\ Downloader\|MCspider\|Microsoft\ URL\|Microsoft\ Data\|MIDown\ tool\|minibot\(NaverRobot\)\|Mirror\|Missigua\|Mister\ PiX\|MJ12bot\|MMMtoCrawl\/UrlDispatcherLLL\|Movable\ Type\|Moozilla\|^Mozilla$\|^MSIE\|Murzillo\|MSProxy\|multithreaddb\|nationaldirectory\|Navroad\|NearSite\|NetAnts\|NetCarta\|NetMechanic\|netprospector\|NetResearchServer\|NetSpider\|NetZIP\|NetZippy\|NetZip\ Downloader\|Net\ Vampire\|NEWT\|nicerspro\|NICErsPRO\|NPBot\|Nutch\|Nutscrape/\|Octopus\|Offline\ Explorer\|Offline\ Navigator\|OmniExplorer\|OpaL\|Openfind\|OpenTextSiteCrawler [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} OrangeBot\|PackRat\|PageGrabber\|Papa\ Foto\|pavuk\|pcBrowser\|PersonaPilot\|PingALink\|Pockey\|Program\ Shareware\|Proxy\|psbot\|PSurf\|psycheclone\|^puf\|Pump\|PushSite\|PussyCat\|PycURL\|python\|QRVA\|QuepasaCreep\|RealDownload\|Reaper\|Recorder\|ReGet\|replacer\|RepoMonkey\|almaden\|Robozilla\|Rover\|RPT-HTTPClient\|Rsync\|SearchExpress\|searchhippo\|searchterms\.it\|Second\ Street\ Research\|Seeker\|Shai\|sitecheck\|SiteMapper\|SiteSnagger\|SlySearch\|SmartDownload\|snagger\|SpaceBison\|Spegla\|SpiderBot\|SqWorm\|Star\ Downloader\|Stripper\|sucker\|SuperBot\|SuperHTTP\|Surfbot\|SurfWalker\|SurveyBot\|Szukacz\|tAkeOut\|tarspider\|Teleport\ Pro\|Telesoft\|Templeton\|TrackBack\|TrueRobot\|Turing\|TurnitinBot [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} TV33_Mercator\|UIowaCrawler\|URL_Spider_Pro\|^user\|^User\ Agent:\ \|^User-Agent:\ \|UtilMind\|Vacuum\|vagabondo\|vayala\|visibilitygap\|vobsub\|VoidEYE\|vspider\|w3mir\|WebaltBot\|WebAuto\|webbandit\|WebCapture\|Webclipping\|webcollage\|webcollector\|WebCopier\|webcraft@bea\|WebDAV\|webdevil\|webdownloader\|Webdup\|WebEmailExtractor\|WebFetch\|WebGo\ IS\|WebHook\|Webinator\|WebLeacher\|WEBMASTERS\|WebMiner\|WebMirror\|webmole\|WebReaper\|WebSauger\|WEBsaver\|Website\ eXtractor\|Website\ Quester\|WebSnake\|Webster\|WebStripper\|websucker\|webvac\|webwalk\|webweasel\|WebWhacker\|WebZIP\|Web\ Data\ Extractor\|Web\ Downloader\|Web\ Image\ Collector\|Web\ Sucker\|web\.by\.mail\|whizbang\|WhosTalking\|Widow\|Widows\|WISEbot\|WISEnutbot\|WUMPUS\|Wweb\|WWWOFFLE\|Wysigot\|x-Tractor\|Xaldon\ WebSpider\|XGET\|Yandex\|Zeus\|Zeus.*Webster [NC] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES
	RewriteCond %{HTTP_USER_AGENT} ^curl\|^Fetch\ API\ Request\|GT\:\:WWW\|^HTTP\:\:Lite\|httplib\|^Java/1.\|^Java\ 1.\|^LWP\|libWeb\|libwww\|^PEAR\|PECL\:\:HTTP\|PHPCrawl\|^Program\ Shareware\|python\|Rsync\|Snoopy\|^URI\:\:Fetch\|WebDAV\|^Wget [NC] ## BIBLIOTHEQUES / CLASSES HTTP DONT ON NE VEUT PAS. ATTENTION, CELA PEUT BLOQUER CERTAINES FONCTIONS DE VOTRE CMS. NE PAS TOUT EFFACER, MAIS CHERCHEZ LE NOM DE LA CLASSE HTTP CONCERNEE (DEMANDEZ AUX DEVELOPPEURS DE VOTRE CMS). CETTE LISTE BLOQUE 80% DES ROBOTS SPAMMEURS. IL FAUT LA CONSERVER.
	RewriteRule (.*) - [F]
	#######################################################################################
	### SEUL LE FICHIER index.php EST SERVI COMME PREMIER FICHIER PAR DEFAUT. LES AUTRES SONT INTERDITS
	DirectoryIndex index.php

	### INTERDIRE LES AUTRES TYPES DE FICHIER INDEX
	<Files ~ "^(index)\.(p?s?x?htm?\|txt\|aspx?\|cfml?\|cgi\|pl\|php[3-9]\|jsp\|xml)$">
	order allow,deny
	deny from all
	</Files>
	### INTERDIRE L'AFFICHAGE DE CERTAINS FORMATS DE FICHIER
	### EXECUTEE PAR LE SERVEUR MAIS INTERDIT D'AFFICHAGE PAR LE NAVIGATEUR WEB
	<Files ~ "\.(inc\|class\|sql\|ini\|conf\|exe\|dll\|bin\|tpl\|bkp\|dat\|c\|h\|py\|spd\|theme\|module)$">
	deny from all
	</Files>

	### INTERDIRE L'AFFICHAGE DE CERTAINS FICHIERS COMME config, option, login, setup, install, admin.
	### A ADAPTER SI CELA POSE PROBLEME
	#<Files ~ "^((wp-)?config(\.inc)?\|configure\|configuration\|options?\.inc\|option\|settings?(\.inc)?\|setup(\.inc)?\|default\|home\|install?\|admin\|errors?\|hacke?r?d?\|[-_a-z0-9.]mafia[-_a-z0-9.]\|[-_a-z0-9.]power[-_a-z0-9.]\|[-_a-z0-9.]jihad[-_a-z0-9.]\|php\|shell\|ssh\|root\|cmd\|[0-9]{1,6}\|test\|data)\.(p?s?x?htm?l?\|txt\|aspx?\|cfml?\|cgi\|pl\|php[3-9]{0,1}\|jsp?\|sql\|xml)$">
	#order allow,deny
	#deny from all
	#</Files>

	#######################################################################################
	### ON EVITE LE VOL D'IMAGES, VIDEO, SON, FEUILLE DE STYLE, PDF ET ZIP
	### LES VISITEURS DOIVENT PASSER PAR LE SITE.
	RewriteEngine on
	RewriteCond %{HTTP_REFERER} !^$
	RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*example\.fr$ [NC]
	RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]example\.fr/.$ [NC]
	RewriteRule .*\.(gif\|jpe?g?\|jp2\|png\|svgz?\|ico\|pdf\|zip\|gz\|js\|mp3\|m4a\|mp4\|mov\|divx\|avi\|wma?v?\|wmp\|swf\|flv\|docx?\|xlsx?\|pptx?\|vbs\|rtf\|asf?x?\|odt\|ods\|odp\|odg\|odb)$ - [NC,F]

	#######################################################################################
	### DES FAUX URLS, ON LES NEUTRALISE
	RedirectMatch gone ^/_vti.*
	RedirectMatch gone ^/MSOffice.*
	RedirectMatch gone ^[-_a-z0-9/\.]//.
	RedirectMatch gone ^./etc/passwd.


	#######################################################################################
	### CUSTOM ATTACKS
	RewriteEngine On
	RewriteCond %{QUERY_STRING} ^(.)(option)?=com_jce(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)wp-content(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)extras(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)images/stories(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)components(.)$
	RewriteRule (.*) - [F]


	RewriteEngine On
	RewriteCond %{REQUEST_URI} /forum/viewtopic.php [OR]
	RewriteCond %{REQUEST_URI} /forum/viewforum.php
	RewriteCond %{QUERY_STRING} ^(.)agree=Agree(.)$
	RewriteRule (.*) - [F]

	RewriteEngine On
	RewriteCond %{REQUEST_URI} /(.*)add.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)fckeditor/ [OR]
	RewriteCond %{REQUEST_URI} /(.*)FCKeditor/ [OR]
	RewriteCond %{REQUEST_URI} /(.*)components/com_oziogallery [OR]
	RewriteCond %{REQUEST_URI} /(.*)admin/ [OR]
	RewriteCond %{REQUEST_URI} /(.*)wp-login.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)administrator [OR]
	RewriteCond %{REQUEST_URI} /(.*)xtAdmin [OR]
	RewriteCond %{REQUEST_URI} /(.*)backend [OR]
	RewriteCond %{REQUEST_URI} /(.*)jtl.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)signup [OR]
	RewriteCond %{REQUEST_URI} /(.*)signin [OR]
	RewriteCond %{REQUEST_URI} /(.*)join [OR]
	RewriteCond %{REQUEST_URI} /(.*)quicklogin.one [OR]
	RewriteCond %{REQUEST_URI} /(.*)join.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)join_form.php [OR]
	RewriteCond %{REQUEST_URI} /(.*)action-blog [OR]
	RewriteCond %{REQUEST_URI} /(.*)blogs/load [OR]
	RewriteCond %{REQUEST_URI} /(.*).aspx$ [OR]
	RewriteCond %{REQUEST_URI} /(.*).asp$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)sign_up.html$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)member.php$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)reg.php$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)logging.php$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)register$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)default-extensions/modules$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)php-source.html$ [OR]
	RewriteCond %{REQUEST_URI} /(.*)\+\+Resu
	RewriteRule (.*) - [F]

	RewriteEngine On
	RewriteCond %{REQUEST_URI} !/(.*)listmodules.php
	RewriteCond %{REQUEST_URI} /(.*)modules.php
	RewriteRule (.*) - [F]

	RewriteEngine On
	RewriteCond %{REQUEST_URI} !/(.*)viewforum.php
	RewriteCond %{REQUEST_URI} /(.*)forum.php
	RewriteRule (.*) - [F]


	#######################################################################################
	### FILTRE CONTRE XSS, REDIRECTIONS HTTP, base64_encode, VARIABLE PHP GLOBALS VIA URL, MODIFIER VARIABLE _REQUEST VIA URL, TEST DE FAILLE PHP, INJECTION SQL SIMPLE
	RewriteEngine On
	RewriteCond %{REQUEST_METHOD} (GET\|POST) [NC]
	RewriteCond %{QUERY_STRING} ^(.)(%3C\|<)/?script(.)$ [NC,OR]
	RewriteCond %{QUERY_STRING} ^(.)(%3D\|=)?javascript(%3A\|:)(.)$ [NC,OR]
	RewriteCond %{QUERY_STRING} ^(.)document\.location\.href(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)(%3D\|=)http(%3A\|:)(/\|%2F){2}(.)$ [NC,OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER CERTAINES REDIRECTIONS RESSEMBLANT A: http://www.truc.fr/index.php?r=http://www.google.fr ##
	RewriteCond %{QUERY_STRING} ^(.)base64_encode(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)GLOBALS(=\|[\|%[0-9A-Z]{0,2})(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)_REQUEST(=\|[\|%[0-9A-Z]{0,2})(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)(SELECT(%20\|\+)\|UNION(%20\|\+)ALL\|INSERT(%20\|\+)\|DELETE(%20\|\+)\|CHAR\(\|UPDATE(%20\|\+)\|REPLACE(%20\|\+)\|LIMIT(%20\|\+))(.)$ [NC]
	RewriteRule (.*) - [F]

	#######################################################################################
	### FILTRE CONTRE PHPSHELL.PHP, REMOTEVIEW, c99Shell et autres
	RewriteEngine On
	RewriteCond %{REQUEST_URI} .((php\|my)?shell\|remview.\|phpremoteview.\|sshphp.\|pcom\|nstview.\|c99\|r57\|webadmin.\|phpget.\|phpwriter.\|fileditor.\|locus7.\|storm7.*)\.(p?s?x?htm?l?\|txt\|aspx?\|cfml?\|cgi\|pl\|php[3-9]{0,1}\|jsp?\|sql\|xml) [NC,OR]
	RewriteCond %{REQUEST_METHOD} (GET\|POST) [NC]
	RewriteCond %{QUERY_STRING} ^(.)=/home(.+)?/loginftp/(.)$ [OR]
	RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
	RewriteCond %{QUERY_STRING} ^command=.&output.$ [OR]
	RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)cmd=.$ [OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER VOTRE SITE ##
	RewriteCond %{QUERY_STRING} ^c=(t\|setup\|codes)$ [OR]
	RewriteCond %{QUERY_STRING} ^act=((about\|cmd\|selfremove\|chbd\|trojan\|backc\|massbrowsersploit\|exploits\|grablogins\|upload.)\|((chmod\|f)&f=.))$ [OR]
	RewriteCond %{QUERY_STRING} ^act=(ls\|search\|fsbuff\|encoder\|tools\|processes\|ftpquickbrute\|security\|sql\|eval\|update\|feedback\|cmd\|gofile\|mkfile)&d=.*$ [OR]
	RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=\|v&fnot=\|setup&ref=\|l&r=\|d&d=\|tree&d\|t&d=\|e&d=\|i&d=\|codes\|md5crack).*$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)([-_a-z]{1,15})=(ls\|cd\|cat\|rm\|mv\|vim\|chmod\|chdir\|concat\|mkdir\|rmdir\|pwd\|clear\|whoami\|uname\|tar\|zip\|unzip\|gzip\|gunzip\|grep\|more\|ln\|umask\|telnet\|ssh\|ftp\|head\|tail\|which\|mkmode\|touch\|logname\|edit_file\|search_text\|find_text\|php_eval\|download_file\|ftp_file_down\|ftp_file_up\|ftp_brute\|mail_file\|mysql\|mysql_dump\|db_query)([^a-zA-Z0-9].+)$ [OR]
	RewriteCond %{QUERY_STRING} ^(.)(wget\|shell_exec\|passthru\|system\|exec\|popen\|proc_open)(.)$
	RewriteRule (.*) - [F]

	#######################################################################################
	## Fin de la conf de securite
	#######################################################################################

	ExpiresActive On
	ExpiresByType image/jpg "access plus 1 year"
	ExpiresByType image/jpeg "access plus 1 year"
	ExpiresByType image/gif "access plus 1 year"
	ExpiresByType image/png "access plus 1 year"
	ExpiresByType text/css "access plus 1 month"
	ExpiresByType application/pdf "access plus 1 month"
	ExpiresByType text/x-javascript "access plus 1 month"
	ExpiresByType application/x-shockwave-flash "access plus 1 month"
	ExpiresByType image/x-icon "access plus 1 year"
	ExpiresDefault "access plus 2 days"


	#Turn Off ETag
	Header unset ETag
	FileETag None

	#Suppression si possible des cookies pour les fichiers plats
	<IfModule mod_headers.c>
	<FilesMatch "\\.(js\|css\|jpg\|png\|jpeg\|gif)$">
	RequestHeader unset Cookie
	Header unset Set-Cookie
	Header set Cache-Control "max-age=86400"
	</FilesMatch>
	</IfModule>

	<filesmatch ".(php\|html\|css\|js)$">
	SetOutputFilter DEFLATE
	</filesmatch>


	Options +FollowSymLinks

	</Directory>