Created
December 5, 2016 21:07
-
-
Save besstiolle/1f43d2c552199007e61efd8000e94613 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<Directory /> | |
#http://forum.ovh.com/showthread.php?t=19263 | |
<Files .htaccess> | |
order allow,deny | |
deny from all | |
</Files> | |
####################################################################################### | |
Options -Indexes | |
####################################################################################### | |
###FILTRE CONTRE ROBOTS DES PIRATES ET ASPIRATEURS DE SITE WEB | |
### LISTE ICI: http://www.bg-pro.com/?goto=badbot | |
RewriteEngine On | |
## EXCEPTION: TOUS LES ROBOTS MEMES ANONYMES OU BANNIS PEUVENT ACCEDER A CES FICHIERS | |
RewriteCond %{REQUEST_URI} !^/robots.txt | |
RewriteCond %{REQUEST_URI} !^/sitemap.xml | |
## EXCEPTION: SI UTILISATION DE *PAYPAL INSTANT NOTIFICATION PAYMENT*, COMME PAYPAL N'UTILISE PAS DE HTTP_USER_AGENT, L'IPN NE MARCHERA PAS. | |
RewriteCond %{REQUEST_URI} !^/paypal-ipn.php | |
## | |
RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR] ## ANONYMES | |
RewriteCond %{HTTP_USER_AGENT} ^[bcdfghjklmnpqrstvwxz\ ]{8,}|^[0-9a-z]{15,}|^[0-9A-Za-z]{19,}|^[A-Za-z]{3,}\ [a-z]{4,}\ [a-z]{4,} [OR] ## CEUX QUI INVENTENT DES NOMS AU HASARD | |
RewriteCond %{HTTP_USER_AGENT} ^<sc|<\?|8484\ Boston\ Project|autoemailspider|@nonymouse|ADSARobot|Advanced\ Email\ Extractor|^adwords|ah-ha|aktuelles|amzn_assoc|Anarchie|anonymous|Art-Online|ASPSeek|ASSORT|ATHENS|Atomz|attach|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|blogsearchbot-martin|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|compatible\ \;|Crescent|Crescent\ Internet|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|disco|DISCoFinder|Downloader|Download\ Accelerator|Download\ Demon|Download\ Wonder|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|efp@gmx\.net|EirGrabber|EmailCollector|EmailSiphon|Email\ Siphon|EmailWolf|Email\ Extractor|Express\ WebPictures|ExtractorPro [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES | |
RewriteCond %{HTTP_USER_AGENT} EyeNetIE|fastlwspider|FavOrg|Favorites\ Sweeper|^Fetch|FEZhead|FileHound|flashget|FlashGet\ WebWasher|FlickBot|fluffy|frontpage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|go-ahead-got-it|GornKer|Grabber|GrabNet|Grafula|Green\ Research|grub-client|grub\ crawler|hanzoweb|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|HTTPConnect|httpdown|httplib|HttpProxy|HTTP\ agent|http\ generic|HTTrack|ia_archive|IBM_Planetwide|IDBot|id-search|imagefetch|Image\ Stripper|Image\ Sucker|IncyWincy|Indy\ Library|informant|Ingelin|InterGET|InternetLinkAgent|InternetSeer\.com|^Internet\ Explorer|Internet\ Ninja|IPiumBot|Iria|Irvine|Jakarta\ Commons|JBH*Agent [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES | |
RewriteCond %{HTTP_USER_AGENT} JetCar|JOC|JOC\ Web\ Spider|JustView|Kapere|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|likse|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|Mac\ Finder|Mag-Net|Magnet|Mass\ Downloader|MCspider|Microsoft\ URL|Microsoft\ Data|MIDown\ tool|minibot\(NaverRobot\)|Mirror|Missigua|Mister\ PiX|MJ12bot|MMMtoCrawl\/UrlDispatcherLLL|Movable\ Type|Moozilla|^Mozilla$|^MSIE|Murzillo|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|NetZIP|NetZippy|NetZip\ Downloader|Net\ Vampire|NEWT|nicerspro|NICErsPRO|NPBot|Nutch|Nutscrape/|Octopus|Offline\ Explorer|Offline\ Navigator|OmniExplorer|OpaL|Openfind|OpenTextSiteCrawler [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES | |
RewriteCond %{HTTP_USER_AGENT} OrangeBot|PackRat|PageGrabber|Papa\ Foto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|Program\ Shareware|Proxy|psbot|PSurf|psycheclone|^puf|Pump|PushSite|PussyCat|PycURL|python|QRVA|QuepasaCreep|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|almaden|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|SpaceBison|Spegla|SpiderBot|SqWorm|Star\ Downloader|Stripper|sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|SurveyBot|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Telesoft|Templeton|TrackBack|TrueRobot|Turing|TurnitinBot [NC,OR] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES | |
RewriteCond %{HTTP_USER_AGENT} TV33_Mercator|UIowaCrawler|URL_Spider_Pro|^user|^User\ Agent:\ |^User-Agent:\ |UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|VoidEYE|vspider|w3mir|WebaltBot|WebAuto|webbandit|WebCapture|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|WEBsaver|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Web\ Data\ Extractor|Web\ Downloader|Web\ Image\ Collector|Web\ Sucker|web\.by\.mail|whizbang|WhosTalking|Widow|Widows|WISEbot|WISEnutbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|x-Tractor|Xaldon\ WebSpider|XGET|Yandex|Zeus|Zeus.*Webster [NC] ## VRAIS ET FAUX ROBOTS NE RESPECTANT PAS LES REGLES | |
RewriteCond %{HTTP_USER_AGENT} ^curl|^Fetch\ API\ Request|GT\:\:WWW|^HTTP\:\:Lite|httplib|^Java/1.|^Java\ 1.|^LWP|libWeb|libwww|^PEAR|PECL\:\:HTTP|PHPCrawl|^Program\ Shareware|python|Rsync|Snoopy|^URI\:\:Fetch|WebDAV|^Wget [NC] ## BIBLIOTHEQUES / CLASSES HTTP DONT ON NE VEUT PAS. ATTENTION, CELA PEUT BLOQUER CERTAINES FONCTIONS DE VOTRE CMS. NE PAS TOUT EFFACER, MAIS CHERCHEZ LE NOM DE LA CLASSE HTTP CONCERNEE (DEMANDEZ AUX DEVELOPPEURS DE VOTRE CMS). CETTE LISTE BLOQUE 80% DES ROBOTS SPAMMEURS. IL FAUT LA CONSERVER. | |
RewriteRule (.*) - [F] | |
####################################################################################### | |
### SEUL LE FICHIER index.php EST SERVI COMME PREMIER FICHIER PAR DEFAUT. LES AUTRES SONT INTERDITS | |
DirectoryIndex index.php | |
### INTERDIRE LES AUTRES TYPES DE FICHIER INDEX | |
<Files ~ "^(index)\.(p?s?x?htm?|txt|aspx?|cfml?|cgi|pl|php[3-9]|jsp|xml)$"> | |
order allow,deny | |
deny from all | |
</Files> | |
### INTERDIRE L'AFFICHAGE DE CERTAINS FORMATS DE FICHIER | |
### EXECUTEE PAR LE SERVEUR MAIS INTERDIT D'AFFICHAGE PAR LE NAVIGATEUR WEB | |
<Files ~ "\.(inc|class|sql|ini|conf|exe|dll|bin|tpl|bkp|dat|c|h|py|spd|theme|module)$"> | |
deny from all | |
</Files> | |
### INTERDIRE L'AFFICHAGE DE CERTAINS FICHIERS COMME config, option, login, setup, install, admin. | |
### A ADAPTER SI CELA POSE PROBLEME | |
#<Files ~ "^((wp-)?config(\.inc)?|configure|configuration|options?\.inc|option|settings?(\.inc)?|setup(\.inc)?|default|home|install?|admin|errors?|hacke?r?d?|[-_a-z0-9.]*mafia[-_a-z0-9.]*|[-_a-z0-9.]*power[-_a-z0-9.]*|[-_a-z0-9.]*jihad[-_a-z0-9.]*|php|shell|ssh|root|cmd|[0-9]{1,6}|test|data)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml)$"> | |
#order allow,deny | |
#deny from all | |
#</Files> | |
####################################################################################### | |
### ON EVITE LE VOL D'IMAGES, VIDEO, SON, FEUILLE DE STYLE, PDF ET ZIP | |
### LES VISITEURS DOIVENT PASSER PAR LE SITE. | |
RewriteEngine on | |
RewriteCond %{HTTP_REFERER} !^$ | |
RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*example\.fr$ [NC] | |
RewriteCond %{HTTP_REFERER} !^http://[-_a-z0-9.]*example\.fr/.*$ [NC] | |
RewriteRule .*\.(gif|jpe?g?|jp2|png|svgz?|ico|pdf|zip|gz|js|mp3|m4a|mp4|mov|divx|avi|wma?v?|wmp|swf|flv|docx?|xlsx?|pptx?|vbs|rtf|asf?x?|odt|ods|odp|odg|odb)$ - [NC,F] | |
####################################################################################### | |
### DES FAUX URLS, ON LES NEUTRALISE | |
RedirectMatch gone ^/_vti.* | |
RedirectMatch gone ^/MSOffice.* | |
RedirectMatch gone ^[-_a-z0-9/\.]*//.* | |
RedirectMatch gone ^.*/etc/passwd.* | |
####################################################################################### | |
### CUSTOM ATTACKS | |
RewriteEngine On | |
RewriteCond %{QUERY_STRING} ^(.*)(option)?=com_jce(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)wp-content(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)extras(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)images/stories(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)components(.*)$ | |
RewriteRule (.*) - [F] | |
RewriteEngine On | |
RewriteCond %{REQUEST_URI} /forum/viewtopic.php [OR] | |
RewriteCond %{REQUEST_URI} /forum/viewforum.php | |
RewriteCond %{QUERY_STRING} ^(.*)agree=Agree(.*)$ | |
RewriteRule (.*) - [F] | |
RewriteEngine On | |
RewriteCond %{REQUEST_URI} /(.*)add.php [OR] | |
RewriteCond %{REQUEST_URI} /(.*)fckeditor/ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)FCKeditor/ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)components/com_oziogallery [OR] | |
RewriteCond %{REQUEST_URI} /(.*)admin/ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)wp-login.php [OR] | |
RewriteCond %{REQUEST_URI} /(.*)administrator [OR] | |
RewriteCond %{REQUEST_URI} /(.*)xtAdmin [OR] | |
RewriteCond %{REQUEST_URI} /(.*)backend [OR] | |
RewriteCond %{REQUEST_URI} /(.*)jtl.php [OR] | |
RewriteCond %{REQUEST_URI} /(.*)signup [OR] | |
RewriteCond %{REQUEST_URI} /(.*)signin [OR] | |
RewriteCond %{REQUEST_URI} /(.*)join [OR] | |
RewriteCond %{REQUEST_URI} /(.*)quicklogin.one [OR] | |
RewriteCond %{REQUEST_URI} /(.*)join.php [OR] | |
RewriteCond %{REQUEST_URI} /(.*)join_form.php [OR] | |
RewriteCond %{REQUEST_URI} /(.*)action-blog [OR] | |
RewriteCond %{REQUEST_URI} /(.*)blogs/load [OR] | |
RewriteCond %{REQUEST_URI} /(.*).aspx$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*).asp$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)sign_up.html$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)member.php$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)reg.php$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)logging.php$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)register$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)default-extensions/modules$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)php-source.html$ [OR] | |
RewriteCond %{REQUEST_URI} /(.*)\+\+Resu | |
RewriteRule (.*) - [F] | |
RewriteEngine On | |
RewriteCond %{REQUEST_URI} !/(.*)listmodules.php | |
RewriteCond %{REQUEST_URI} /(.*)modules.php | |
RewriteRule (.*) - [F] | |
RewriteEngine On | |
RewriteCond %{REQUEST_URI} !/(.*)viewforum.php | |
RewriteCond %{REQUEST_URI} /(.*)forum.php | |
RewriteRule (.*) - [F] | |
####################################################################################### | |
### FILTRE CONTRE XSS, REDIRECTIONS HTTP, base64_encode, VARIABLE PHP GLOBALS VIA URL, MODIFIER VARIABLE _REQUEST VIA URL, TEST DE FAILLE PHP, INJECTION SQL SIMPLE | |
RewriteEngine On | |
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC] | |
RewriteCond %{QUERY_STRING} ^(.*)(%3C|<)/?script(.*)$ [NC,OR] | |
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)?javascript(%3A|:)(.*)$ [NC,OR] | |
RewriteCond %{QUERY_STRING} ^(.*)document\.location\.href(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=)http(%3A|:)(/|%2F){2}(.*)$ [NC,OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER CERTAINES REDIRECTIONS RESSEMBLANT A: http://www.truc.fr/index.php?r=http://www.google.fr ## | |
RewriteCond %{QUERY_STRING} ^(.*)base64_encode(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)GLOBALS(=|[|%[0-9A-Z]{0,2})(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)_REQUEST(=|[|%[0-9A-Z]{0,2})(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)(SELECT(%20|\+)|UNION(%20|\+)ALL|INSERT(%20|\+)|DELETE(%20|\+)|CHAR\(|UPDATE(%20|\+)|REPLACE(%20|\+)|LIMIT(%20|\+))(.*)$ [NC] | |
RewriteRule (.*) - [F] | |
####################################################################################### | |
### FILTRE CONTRE PHPSHELL.PHP, REMOTEVIEW, c99Shell et autres | |
RewriteEngine On | |
RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR] | |
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC] | |
RewriteCond %{QUERY_STRING} ^(.*)=/home(.+)?/loginftp/(.*)$ [OR] | |
RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR] | |
RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR] | |
RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)cmd=.*$ [OR] ## ATTENTION A CETTE REGLE. ELLE PEUT CASSER VOTRE SITE ## | |
RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR] | |
RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR] | |
RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR] | |
RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|concat|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR] | |
RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$ | |
RewriteRule (.*) - [F] | |
####################################################################################### | |
## Fin de la conf de securite | |
####################################################################################### | |
ExpiresActive On | |
ExpiresByType image/jpg "access plus 1 year" | |
ExpiresByType image/jpeg "access plus 1 year" | |
ExpiresByType image/gif "access plus 1 year" | |
ExpiresByType image/png "access plus 1 year" | |
ExpiresByType text/css "access plus 1 month" | |
ExpiresByType application/pdf "access plus 1 month" | |
ExpiresByType text/x-javascript "access plus 1 month" | |
ExpiresByType application/x-shockwave-flash "access plus 1 month" | |
ExpiresByType image/x-icon "access plus 1 year" | |
ExpiresDefault "access plus 2 days" | |
#Turn Off ETag | |
Header unset ETag | |
FileETag None | |
#Suppression si possible des cookies pour les fichiers plats | |
<IfModule mod_headers.c> | |
<FilesMatch "\\.(js|css|jpg|png|jpeg|gif)$"> | |
RequestHeader unset Cookie | |
Header unset Set-Cookie | |
Header set Cache-Control "max-age=86400" | |
</FilesMatch> | |
</IfModule> | |
<filesmatch ".(php|html|css|js)$"> | |
SetOutputFilter DEFLATE | |
</filesmatch> | |
Options +FollowSymLinks | |
</Directory> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment