Last active
December 14, 2022 09:41
-
-
Save cdsalmons/78b3b1b321b95f265c7f to your computer and use it in GitHub Desktop.
Base htaccess rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# v2 7/29/2015 | |
# prevent listing files in folders | |
Options -Indexes | |
# some security rules | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
# prevent php execution in uploads | |
RewriteRule /uploads/.*\.php - [F] | |
# login and signup page protection -- thanks to BulletProof Security | |
# reject spambots, hackerbots & proxies that use server protocol HTTP/1.0 or a blank user agent | |
RewriteCond %{REQUEST_URI} /wp-(login|signup)\.php | |
RewriteCond %{HTTP_USER_AGENT} ^$ [OR] | |
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] | |
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ | |
RewriteRule . - [F] | |
# Rules to help reduce spam | |
RewriteCond %{REQUEST_METHOD} POST | |
RewriteCond %{REQUEST_URI} /wp-comments-post\.php | |
#RewriteCond %{HTTP_REFERER} !^.*com.* | |
#RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR] | |
#RewriteCond %{HTTP_USER_AGENT} ^$ | |
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] | |
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ | |
RewriteRule . - [F] | |
# stop all access to the XML RPC API (e.g. pingbacks, but also apps!) | |
RewriteCond %{REQUEST_URI} /xmlrpc\.php | |
# uncomment next line to block bots with no user agent (browser version string) | |
#RewriteCond %{HTTP_USER_AGENT} ^$ [OR] | |
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] | |
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$ | |
RewriteRule . - [F] | |
# common vulnerabilities not permitted, scripts not found in WordPress | |
RewriteCond %{REQUEST_URI} /(login\.php|hello\.php|register\.php|tiki-register\.php|doku\.php|signup\.php|reg\.asp|Class/Post\.asp|post\.asp)$ | |
RewriteRule . - [F] | |
# spam botnet mounting some sort of attack | |
# @link http://webmasters.stackexchange.com/q/58871/38641 | |
RewriteCond %{REQUEST_URI} /RK=0/RS= | |
RewriteRule . - [F] | |
# Stop Crawler Spam | |
RewriteCond %{HTTP_REFERER} semalt\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} 100dollars\-seo\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} best\-seo\-solution\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} buttons\-for\-your\-website\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} forum69\.info [NC,OR] | |
RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} ranksonic\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} 7makemoneyonline\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} sharebutton\.net [NC,OR] | |
RewriteCond %{HTTP_REFERER} sitevaluation\.org [NC,OR] | |
RewriteCond %{HTTP_REFERER} dailyrank\.net [NC,OR] | |
RewriteCond %{HTTP_REFERER} videos\-for\-your\-business\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} semaltmedia\.com [NC,OR] | |
RewriteCond %{HTTP_REFERER} best\-seo\-offer\.com [NC] | |
RewriteRule .* - [F] | |
# Block attackers by agents | |
RewriteCond %{HTTP_USER_AGENT} ^.*WinHttp\.WinHttpRequest\.5.*$ | |
RewriteRule .* http://%{REMOTE_ADDR}/ [R,L] | |
</IfModule> | |
# set correct mime types for some files | |
AddType image/svg+xml .svg | |
AddType application/font-woff .woff | |
AddType application/x-font-ttf .ttf | |
AddType application/vnd.ms-fontobject .eot | |
AddType application/octet-stream .otf | |
AddType text/x-component .htc | |
# compress text, javascript, css, xml, fonts: | |
<IfModule mod_deflate.c> | |
AddOutputFilterByType DEFLATE text/html | |
AddOutputFilterByType DEFLATE text/plain text/css text/javascript text/x-component | |
AddOutputFilterByType DEFLATE application/xml application/rss+xml application/javascript application/x-javascript application/json | |
AddOutputFilterByType DEFLATE application/x-font-ttf application/vnd.ms-fontobject image/svg+xml | |
</IfModule> | |
# long expiry for javascript, css, images, fonts: | |
<IfModule mod_expires.c> | |
ExpiresActive On | |
ExpiresByType image/gif "access plus 1 month" | |
ExpiresByType image/png "access plus 1 month" | |
ExpiresByType image/jpeg "access plus 1 month" | |
ExpiresByType image/svg+xml "access plus 1 month" | |
ExpiresByType text/css "access plus 1 month" | |
ExpiresByType text/javascript "access plus 1 month" | |
ExpiresByType application/javascript "access plus 1 month" | |
ExpiresByType application/x-javascript "access plus 1 month" | |
ExpiresByType application/font-woff "access plus 1 month" | |
ExpiresByType application/x-font-ttf "access plus 1 month" | |
ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
</IfModule> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment