Last active
January 31, 2024 17:55
-
-
Save sublimecoder/11189887 to your computer and use it in GitHub Desktop.
Boilerplate .htaccess file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RewriteEngine on | |
RewriteBase / | |
Options -Indexes | |
# disallow access to special directories and feed back a 404 error | |
RedirectMatch 404 /\\.svn(/|$) | |
RedirectMatch 404 /\\.git(/|$) | |
# set headers that will override server defaults. | |
#Header set X-UA-Compatible "IE=9" | |
# ANYWHERE IN UA -- Block Bad Bots Greedy Regex | |
# Blocks a list of bots that are were unecessary for the applications I have created. | |
# note any of these bots can be removed from the listing | |
# make sure you know why you are blocking a bot or allowing it access. | |
# primary search engines are not blocked by this entry. | |
RewriteCond %{HTTP_USER_AGENT} ^.*(^$|CareerBot|CAUpdate|SiteExplorer|FreeBSD|ContextAd|YisouSpider|YahooCacheSystem|Synthomatic|Webmin|SEOENGWorldBot|ADmantX|linkdexbot|MojeekBot|niki\-bot|adidxbot|Scanmine|ia\_archiver|SuperPagesUrlVerifyBot|Apache\-HttpClient|PiplBot|ImageFetcher|pmoz|psbot|CATExplorador|Wget|EasouSpider|Add\ Catalog|PaperLiBot|Spiceworks|ZumBot|Java\/1\.7\.0\_45|Java\/1\.7\.0\_21|SemrushBot|Vigil|proximic|OpenfosBot|bitlybot|musobot|URLAppendBot|AboutUsBot|meanpathbot|Slurp|IstellaBot|GrapeshotCrawler|YandexImages|GarlikCrawler|A6\-Indexer|80legs|Aboundex|AcoiRobot|Acoon\ Robot|AhrefsBot|aihit|AlkalineBOT|AnzwersCrawl|Arachnoidea|ArchitextSpider|archive|Autonomy\ Spider|Baiduspider|BecomeBot|benderthewebrobot|BlackWidow|Bork\-edition|Bot\ mailto\:craftbot@yahoo\.com|botje|catchbot|changedetection|Charlotte|ChinaClaw|commoncrawl|ConveraCrawler|Covario|crawler|curl|Custo|data\ mining\ development\ project|DigExt|DISCo|discobot|discoveryengine|DOC|DoCoMo|DotBot|Download\ Demon|Download\ Ninja|eCatch|EirGrabber|EmailSiphon|EmailWolf|eurobot|Exabot|Express\ WebPictures|ExtractorPro|EyeNetIE|Ezooms|Fetch|Fetch\ API|filterdb|findfiles|findlinks|FlashGet|flightdeckreports|FollowSite\ Bot|Gaisbot|genieBot|GetRight|GetWeb\!|gigablast|Gigabot|Go\-Ahead\-Got\-It|Go\!Zilla|GrabNet|Grafula|GT\:\:WWW|hailoo|heritrix|HMView|houxou|HTTP\:\:Lite|HTTrack|ia\_archiver|IBM\ EVV|id\-search|IDBot|Image\ Stripper|Image\ Sucker|Indy\ Library|InterGET|Internet\ Ninja|internetmemory|ISC\ Systems\ iRc\ Search\ 2\.1|JetCar|JOC\ Web\ Spider|k2spider|larbin|larbin|LeechFTP|libghttp|libwww|libwww\-perl|linko|LinkWalker|lwp\-trivial|Mass\ Downloader|metadatalabs|MFC\_Tear\_Sample|Microsoft\ URL\ Control|MIDown\ tool|Missigua|Missigua\ Locator|Mister\ PiX|MJ12bot|MOREnet|MSIECrawler|msnbot|naver|Navroad|NearSite|Net\ Vampire|NetAnts|NetSpider|NetZIP|NextGenSearchBot|NPBot|Nutch|Octopus|Offline\ Explorer|Offline\ Explorer|Offline\ Navigator|omni\-explorer|PageGrabber|panscient|panscient\.com|Papa\ Foto|pavuk|pcBrowser|PECL\:\:HTTP|PHP/|PHPCrawl|picsearch|pipl|pmoz|PredictYourBabySearchToolbar|RealDownload|Referrer\ Karma|ReGet|reverseget|rogerbot|ScoutJet|SearchBot|seexie|seoprofiler|Servage\ Robot|SeznamBot|shopwiki|sindice|sistrix|SiteSnagger|SiteSnagger|smart\.apnoti\.com|SmartDownload|Snoopy|Sosospider|spbot|suggybot|SuperBot|SuperHTTP|SuperPagesUrlVerifyBot|Surfbot|SurveyBot|SurveyBot|swebot|Synapse|Tagoobot|tAkeOut|Teleport|Teleport\ Pro|TeleportPro|TweetmemeBot|TwengaBot|twiceler|UbiCrawler|uptimerobot|URI\:\:Fetch|urllib|User\-Agent|VoidEYE|VoilaBot|WBSearchBot|Web\ Image\ Collector|Web\ Sucker|WebAuto|WebCopier|WebCopier|WebFetch|WebGo\ IS|WebLeacher|WebReaper|WebSauger|Website\ eXtractor|Website\ Quester|WebStripper|WebStripper|WebWhacker|WebZIP|WebZIP|Wells\ Search\ II|WEP\ Search|Widow|winHTTP|WWWOFFLE|Xaldon\ WebSpider|Xenu|yacybot|yandex|YandexBot|yBot|YesupBot|YodaoBot|yolinkBot|youdao|Zao|Zealbot|Zeus|ZyBORG).*$ [NC] | |
RewriteRule .* - [R=403,L] | |
#SQL Injection Protection --Read More www.cybercrime.gov | |
# Block MySQL injections, RFI, base64, etc. | |
# a list of regex request blocking that will help block SQL injection. | |
# note: This is an added layer of defense, but these are not substitutes for good code practices in general. | |
# Please make sure you take all of the precautions in your code as well. | |
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] | |
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] | |
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR] | |
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR] | |
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR] | |
RewriteCond %{QUERY_STRING} ftp\: [NC,OR] | |
RewriteCond %{QUERY_STRING} http\: [NC,OR] | |
RewriteCond %{QUERY_STRING} https\: [NC,OR] | |
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] | |
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR] | |
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR] | |
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] | |
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR] | |
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR] | |
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | |
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR] | |
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR] | |
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR] | |
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR] | |
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR] | |
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR] | |
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] | |
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] | |
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR] | |
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR] | |
RewriteCond %{QUERY_STRING} (sp_executesql) [NC] | |
RewriteRule ^(.*)$ - [F,L] | |
# the below 2 lines can be used to block specific addresses. | |
# use this with caution | |
#RewriteCond %{REMOTE_ADDR} ^255\.255\.255\.255$ | |
#RewriteRule .* - [F] | |
#if image is requested then deliver as it is. otherwise not found message | |
RewriteCond %{REQUEST_URI} \.(bmp|gif|jpe?g|png|ico)$ | |
RewriteRule ^(.*)$ - [NC,L] | |
#if css or js file is requested then deliver as it is. otherwise not found message | |
RewriteCond %{REQUEST_URI} \.(css|js)$ | |
RewriteRule ^(.*)$ - [NC,L] | |
#if txt, doc, pdf,xls, or xml is requested then deliver as it is. otherwise not found message | |
RewriteCond %{REQUEST_URI} \.(txt|doc|pdf|xls|xml)$ | |
RewriteRule ^(.*)$ - [NC,L] | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment