Created
December 7, 2020 08:43
-
-
Save elliottmangham/7126de36bb701cb1a999546574026514 to your computer and use it in GitHub Desktop.
Apache / .htaccess (by Andreas Hecht)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ######################################################################## | |
| # OPTIMAL .htaccess FILE FOR SPEED AND SECURITY @Version 2020 | |
| # ---------------------------------------------------------------------- | |
| # @Author: Andreas Hecht | |
| # @Author URI: https://seoagentur-hamburg.com | |
| # License: GNU General Public License v2 or later | |
| # License URI: http://www.gnu.org/licenses/gpl-2.0.html | |
| ######################################################################## | |
| # ---------------------------------------------------------------------- | |
| # Rewrite from HTTP to HTTPS - if you want to use it, comment it out | |
| # ---------------------------------------------------------------------- | |
| #<IfModule mod_rewrite.c> | |
| #RewriteEngine On | |
| #RewriteCond %{HTTPS} !=on | |
| #RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] | |
| #</IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Activate CORS | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$"> | |
| Header set Access-Control-Allow-Origin "*" | |
| </FilesMatch> | |
| </IfModule> | |
| # ----------------------------------------------------------------------- | |
| # | 404 Fix: Block Nuisance Requests for Non-Existent Files - New in 2018 | |
| # https://perishablepress.com/block-nuisance-requests - @Update 2019 | |
| # ----------------------------------------------------------------------- | |
| <IfModule mod_alias.c> | |
| RedirectMatch 403 (?i)\.php\.suspected | |
| RedirectMatch 403 (?i)apple-app-site-association | |
| RedirectMatch 403 (?i)/autodiscover/autodiscover.xml | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Compressing and Caching - Version 2020 | | |
| # ---------------------------------------------------------------------- | |
| # Serve resources with far-future expires headers. | |
| # | |
| # (!) If you don't control versioning with filename-based | |
| # cache busting, you should consider lowering the cache times | |
| # to something like one week. | |
| # | |
| # https://httpd.apache.org/docs/current/mod/mod_expires.html | |
| <IfModule mod_expires.c> | |
| ExpiresActive on | |
| ExpiresDefault "access plus 1 month" | |
| # CSS | |
| ExpiresByType text/css "access plus 1 year" | |
| # Data interchange | |
| ExpiresByType application/atom+xml "access plus 1 hour" | |
| ExpiresByType application/rdf+xml "access plus 1 hour" | |
| ExpiresByType application/rss+xml "access plus 1 hour" | |
| ExpiresByType application/json "access plus 0 seconds" | |
| ExpiresByType application/ld+json "access plus 0 seconds" | |
| ExpiresByType application/schema+json "access plus 0 seconds" | |
| ExpiresByType application/vnd.geo+json "access plus 0 seconds" | |
| ExpiresByType application/xml "access plus 0 seconds" | |
| ExpiresByType text/xml "access plus 0 seconds" | |
| # Favicon (cannot be renamed!) and cursor images | |
| ExpiresByType image/vnd.microsoft.icon "access plus 1 week" | |
| ExpiresByType image/x-icon "access plus 1 week" | |
| # HTML - No Caching | |
| ExpiresByType text/html "access plus 0 seconds" | |
| # JavaScript | |
| ExpiresByType application/javascript "access plus 1 year" | |
| ExpiresByType application/x-javascript "access plus 1 year" | |
| ExpiresByType text/javascript "access plus 1 year" | |
| # Manifest files | |
| ExpiresByType application/manifest+json "access plus 1 week" | |
| ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
| ExpiresByType text/cache-manifest "access plus 0 seconds" | |
| # Update 2020: Google recommendation: cache duration increased to 1 year | |
| # @see: https://web.dev/uses-long-cache-ttl/ | |
| # Media files | |
| ExpiresByType audio/ogg "access plus 1 year" | |
| ExpiresByType image/bmp "access plus 1 year" | |
| ExpiresByType image/gif "access plus 1 year" | |
| ExpiresByType image/jpeg "access plus 1 year" | |
| ExpiresByType image/png "access plus 1 year" | |
| ExpiresByType image/svg+xml "access plus 1 year" | |
| ExpiresByType image/webp "access plus 1 year" | |
| ExpiresByType video/mp4 "access plus 1 year" | |
| ExpiresByType video/ogg "access plus 1 year" | |
| ExpiresByType video/webm "access plus 1 year" | |
| # Web fonts | |
| # Embedded OpenType (EOT) | |
| ExpiresByType application/vnd.ms-fontobject "access plus 1 year" | |
| ExpiresByType font/eot "access plus 1 year" | |
| # OpenType | |
| ExpiresByType font/opentype "access plus 1 year" | |
| # TrueType | |
| ExpiresByType application/x-font-ttf "access plus 1 year" | |
| # Web Open Font Format (WOFF) 1.0 | |
| ExpiresByType application/font-woff "access plus 1 year" | |
| ExpiresByType application/x-font-woff "access plus 1 year" | |
| ExpiresByType font/woff "access plus 1 year" | |
| # Web Open Font Format (WOFF) 2.0 | |
| ExpiresByType application/font-woff2 "access plus 1 year" | |
| # Other | |
| ExpiresByType text/x-cross-domain-policy "access plus 1 week" | |
| </IfModule> | |
| <IfModule mod_deflate.c> | |
| # Insert filters / compress text, html, javascript, css, xml: | |
| AddOutputFilterByType DEFLATE text/plain | |
| AddOutputFilterByType DEFLATE text/html | |
| AddOutputFilterByType DEFLATE text/xml | |
| AddOutputFilterByType DEFLATE text/css | |
| AddOutputFilterByType DEFLATE text/vtt | |
| AddOutputFilterByType DEFLATE text/x-component | |
| AddOutputFilterByType DEFLATE application/xml | |
| AddOutputFilterByType DEFLATE application/xhtml+xml | |
| AddOutputFilterByType DEFLATE application/rss+xml | |
| AddOutputFilterByType DEFLATE application/js | |
| AddOutputFilterByType DEFLATE application/javascript | |
| AddOutputFilterByType DEFLATE application/x-javascript | |
| AddOutputFilterByType DEFLATE application/x-httpd-php | |
| AddOutputFilterByType DEFLATE application/x-httpd-fastphp | |
| AddOutputFilterByType DEFLATE application/atom+xml | |
| AddOutputFilterByType DEFLATE application/json | |
| AddOutputFilterByType DEFLATE application/ld+json | |
| AddOutputFilterByType DEFLATE application/vnd.ms-fontobject | |
| AddOutputFilterByType DEFLATE application/x-font-ttf | |
| AddOutputFilterByType DEFLATE application/font-woff2 | |
| AddOutputFilterByType DEFLATE application/x-font-woff | |
| AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff | |
| AddOutputFilterByType DEFLATE font/woff | |
| AddOutputFilterByType DEFLATE font/opentype | |
| AddOutputFilterByType DEFLATE image/svg+xml | |
| AddOutputFilterByType DEFLATE image/x-icon | |
| # Exception: Images | |
| SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary | |
| # Drop problematic browsers | |
| BrowserMatch ^Mozilla/4 gzip-only-text/html | |
| BrowserMatch ^Mozilla/4\.0[678] no-gzip | |
| BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html | |
| # Make sure proxies don't deliver the wrong content | |
| Header append Vary User-Agent env=!dont-vary | |
| </IfModule> | |
| #Alternative caching using Apache's "mod_headers", if it's installed. | |
| #Caching of common files - ENABLED | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$"> | |
| Header set Cache-Control "max-age=31536000, public" | |
| </FilesMatch> | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(js|css|xml|gz)$"> | |
| Header append Vary Accept-Encoding | |
| </FilesMatch> | |
| </IfModule> | |
| # Set Keep Alive Header | |
| <IfModule mod_headers.c> | |
| Header set Connection keep-alive | |
| </IfModule> | |
| # If your server don't support ETags deactivate with "None" (and remove header) | |
| <IfModule mod_expires.c> | |
| <IfModule mod_headers.c> | |
| Header unset ETag | |
| </IfModule> | |
| FileETag None | |
| </IfModule> | |
| <IfModule mod_headers.c> | |
| <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$"> | |
| Header append Vary: Accept-Encoding | |
| </FilesMatch> | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | 7G Firewall for Security - Do not change this part @Update 2020 | |
| # ---------------------------------------------------------------------- | |
| # 7G FIREWALL v1.2 20190727 - Live-Version 02/2020 | |
| # @ https://perishablepress.com/7g-firewall/ | |
| # 7G:[CORE] | |
| ServerSignature Off | |
| Options -Indexes | |
| RewriteEngine On | |
| RewriteBase / | |
| # 7G:[QUERY STRING] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_URI} !(7g_log.php) [NC] | |
| RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (~|`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[|%[a-z0-9]{0,2}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{0,2}) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curltest|disable_functions?|document_root|elastix|encodeuricom|exec|exploit|fclose|fgets|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|load_file|null|open_basedir|outfile|passthru|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|wget|xertive) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR] | |
| RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC] | |
| RewriteRule .* - [F,L] | |
| # RewriteRule .* /7g_log.php?log [L,NE,E=7G_QUERY_STRING:%1___%2___%3] | |
| </IfModule> | |
| # 7G:[REQUEST URI] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_URI} !(7g_log.php) [NC] | |
| RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\^|~|`|<|>|,|%|\\|\{|\}|\[|\]|\|) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR] | |
| RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR] | |
| RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR] | |
| RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\.)(conf(ig)?|ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)((php|web)?shell|conf(ig)?|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|sql|system|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|e?chr|eval|exec|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR] | |
| RewriteCond %{REQUEST_URI} (\.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|conf(ig)?|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR] | |
| RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|ucp|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC] | |
| RewriteRule .* - [F,L] | |
| # RewriteRule .* /7g_log.php?log [L,NE,E=7G_REQUEST_URI:%1___%2___%3] | |
| </IfModule> | |
| # 7G:[USER AGENT] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_URI} !(7g_log.php) [NC] | |
| RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|seznambot|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC] | |
| RewriteRule .* - [F,L] | |
| # RewriteRule .* /7g_log.php?log [L,NE,E=7G_USER_AGENT:%1] | |
| </IfModule> | |
| # 7G:[REMOTE HOST] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_URI} !(7g_log.php) [NC] | |
| RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC] | |
| RewriteRule .* - [F,L] | |
| # RewriteRule .* /7g_log.php?log [L,NE,E=7G_REMOTE_HOST:%1] | |
| </IfModule> | |
| # 7G:[HTTP REFERRER] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_URI} !(7g_log.php) [NC] | |
| RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR] | |
| RewriteCond %{HTTP_REFERER} (ambien|blue\spill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC] | |
| RewriteRule .* - [F,L] | |
| # RewriteRule .* /7g_log.php?log [L,NE,E=7G_HTTP_REFERRER:%1] | |
| </IfModule> | |
| # 7G:[REQUEST METHOD] | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_URI} !(7g_log.php) [NC] | |
| RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC] | |
| RewriteRule .* - [F,L] | |
| # RewriteRule .* /7g_log.php?log [L,NE,E=7G_REQUEST_METHOD:%1] | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # Block WordPress files from outside access | |
| # ---------------------------------------------------------------------- | |
| # No access to the install.php | |
| <files install.php> | |
| Order allow,deny | |
| Deny from all | |
| </files> | |
| # No access to the wp-config.php | |
| <files wp-config.php> | |
| Order allow,deny | |
| Deny from all | |
| </files> | |
| # No access to the readme.html | |
| <files readme.html> | |
| Order Allow,Deny | |
| Deny from all | |
| Satisfy all | |
| </Files> | |
| # No access to the liesmich.html for DE Edition | |
| <Files liesmich.html> | |
| Order Allow,Deny | |
| Deny from all | |
| Satisfy all | |
| </Files> | |
| # No error log access | |
| <files error_log> | |
| Order allow,deny | |
| Deny from all | |
| </files> | |
| #No access to the .htaccess und .htpasswd | |
| <FilesMatch "(\.htaccess|\.htpasswd)"> | |
| Order deny,allow | |
| Deny from all | |
| </FilesMatch> | |
| # Block access to includes folder | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^wp-admin/includes/ - [F,L] | |
| RewriteRule !^wp-includes/ - [S=3] | |
| RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
| RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
| RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Blocking the »ReallyLongRequest« Bandit - New in 2018 | |
| # https://perishablepress.com/blocking-reallylongrequest-bandit/ | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_rewrite.c> | |
| RewriteCond %{REQUEST_METHOD} .* [NC] | |
| RewriteCond %{THE_REQUEST} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR] | |
| RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC] | |
| RewriteRule .* - [F,L] | |
| </IfModule> | |
| # -------------------------------------------------------------------------------------------- | |
| # Ultimate hotlink protection - IMPORTANT: Change »?domain\« in line 361 to your domain name | |
| # Example: ?andreas-hecht\ ### if you do not use https, change https in line 361 to http | |
| # -------------------------------------------------------------------------------------------- | |
| #<IfModule mod_rewrite.c> | |
| # RewriteEngine on | |
| # RewriteCond %{HTTP_REFERER} !^$ | |
| # RewriteCond %{REQUEST_FILENAME} -f | |
| # RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] | |
| # RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain\. [NC] | |
| # RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] | |
| #</ifModule> | |
| # ---------------------------------------------------------------------- | |
| # Protect your WordPress Login with HTTP Authentification | |
| # ---------------------------------------------------------------------- | |
| # If you want to use it, comment it out and set your path to .htpasswd | |
| #<Files wp-login.php> | |
| #AuthName "Admin-Bereich" | |
| #AuthType Basic | |
| #AuthUserFile /usr/local/www/apache24/your-path/your-domain.com/.htpasswd | |
| #require valid-user | |
| #</Files> | |
| # ---------------------------------------------------------------------- | |
| # Switch off the security risk XML-RPC interface completely | |
| # ---------------------------------------------------------------------- | |
| ### @see https://digwp.com/2009/06/xmlrpc-php-security/ | |
| <Files xmlrpc.php> | |
| Order Deny,Allow | |
| Deny from all | |
| </Files> | |
| # ----------------------------------------------------------------------------- | |
| # HTTP SECURITY HEADER | Test on: https://securityheaders.com | UPDATE 2019 | |
| # ----------------------------------------------------------------------------- | |
| ### @see https://scotthelme.co.uk/hardening-your-http-response-headers | |
| ### UPDATE 2019 | |
| ## No-Referrer-Header | |
| <IfModule mod_headers.c> | |
| Header set Referrer-Policy "no-referrer" | |
| </IfModule> | |
| ## X-FRAME-OPTIONS-Header | |
| <IfModule mod_headers.c> | |
| Header set X-Frame-Options "sameorigin" | |
| </IfModule> | |
| ## X-XSS-PROTECTION-Header | |
| <IfModule mod_headers.c> | |
| Header set X-XSS-Protection "1; mode=block" | |
| </IfModule> | |
| ## X-Content-Type-Options-Header | |
| <IfModule mod_headers.c> | |
| Header set X-Content-Type-Options "nosniff" | |
| </IfModule> | |
| ## Strict-Transport-Security-Header - if you are using https on your website, comment this block out | |
| #<IfModule mod_headers.c> | |
| # Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
| #</IfModule> | |
| ## This prevents that false issued certificates for this website can be used unnoticed. (Experimental) | |
| ## @see https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct-02 | |
| <IfModule mod_headers.c> | |
| Header set Expect-CT "enforce, max-age=21600" | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # The original WordPress Rewrite Rules - Do not change anything here, | |
| # except you are using a WordPress Multisite | |
| # ---------------------------------------------------------------------- | |
| # BEGIN WordPress | |
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| RewriteBase / | |
| RewriteRule ^index\.php$ - [L] | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteCond %{REQUEST_FILENAME} !-d | |
| RewriteRule . /index.php [L] | |
| </IfModule> | |
| # END WordPress |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I don't understand line 361, you said write domain, but there is no domain extension in your example.