Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Disable Server Signature
- ServerSignature Off
- # Disable Directory Browsing
- Options All -Indexes
- # HTACCESS File Security with Strong pattern matching
- <Files ~ "^.*\.([Hh][Tt][Aa])">
- Order allow,deny
- Deny from all
- Satisfy all
- </Files>
- # Protect sensitive files from client-side viewing
- <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|php\.info|bb-config\.php|error_log|error\.log|PHP_errors\.log|\.svn)">
- Deny from all
- </FilesMatch>
- #Limit File Uploading to 10MB.
- LimitRequestBody 10240000
- #Block Empty User-Agents and Referrers
- #RewriteCond %{HTTP_REFERER} ^$ [NC]
- #RewriteCond %{HTTP_USER_AGENT} ^$ [NC]
- #RewriteRule ^(.*)\.(ico|gif|jpe?g|jpg|png|bmp|swf)$ - [F,L]
- #Filter Request Methods
- #This filter blocks junk and spam bots from making HEAD requests
- #This rule also helps prevent CST and XSS attacks
- RewriteEngine On
- RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
- RewriteRule ^(.*)$ - [F,L]
- #File injection Protection (rfi and lfi)
- RewriteCond %{REQUEST_METHOD} GET
- RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
- RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
- RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]
- RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
- RewriteRule .* - [F]
- # SQLi Protection
- Options +FollowSymLinks
- RewriteEngine On
- RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
- RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
- RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
- RewriteRule ^(.*)$ index.php [F,L]
- # BEGIN W3TC Browser Cache
- <IfModule mod_deflate.c>
- <IfModule mod_setenvif.c>
- BrowserMatch ^Mozilla/4 gzip-only-text/html
- BrowserMatch ^Mozilla/4\.0[678] no-gzip
- BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
- BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
- </IfModule>
- <IfModule mod_headers.c>
- Header append Vary User-Agent env=!dont-vary
- </IfModule>
- <IfModule mod_filter.c>
- AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
- </IfModule>
- </IfModule>
- <FilesMatch "\.(css|js|htc|CSS|JS|HTC)$">
- FileETag None
- <IfModule mod_headers.c>
- Header set X-Powered-By "W3 Total Cache/0.9.2.5"
- </IfModule>
- </FilesMatch>
- <FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$">
- FileETag None
- <IfModule mod_headers.c>
- Header set X-Powered-By "W3 Total Cache/0.9.2.5"
- </IfModule>
- </FilesMatch>
- <FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
- FileETag None
- <IfModule mod_headers.c>
- Header set X-Powered-By "W3 Total Cache/0.9.2.5"
- </IfModule>
- </FilesMatch>
- # END W3TC Browser Cache
- #RewriteCond %{HTTP_HOST} ^blog\.yakuza112\.org$ [OR]
- #RewriteCond %{HTTP_HOST} ^www\.blog\.yakuza112\.org$
- #RewriteRule ^/?$ "http\:\/\/scenepirat\.to" [R=301,L]
- <IfModule mod_rewrite.c>
- RewriteEngine On
- ###### SSL Admin ######
- RewriteRule !^/wp-admin/(.*) - [C]
- RewriteRule ^/(.*) https://blog.yakuza112.org/$1 [QSA,L]
- ###### All SSL ######
- #RewriteCond %{SERVER_PORT} 80
- #RewriteRule ^(.*)$ https://blog.yakuza112.org/$1 [R,L]
- ###### User / Pass ######
- #AuthUserFile /*******/blog/.htpasswd
- #AuthType Basic
- #AuthName "123"
- #Require valid-user
- RewriteBase /
- ###### www2nowww ######
- #RewriteCond %{HTTP_HOST} ^/[^\.]+[^/]$
- #RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
- RewriteCond %{HTTP_HOST} ^/[^\.]+[^/]$
- RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1 [R=301,L]
- #RewriteCond %{HTTP_HOST} ^([^.]+)\.blog.yakuza112\.org$ [NC]
- #RewriteRule ^(.*)$ http://blog.yakuza112.org/$1 [R=301,L]
- ###### Add a "/" ######
- RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
- RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule . 404.php/ [L]
- #RewriteCond %{REQUEST_METHOD} POST
- #RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
- #RewriteCond %{HTTP_REFERER} !.*blog.yakuza112.org.* [OR]
- #RewriteCond %{HTTP_USER_AGENT} ^$
- #RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
- </IfModule>
- ###### Disable Directory Listing ######
- Options -Indexes
- ###### Schutz der wp-config.php, etc. ######
- <FilesMatch "(.htaccess|.htpasswd|wp-config.php|install-helper.php|liesmich.html|readme.html)">
- order deny,allow
- deny from all
- </FilesMatch>
- php_flag display_errors off
- #php_flag log_errors off
- #php_flag register_globals off
- #php_flag session.use_trans_sid off
- <Files 403.shtml>
- order allow,deny
- allow from all
- </Files>
- ###### PERISHABLE PRESS 4G BLACKLIST ######
- ###### ESSENTIALS ######
- RewriteEngine on
- ServerSignature Off
- Options All -Indexes
- Options +FollowSymLinks
- ###### FILTER REQUEST METHODS ######
- <IfModule mod_rewrite.c>
- RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
- RewriteRule ^(.*)$ - [F,L]
- </IfModule>
- ###### BLACKLIST CANDIDATES ######
- <Limit GET POST PUT>
- Order Allow,Deny
- Allow from all
- Deny from 75.126.85.215 "# blacklist candidate 2008-01-02 = admin-ajax.php attack "
- Deny from 128.111.48.138 "# blacklist candidate 2008-02-10 = cryptic character strings "
- Deny from 87.248.163.54 "# blacklist candidate 2008-03-09 = block administrative attacks "
- Deny from 84.122.143.99 "# blacklist candidate 2008-04-27 = block clam store loser "
- Deny from 210.210.119.145 "# blacklist candidate 2008-05-31 = block _vpi.xml attacks "
- Deny from 66.74.199.125 "# blacklist candidate 2008-10-19 = block mindless spider running "
- Deny from 203.55.231.100 "# 1048 attacks in 60 minutes"
- Deny from 24.19.202.10 "# 1629 attacks in 90 minutes"
- </Limit>
- ###### QUERY STRING EXPLOITS ######
- <IfModule mod_rewrite.c>
- RewriteCond %{QUERY_STRING} ../ [NC,OR]
- RewriteCond %{QUERY_STRING} boot.ini [NC,OR]
- #RewriteCond %{QUERY_STRING} tag= [NC,OR]
- RewriteCond %{QUERY_STRING} ftp: [NC,OR]
- RewriteCond %{QUERY_STRING} http: [NC,OR]
- RewriteCond %{QUERY_STRING} https: [NC,OR]
- RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
- # RewriteCond %{QUERY_STRING} ^.*([|]|(|)|<|>|'|"|;|?|*).* [NC,OR]
- # RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127.0).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(request|select|insert|union|declare|drop).* [NC]
- RewriteRule ^(.*)$ - [F,L]
- </IfModule>
- ###### Datei zum Regeln von IP-Bereichen ######
- Order deny,allow
- Allow from all
- # Sperre folgende IPs
- #deny from 127.1.1.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement