oneluiz/.htaccess

## .htaccess
<Files .htaccess>
order allow,deny
deny from all
</Files>

# Inyecciones SQL
# El uso del siguiente conjunto de reglas nos ayudará a filtrar la mayoría de estas situaciones:
RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
  RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
  RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
  RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
  RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
  RewriteRule .* - [F]

# Bloqueo de agentes y utilidades de línea de comandos
# Algunas herramientas de búsqueda y explotación de vulnerabilidades o los conocidos downloaders poseen agentes particulares y fáciles de detectar como: wget, curl, java, HTTrack, perl, etc
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|curl|wget|python|nikto|scan) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
RewriteRule .* - [F]

# Inclusión de archivos remotos (RFI) y compañía
# Mediante las técnicas de XSS o RFI se incluye en nuestra web un script albergado en otra URL, normalmente una web anfitriona que ya fue atacada previamente, que va a servir para alterar el comportamiento de nuestra aplicación y probablemente servir de puerta de entrada para algún backdoor o shell

RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule .* - [F]

# Page Error
ErrorDocument 404 404

Options +FollowSymLinks
RewriteEngine On

# Navegación de directorios
Options All -Indexes

# PHP redirect if any.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [L,QSA]

<ifmodule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
</ifmodule>

# 1 MES
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|js|xml|txt|css)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>

# 1 SEMANA
<FilesMatch "\.(html|htm|php)$">
Header set Cache-Control "max-age=604800, public, must-revalidate"
</FilesMatch>

# Enlaces amigables
RewriteRule ^noticia/(.+)/(.+)$ ver-noticia.php?id=$1&title=$2 [QSA]
RewriteRule ^habitacion/(.+)/(.+)$ ver-habitacion.php?id=$1&title=$2 [QSA]

# Idiomas en la vara de navigacion
#
# RewriteRule ^(es|en)/(.*)$  $2?idioma=$1 [L,QSA]
# RewriteRule ^(.*)$  $1?idioma=es [L,QSA]

## enlace.clase.php
<?php
/**
* Copyright (C) 2015 Luis Cortés
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
**/

class Enlace {

	public function LimpiaCadenaTexto($limpiar) {

		$chars = array(
			'?' => 'S', '?' => 's', 'Ð' => 'Dj','?' => 'Z', '?' => 'z', 'À' => 'A', 'Á' => 'A', 'Â' => 'A', 'Ã' => 'A', 'Ä' => 'A',
			'Å' => 'A', 'Æ' => 'A', 'Ç' => 'C', 'È' => 'E', 'É' => 'E', 'Ê' => 'E', 'Ë' => 'E', 'Ì' => 'I', 'Í' => 'I', 'Î' => 'I',
			'Ï' => 'I', 'Ñ' => 'N', 'Ò' => 'O', 'Ó' => 'O', 'Ô' => 'O', 'Õ' => 'O', 'Ö' => 'O', 'Ø' => 'O', 'Ù' => 'U', 'Ú' => 'U',
			'Û' => 'U', 'Ü' => 'U', 'Ý' => 'Y', 'Þ' => 'B', 'ß' => 'Ss','à' => 'a', 'á' => 'a', 'â' => 'a', 'ã' => 'a', 'ä' => 'a',
			'å' => 'a', 'æ' => 'a', 'ç' => 'c', 'è' => 'e', 'é' => 'e', 'ê' => 'e', 'ë' => 'e', 'ì' => 'i', 'í' => 'i', 'î' => 'i',
			'ï' => 'i', 'ð' => 'o', 'ñ' => 'n', 'ò' => 'o', 'ó' => 'o', 'ô' => 'o', 'õ' => 'o', 'ö' => 'o', 'ø' => 'o', 'ù' => 'u',
			'ú' => 'u', 'û' => 'u', 'ý' => 'y', 'ý' => 'y', 'þ' => 'b', 'ÿ' => 'y', 'ƒ' => 'f', ',' => '',  '.' => '',  ':' => '',
			';' => '',  '_' => '',  '<' => '',  '>' => '',  '\\'=> '',  'ª' => '',  'º' => '',  '!' => '',  '|' => '',  '"' => '',
			'@' => '',  '·' => '',  '#' => '',  '$' => '',  '~' => '',  '%' => '',  '€' => '',  '&' => '',  '¬' => '',  '/' => '',
			'(' => '',  ')' => '',  '=' => '',  '?' => '',  '\''=> '',  '¿' => '',  '¡' => '',  '`' => '',  '+' => '',  '´' => '',
			'ç' => '',  '^' => '',  '*' => '',  '¨' => '',  'Ç' => '',  '[' => '',  ']' => '',  '{' => '',  '}' => '',  '? '=> '-',
		);
		$limpiar = str_replace('&', '-and-', $limpiar);
		$limpiar = str_replace('.', '', $limpiar);
		$limpiar = strtolower(strtr($limpiar, $chars));
		$limpiar = str_replace(' ', '-', $limpiar);
		$limpiar = str_replace('--', '-', $limpiar);
		$limpiar = str_replace('--', '-', $limpiar);
		$limpiar = preg_replace('/[^\w\d_ -]/si', '', $limpiar);

		return trim($limpiar);

	}
}
	<Files .htaccess>
	order allow,deny
	deny from all
	</Files>

	# Inyecciones SQL
	# El uso del siguiente conjunto de reglas nos ayudará a filtrar la mayoría de estas situaciones:
	RewriteCond %{QUERY_STRING} (;\|<\|>\|’\|”\|\)\|%0A\|%0D\|%22\|%27\|%3C\|%3E\|%00).(/\\|union\|select\|insert\|cast\|set\|declare\|drop\|update\|md5\|benchmark) [NC,OR]
	RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
	RewriteCond %{QUERY_STRING} (localhost\|loopback\|127\.0\.0\.1) [NC,OR]
	RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
	RewriteCond %{QUERY_STRING} (<\|>\|’\|%0A\|%0D\|%27\|%3C\|%3E\|%00) [NC]
	RewriteRule .* - [F]

	# Bloqueo de agentes y utilidades de línea de comandos
	# Algunas herramientas de búsqueda y explotación de vulnerabilidades o los conocidos downloaders poseen agentes particulares y fáciles de detectar como: wget, curl, java, HTTrack, perl, etc
	RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
	RewriteCond %{HTTP_USER_AGENT} ^(java\|curl\|wget) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (winhttp\|HTTrack\|clshttp\|archiver\|loader\|email\|harvest\|extract\|grab\|miner) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (libwww-perl\|curl\|wget\|python\|nikto\|scan) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (<\|>\|’\|%0A\|%0D\|%27\|%3C\|%3E\|%00) [NC]
	RewriteRule .* - [F]

	# Inclusión de archivos remotos (RFI) y compañía
	# Mediante las técnicas de XSS o RFI se incluye en nuestra web un script albergado en otra URL, normalmente una web anfitriona que ya fue atacada previamente, que va a servir para alterar el comportamiento de nuestra aplicación y probablemente servir de puerta de entrada para algún backdoor o shell

	RewriteCond %{REQUEST_METHOD} GET
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
	RewriteRule .* - [F]

	# Page Error
	ErrorDocument 404 404

	Options +FollowSymLinks
	RewriteEngine On

	# Navegación de directorios
	Options All -Indexes

	# PHP redirect if any.
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteCond %{REQUEST_FILENAME}\.php -f
	RewriteRule ^(.*)$ $1.php [L,QSA]

	<ifmodule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/text text/html text/plain text/xml text/css application/x-javascript application/javascript text/javascript
	</ifmodule>

	# 1 MES
	<FilesMatch "\.(ico\|pdf\|flv\|jpg\|jpeg\|png\|gif\|swf\|js\|xml\|txt\|css)$">
	Header set Cache-Control "max-age=2592000, public"
	</FilesMatch>

	# 1 SEMANA
	<FilesMatch "\.(html\|htm\|php)$">
	Header set Cache-Control "max-age=604800, public, must-revalidate"
	</FilesMatch>

	# Enlaces amigables
	RewriteRule ^noticia/(.+)/(.+)$ ver-noticia.php?id=$1&title=$2 [QSA]
	RewriteRule ^habitacion/(.+)/(.+)$ ver-habitacion.php?id=$1&title=$2 [QSA]

	# Idiomas en la vara de navigacion
	#
	# RewriteRule ^(es\|en)/(.*)$ $2?idioma=$1 [L,QSA]
	# RewriteRule ^(.*)$ $1?idioma=es [L,QSA]
	<?php
	/**
	* Copyright (C) 2015 Luis Cortés
	*
	* This program is free software; you can redistribute it and/or modify
	* it under the terms of the GNU General Public License as published by
	* the Free Software Foundation; either version 2 of the License, or
	* (at your option) any later version.
	*
	* This program is distributed in the hope that it will be useful,
	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	* GNU General Public License for more details.
	*
	* You should have received a copy of the GNU General Public License
	* along with this program; if not, write to the Free Software
	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
	**/

	class Enlace {

	public function LimpiaCadenaTexto($limpiar) {

	$chars = array(
	'?' => 'S', '?' => 's', 'Ð' => 'Dj','?' => 'Z', '?' => 'z', 'À' => 'A', 'Á' => 'A', 'Â' => 'A', 'Ã' => 'A', 'Ä' => 'A',
	'Å' => 'A', 'Æ' => 'A', 'Ç' => 'C', 'È' => 'E', 'É' => 'E', 'Ê' => 'E', 'Ë' => 'E', 'Ì' => 'I', 'Í' => 'I', 'Î' => 'I',
	'Ï' => 'I', 'Ñ' => 'N', 'Ò' => 'O', 'Ó' => 'O', 'Ô' => 'O', 'Õ' => 'O', 'Ö' => 'O', 'Ø' => 'O', 'Ù' => 'U', 'Ú' => 'U',
	'Û' => 'U', 'Ü' => 'U', 'Ý' => 'Y', 'Þ' => 'B', 'ß' => 'Ss','à' => 'a', 'á' => 'a', 'â' => 'a', 'ã' => 'a', 'ä' => 'a',
	'å' => 'a', 'æ' => 'a', 'ç' => 'c', 'è' => 'e', 'é' => 'e', 'ê' => 'e', 'ë' => 'e', 'ì' => 'i', 'í' => 'i', 'î' => 'i',
	'ï' => 'i', 'ð' => 'o', 'ñ' => 'n', 'ò' => 'o', 'ó' => 'o', 'ô' => 'o', 'õ' => 'o', 'ö' => 'o', 'ø' => 'o', 'ù' => 'u',
	'ú' => 'u', 'û' => 'u', 'ý' => 'y', 'ý' => 'y', 'þ' => 'b', 'ÿ' => 'y', 'ƒ' => 'f', ',' => '', '.' => '', ':' => '',
	';' => '', '_' => '', '<' => '', '>' => '', '\\'=> '', 'ª' => '', 'º' => '', '!' => '', '\|' => '', '"' => '',
	'@' => '', '·' => '', '#' => '', '$' => '', '~' => '', '%' => '', '€' => '', '&' => '', '¬' => '', '/' => '',
	'(' => '', ')' => '', '=' => '', '?' => '', '\''=> '', '¿' => '', '¡' => '', '`' => '', '+' => '', '´' => '',
	'ç' => '', '^' => '', '*' => '', '¨' => '', 'Ç' => '', '[' => '', ']' => '', '{' => '', '}' => '', '? '=> '-',
	);
	$limpiar = str_replace('&', '-and-', $limpiar);
	$limpiar = str_replace('.', '', $limpiar);
	$limpiar = strtolower(strtr($limpiar, $chars));
	$limpiar = str_replace(' ', '-', $limpiar);
	$limpiar = str_replace('--', '-', $limpiar);
	$limpiar = str_replace('--', '-', $limpiar);
	$limpiar = preg_replace('/[^\w\d_ -]/si', '', $limpiar);

	return trim($limpiar);

	}
	}