Created
October 4, 2022 08:52
-
-
Save rumbis/4da33a313c056d5f2e839868e4d26fb4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ---------------------------------------------------------------------- | |
# | Activate CORS | |
# ---------------------------------------------------------------------- | |
<IfModule mod_headers.c> | |
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|mjs|gif|png|jpe?g|svg|svgz|ico|webp)$"> | |
Header set Access-Control-Allow-Origin "*" | |
</FilesMatch> | |
</IfModule> | |
<IfModule mod_alias.c> | |
RedirectMatch 403 (?i)\.php\.suspected | |
RedirectMatch 403 (?i)apple-app-site-association | |
RedirectMatch 403 (?i)/autodiscover/autodiscover.xml | |
</IfModule> | |
<IfModule mod_expires.c> | |
ExpiresActive on | |
ExpiresDefault "access plus 1 month" | |
# CSS | |
ExpiresByType text/css "access plus 1 year" | |
# Data interchange | |
ExpiresByType application/atom+xml "access plus 1 hour" | |
ExpiresByType application/rdf+xml "access plus 1 hour" | |
ExpiresByType application/rss+xml "access plus 1 hour" | |
ExpiresByType application/json "access plus 0 seconds" | |
ExpiresByType application/ld+json "access plus 0 seconds" | |
ExpiresByType application/schema+json "access plus 0 seconds" | |
ExpiresByType application/vnd.geo+json "access plus 0 seconds" | |
ExpiresByType application/xml "access plus 0 seconds" | |
ExpiresByType text/xml "access plus 0 seconds" | |
# Favicon (cannot be renamed!) and cursor images | |
ExpiresByType image/vnd.microsoft.icon "access plus 1 week" | |
ExpiresByType image/x-icon "access plus 1 week" | |
# HTML - No Caching | |
ExpiresByType text/html "access plus 0 seconds" | |
# JavaScript | |
ExpiresByType application/javascript "access plus 1 year" | |
ExpiresByType application/x-javascript "access plus 1 year" | |
ExpiresByType text/javascript "access plus 1 year" | |
# Manifest files | |
ExpiresByType application/manifest+json "access plus 1 week" | |
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
ExpiresByType text/cache-manifest "access plus 0 seconds" | |
# Media files | |
ExpiresByType audio/ogg "access plus 1 year" | |
ExpiresByType image/bmp "access plus 1 year" | |
ExpiresByType image/gif "access plus 1 year" | |
ExpiresByType image/jpeg "access plus 1 year" | |
ExpiresByType image/png "access plus 1 year" | |
ExpiresByType image/svg+xml "access plus 1 year" | |
ExpiresByType image/webp "access plus 1 year" | |
ExpiresByType video/mp4 "access plus 1 year" | |
ExpiresByType video/ogg "access plus 1 year" | |
ExpiresByType video/webm "access plus 1 year" | |
# Web fonts | |
# Embedded OpenType (EOT) | |
ExpiresByType application/vnd.ms-fontobject "access plus 1 year" | |
ExpiresByType font/eot "access plus 1 year" | |
# OpenType | |
ExpiresByType font/opentype "access plus 1 year" | |
# TrueType | |
ExpiresByType application/x-font-ttf "access plus 1 year" | |
# Web Open Font Format (WOFF) 1.0 | |
ExpiresByType application/font-woff "access plus 1 year" | |
ExpiresByType application/x-font-woff "access plus 1 year" | |
ExpiresByType font/woff "access plus 1 year" | |
# Web Open Font Format (WOFF) 2.0 | |
ExpiresByType application/font-woff2 "access plus 1 year" | |
# Other | |
ExpiresByType text/x-cross-domain-policy "access plus 1 week" | |
</IfModule> | |
<IfModule mod_deflate.c> | |
# Insert filters / compress text, html, javascript, css, xml: | |
AddOutputFilterByType DEFLATE text/plain | |
AddOutputFilterByType DEFLATE text/html | |
AddOutputFilterByType DEFLATE text/xml | |
AddOutputFilterByType DEFLATE text/css | |
AddOutputFilterByType DEFLATE text/vtt | |
AddOutputFilterByType DEFLATE text/x-component | |
AddOutputFilterByType DEFLATE application/xml | |
AddOutputFilterByType DEFLATE application/xhtml+xml | |
AddOutputFilterByType DEFLATE application/rss+xml | |
AddOutputFilterByType DEFLATE application/js | |
AddOutputFilterByType DEFLATE application/javascript | |
AddOutputFilterByType DEFLATE application/x-javascript | |
AddOutputFilterByType DEFLATE application/x-httpd-php | |
AddOutputFilterByType DEFLATE application/x-httpd-fastphp | |
AddOutputFilterByType DEFLATE application/atom+xml | |
AddOutputFilterByType DEFLATE application/json | |
AddOutputFilterByType DEFLATE application/ld+json | |
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject | |
AddOutputFilterByType DEFLATE application/x-font-ttf | |
AddOutputFilterByType DEFLATE application/font-woff2 | |
AddOutputFilterByType DEFLATE application/x-font-woff | |
AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff | |
AddOutputFilterByType DEFLATE font/woff | |
AddOutputFilterByType DEFLATE font/opentype | |
AddOutputFilterByType DEFLATE image/svg+xml | |
AddOutputFilterByType DEFLATE image/x-icon | |
# Exception: Images | |
SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary | |
# Set Keep Alive Header | |
<IfModule mod_headers.c> | |
Header set Connection keep-alive | |
</IfModule> | |
# ---------------------------------------------------------------------- | |
# | 7G Firewall for Security - Do not change this part @Update 2021 | |
# ---------------------------------------------------------------------- | |
# 7G:[CORE] | |
# 7G:[QUERY STRING] | |
<IfModule mod_rewrite.c> | |
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] | |
RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR] | |
RewriteCond %{QUERY_STRING} (order(\s|%20)by(\s|%20)1--) [NC,OR] | |
RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR] | |
RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR] | |
RewriteCond %{QUERY_STRING} (ckfinder|fck|fckeditor|fullclick) [NC,OR] | |
RewriteCond %{QUERY_STRING} ((.*)header:|(.*)set-cookie:(.*)=) [NC,OR] | |
RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR] | |
RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR] | |
RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR] | |
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR] | |
RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR] | |
RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR] | |
RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR] | |
RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR] | |
RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR] | |
RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] | |
RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR] | |
RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] | |
RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR] | |
RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|\[|%[0-9A-Z]{0,2}) [NC,OR] | |
RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|\[|%[0-9A-Z]{2,}) [NC,OR] | |
RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR] | |
RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR] | |
RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR] | |
RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update) [NC,OR] | |
RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR] | |
RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR] | |
RewriteCond %{QUERY_STRING} (concat|eval)(.*)(\(|%28) [NC] | |
RewriteRule .* - [F,L] | |
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3] | |
</IfModule> | |
# 7G:[REQUEST URI] | |
<IfModule mod_rewrite.c> | |
RewriteCond %{REQUEST_URI} (\^|`|<|>|\\|\|) [NC,OR] | |
RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR] | |
RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR] | |
RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR] | |
RewriteCond %{REQUEST_URI} /((.*)header:|(.*)set-cookie:(.*)=) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(ckfinder|fck|fckeditor|fullclick) [NC,OR] | |
RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR] | |
RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR] | |
RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR] | |
RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR] | |
RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR] | |
RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR] | |
RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR] | |
RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)?j((\s)+)?a((\s)+)?v((\s)+)?a((\s)+)?s((\s)+)?c((\s)+)?r((\s)+)?i((\s)+)?p((\s)+)?t((\s)+)?(%3a|:) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-my-admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR] | |
RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR] | |
RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3index|3xp|70bex?|admin_events|bkht|(php|web)?shell|c99|config(\.)?bak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|libsoft|marg|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|(web-?|wp-)?(conf\b|config(uration)?)|xertive)(\.php) [NC,OR] | |
RewriteCond %{REQUEST_URI} (\.)(7z|ab4|ace|afm|ashx|aspx?|bash|ba?k?|bin|bz2|cfg|cfml?|cgi|conf\b|config|ctl|dat|db|dist|dll|eml|engine|env|et2|exe|fec|fla|git|hg|inc|ini|inv|jsp|log|lqd|make|mbf|mdb|mmw|mny|module|old|one|orig|out|passwd|pdb|phtml|pl|profile|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|save|sdb|sql|sh|soa|svn|swf|swl|swo|swp|stx|tar|tax|tgz|theme|tls|tmd|wow|xtmpl|ya?ml|zlib)$ [NC] | |
RewriteRule .* - [F,L] | |
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3] | |
</IfModule> | |
# 7G:[USER AGENT] | |
<IfModule mod_rewrite.c> | |
RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR] | |
RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC] | |
RewriteRule .* - [F,L] | |
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1] | |
</IfModule> | |
# 7G:[REMOTE HOST] | |
<IfModule mod_rewrite.c> | |
RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC] | |
RewriteRule .* - [F,L] | |
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1] | |
</IfModule> | |
# 7G:[REQUEST METHOD] | |
<IfModule mod_rewrite.c> | |
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC] | |
RewriteRule .* - [F,L] | |
# RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1] | |
</IfModule> | |
<IfModule mod_rewrite.c> | |
# RewriteCond %{REQUEST_URI} /php(unit)?/ [NC,OR] | |
# RewriteCond %{REQUEST_URI} \.(aspx?|env|git(ignore)?|phtml|rar|well-known) [NC,OR] | |
# RewriteCond %{REQUEST_URI} /(cms|control_panel|dashboard|home_url=|lr-admin|manager|panel|staff|webadmin) [NC,OR] | |
# RewriteCond %{REQUEST_URI} /(adm(in)?|blog|cache|checkout|controlpanel|ecommerce|export|magento(-1|web)?|market(place)?|mg|onli(n|k)e|orders?|shop|tmplconnector|uxm|web?store)/ [NC,OR] | |
RewriteCond %{REQUEST_URI} (_timthumb_|timthumb.php) [NC,OR] | |
RewriteCond %{REQUEST_URI} /(install|wp-config|xmlrpc)\.php [NC,OR] | |
RewriteCond %{REQUEST_URI} /(uploadify|uploadbg|up__uzegp)\.php [NC,OR] | |
RewriteCond %{REQUEST_URI} /(comm\.js|mysql-date-function|simplebootadmin|vuln\.htm|www\.root\.) [NC,OR] | |
RewriteCond %{REQUEST_URI} /(admin-uploadify|fileupload|jquery-file-upload|upload_file|upload|uploadify|webforms)/ [NC,OR] | |
RewriteCond %{REQUEST_URI} /(ajax_pluginconf|apikey|connector(.minimal)?|eval-stdin|f0x|login|router|setup-config|sssp|vuln|xattacker)\.php [NC] | |
RewriteRule .* - [F,L] | |
</IfModule> | |
# ---------------------------------------------------------------------- | |
# Block WordPress files from outside access | |
# ---------------------------------------------------------------------- | |
# No access to the install.php | |
<files install.php> | |
Order allow,deny | |
Deny from all | |
</files> | |
# No access to the wp-config.php | |
<files wp-config.php> | |
Order allow,deny | |
Deny from all | |
</files> | |
# No access to the readme.html | |
<files readme.html> | |
Order Allow,Deny | |
Deny from all | |
Satisfy all | |
</Files> | |
# No access to the liesmich.html for DE Edition | |
<Files liesmich.html> | |
Order Allow,Deny | |
Deny from all | |
Satisfy all | |
</Files> | |
# No error log access | |
<files error_log> | |
Order allow,deny | |
Deny from all | |
</files> | |
#No access to the .htaccess und .htpasswd | |
<FilesMatch "(\.htaccess|\.htpasswd)"> | |
Order deny,allow | |
Deny from all | |
</FilesMatch> | |
# Block access to includes folder | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteBase / | |
RewriteRule ^wp-admin/includes/ - [F,L] | |
RewriteRule !^wp-includes/ - [S=3] | |
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] | |
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] | |
RewriteRule ^wp-includes/theme-compat/ - [F,L] | |
</IfModule> | |
<IfModule mod_rewrite.c> | |
RewriteCond %{REQUEST_METHOD} .* [NC] | |
RewriteCond %{THE_REQUEST} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC,OR] | |
RewriteCond %{QUERY_STRING} (YesThisIsAReallyLongRequest|ScanningForResearchPurpose) [NC] | |
RewriteRule .* - [F,L] | |
</IfModule> | |
#<IfModule mod_rewrite.c> | |
# RewriteEngine on | |
# RewriteCond %{HTTP_REFERER} !^$ | |
# RewriteCond %{REQUEST_FILENAME} -f | |
# RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC] | |
# RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?domain\. [NC] | |
# RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L] | |
#</ifModule> | |
# ---------------------------------------------------------------------- | |
# Protect your WordPress Login with HTTP Authentification | |
# ---------------------------------------------------------------------- | |
# If you want to use it, comment it out and set your path to .htpasswd | |
#<Files wp-login.php> | |
#AuthName "Admin-Bereich" | |
#AuthType Basic | |
#AuthUserFile /usr/local/www/apache24/your-path/your-domain.com/.htpasswd | |
#require valid-user | |
#</Files> | |
# ---------------------------------------------------------------------- | |
# Switch off the security risk XML-RPC interface completely | |
# ---------------------------------------------------------------------- | |
<Files xmlrpc.php> | |
Order Deny,Allow | |
Deny from all | |
</Files> | |
### UPDATE 2022 | |
## No-Referrer-Header | |
<IfModule mod_headers.c> | |
Header set Referrer-Policy "no-referrer" | |
</IfModule> | |
## Strict Origin when cross origin Header | |
#@see https://scotthelme.co.uk/a-new-security-header-referrer-policy/ | |
#<IfModule mod_headers.c> | |
#Header set Referrer-Policy "strict-origin-when-cross-origin" | |
#</IfModule> | |
## X-FRAME-OPTIONS-Header | |
<IfModule mod_headers.c> | |
Header set X-Frame-Options "sameorigin" | |
</IfModule> | |
## X-XSS-PROTECTION-Header | |
<IfModule mod_headers.c> | |
Header set X-XSS-Protection "1; mode=block" | |
</IfModule> | |
## X-Content-Type-Options-Header | |
<IfModule mod_headers.c> | |
Header set X-Content-Type-Options "nosniff" | |
</IfModule> | |
## Strict-Transport-Security-Header - for HTTPS | |
<IfModule mod_headers.c> | |
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" | |
</IfModule> | |
# Upgrade Insecure Requests to prevent mixed content | |
<ifModule mod_headers.c> | |
Header always set Content-Security-Policy "upgrade-insecure-requests" | |
</IfModule> | |
# ---------------------------------------------------------------------- | |
# The original WordPress Rewrite Rules - Do not change anything here, | |
# except you are using a WordPress Multisite | |
# ---------------------------------------------------------------------- | |
# BEGIN WordPress. | |
<IfModule mod_rewrite.c> | |
RewriteEngine On | |
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | |
RewriteBase / | |
RewriteRule ^index\.php$ - [L] | |
RewriteCond %{REQUEST_FILENAME} !-f | |
RewriteCond %{REQUEST_FILENAME} !-d | |
RewriteRule . /index.php [L] | |
</IfModule> | |
# END WordPress | |
# Wordfence WAF | |
<Files ".user.ini"> | |
<IfModule mod_authz_core.c> | |
Require all denied | |
</IfModule> | |
<IfModule !mod_authz_core.c> | |
Order deny,allow | |
Deny from all | |
</IfModule> | |
</Files> | |
# END Wordfence WAF | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment