<VirtualHost *:80> ServerName blindscribblings.com ServerAdmin webmaster@bli

1. <VirtualHost *:80>
2. ServerName blindscribblings.com
3. ServerAdmin webmaster@blindscribblings.com
4. ServerAlias www.blindscribblings.com
5.  
6. DocumentRoot /var/www
7. <Directory /var/www/>
8. AddType image/x-icon .ico
9. Options Indexes FollowSymLinks MultiViews
10. AllowOverride None
11. Order allow,deny
12. allow from all
13. <ifModule mod_deflate.c>
14. AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript
15. BrowserMatch ^Mozilla/4 gzip-only-text/html
16. BrowserMatch ^Mozilla/4\.0[678] no-gzip
17. BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
18. </ifModule>
19.  
20. # BULLETPROOF .47.1 >>>>>>> SECURE .HTACCESS
21. # BEGIN WordPress
22. ServerSignature Off
23. Options -Indexes
24. DirectoryIndex index.php index.html /index.php
25. ErrorDocument 404 /404.php
26. RedirectMatch 403 /\..*$
27. RewriteEngine On
28. RewriteBase /
29. RewriteRule ^wp-admin/includes/ - [F,L]
30. RewriteRule !^wp-includes/ - [S=3]
31. RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
32. RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
33. RewriteRule ^wp-includes/theme-compat/ - [F,L]
34. RewriteRule ^index\.php$ - [L]
35.  
36. RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK|DEBUG) [NC]
37. RewriteRule ^(.*)$ - [F,L]
38.  
39. # BuddyPress Logout Redirect
40. RewriteCond %{QUERY_STRING} action=logout&redirect_to=http%3A%2F%2F(.*) [NC]
41. RewriteRule . - [S=6]
42. # redirect_to=
43. RewriteCond %{QUERY_STRING} redirect_to=(.*) [NC]
44. RewriteRule . - [S=5]
45. # Login Plugins Password Reset And Redirect 1
46. RewriteCond %{QUERY_STRING} action=resetpass&key=(.*) [NC]
47. RewriteRule . - [S=4]
48. # Login Plugins Password Reset And Redirect 2
49. RewriteCond %{QUERY_STRING} action=rp&key=(.*) [NC]
50. RewriteRule . - [S=3]
51.  
52. RewriteCond %{HTTP_USER_AGENT} (libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
53. RewriteCond %{HTTP_USER_AGENT} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
54. RewriteCond %{HTTP_USER_AGENT} (;|<|>|'|"|\)|\(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|java|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
55. RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
56. RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]
57. RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
58. RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
59. RewriteCond %{THE_REQUEST} (%0A|%0D|\\r|\\n) [NC,OR]
60. RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
61. RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
62. RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
63. RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
64. RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
65. RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
66. RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]
67. RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
68. RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]
69. RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
70. RewriteCond %{QUERY_STRING} http\: [NC,OR]
71. RewriteCond %{QUERY_STRING} https\: [NC,OR]
72. RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
73. RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
74. RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
75. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
76. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
77. RewriteCond %{QUERY_STRING} (\<|%3C).*embed.*(\>|%3E) [NC,OR]
78. RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
79. RewriteCond %{QUERY_STRING} (\<|%3C).*object.*(\>|%3E) [NC,OR]
80. RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
81. RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
82. RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]
83. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
84. RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]
85. RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
86. RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
87. RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|%3c|%3e|%5b|%5d).* [NC,OR]
88. RewriteCond %{QUERY_STRING} ^.*(\x00|\x04|\x08|\x0d|\x1b|\x20|\x3c|\x3e|\x5b|\x5d|\x7f).* [NC,OR]
89. RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]
90. RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]
91. RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
92. RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
93. RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
94. RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
95. RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
96. RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
97. RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
98. RewriteRule ^(.*)$ - [F,L]
99. RewriteCond %{REQUEST_FILENAME} !-f
100. RewriteCond %{REQUEST_FILENAME} !-d
101. RewriteRule . /index.php [L]
102.  
103. <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
104. Order allow,deny
105. Deny from all
106. #Allow from 88.77.66.55
107. </FilesMatch>
108. # END WordPress
109.  
110. # 6G:[REQUEST STRINGS]
111. <ifModule mod_alias.c>
112. RedirectMatch 403 /\$\&
113. RedirectMatch 403 (?i)/\&(t|title)=
114. RedirectMatch 403 (?i)/\.(bash|git|hg|log|svn|swp|tar)
115. RedirectMatch 403 (?i)/(1|contact|i|index1|iprober|phpinfo|phpspy|product|signup|t|test|timthumb|tz|visit|webshell|wp-signup).php
116. RedirectMatch 403 (?i)/(author-panel|class|database|manage|phpMyAdmin|register|submit-articles|system|usage|webmaster)/?$
117. RedirectMatch 403 (?i)/(=|_mm|cgi|cvs|dbscripts|jsp|rnd|shadow|userfiles)
118. # RedirectMatch 403 /(\$|\*)/?$
119. # RedirectMatch 403 (?i)(<|>|:|;|\'|\s)
120. RedirectMatch 403 (?i)([a-zA-Z0-9]{50})
121. RedirectMatch 403 (?i)(https?|ftp|php)\:/
122. RedirectMatch 403 (?i)(\"|\.|\_|\&|\&amp)$
123. RedirectMatch 403 (?i)(\=\\\'|\=\\%27|/\\\'/?)\.
124. RedirectMatch 403 (?i)(\,|//|\)\+|/\,/|\{0\}|\(/\(|\.\.|\+\+\+|\||\\\"\\\")
125. RedirectMatch 403 (?i)/uploads/([0-9]+)/([0-9]+)/(cache|cached|wp-opt|wp-supercache)\.php
126. RedirectMatch 403 (?i)\.(asp|bash|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf|well)
127. RedirectMatch 403 (?i)/(^$|1|addlink|btn_hover|contact?|dkscsearch|dompdf|easyboard|ezooms|formvars|fotter|fpw|i|imagemanager|index1|install|iprober|legacy\-comments|join|js\-scraper|mapcms|mobiquo|phpinfo|phpspy|pingserver|playing|postgres|product|register|scraper|shell|signup|single\-default|t|sqlpatch|test|textboxes.css|thumb|timthumb|topper|tz|ucp_profile|visit|webring.docs|webshell|wp\-lenks|wp\-links|wp\-plugin|wp\-signup|wpcima|zboard|zzr)\.php
128. RedirectMatch 403 (?i)(\$\(this\)\.attr|\&pws\=0|\&t\=|\&title\=|\%7BshopURL\%7Dimages|\_vti\_|\(null\)|$itemURL|ask/data/ask|com\_crop|document\)\.ready\(fu|echo.*kae|eval\(|fckeditor\.htm|function.parse|function\(\)|gifamp|hilton.ch|index.php\&amp\;quot|jfbswww|monstermmorpg|msnbot\.htm|netdefender/hui|phpMyAdmin/config|proc/self|skin/zero_vote|/spaw2?|text/javascript|this.options)
129. </ifModule>
130.  
131. # 6G:[QUERY STRINGS]
132. RewriteCond %{REQUEST_URI} !^/$ [NC]
133. RewriteCond %{QUERY_STRING} (mod|path|tag)= [NC,OR]
134. RewriteCond %{QUERY_STRING} ([a-zA-Z0-9]{150}) [NC,OR]
135. RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
136. RewriteCond %{QUERY_STRING} (\?|\.\./|\.|\*|:|;|<|>|'|"|\)|\[|\]|=\\\'$|%0A|%0D|%22|%27|%3C|%3E|%00|%2e%2e) [NC,OR]
137. RewriteCond %{QUERY_STRING} (benchmark|boot.ini|cast|declare|drop|echo.*kae|environ|etc/passwd|execute|input_file|insert|md5|mosconfig|scanner|select|set|union|update) [NC]
138. RewriteCond %{HTTP_REFERER} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
139. RewriteCond %{HTTP_REFERER} ([a-zA-Z0-9]{32}) [NC]
140. RewriteRule .* - [F,L]
141.  
142. # 6G:[USER AGENTS]
143. <ifModule mod_setenvif.c>
144. #SetEnvIfNoCase User-Agent ^$ keep_out
145. SetEnvIfNoCase User-Agent (<|>|'|&lt;|%0A|%0D|%27|%3C|%3E|%00|href\s) keep_out
146. SetEnvIfNoCase User-Agent (archiver|binlar|casper|checkprivacy|clshttp|cmsworldmap|comodo|curl|diavol|dotbot|email|extract|feedfinder|flicky|grab|harvest|httrack|ia_archiver|jakarta|kmccrew|libwww|loader|miner|nikto|nutch|planetwork|purebot|pycurl|python|scan|skygrid|sucker|turnit|vikspider|wget|winhttp|youda|zmeu|zune) keep_out
147. <limit GET POST PUT>
148. Order Allow,Deny
149. Allow from all
150. Deny from env=keep_out
151. Deny from 24.213.139.114
152. Deny from 87.144.218.222
153. Deny from 95.5.32.79
154. Deny from 213.251.186.27
155. Deny from 88.191.93.186
156. Deny from 91.121.136.44
157. Deny from 50.56.92.47
158. Deny from 174.143.148.105
159. Deny from 82.170.168.91
160. Deny from 24.213.139.114
161. Deny from 61.147.110.14
162. Deny from 188.134.42.65
163. Deny from 122.164.215.155
164. Deny from 65.49.68.173
165. Deny from 220.155.1.166
166. Deny from 218.38.16.26
167. Deny from 50.56.92.47
168. Deny from 24.213.139.114
169. Deny from 91.200.19.84
170. Deny from 31.44.199.131
171. Deny from 49.50.8.63
172. </limit>
173. </ifModule>
174.  
175. # BEGIN W3TC Browser Cache
176. <IfModule mod_deflate.c>
177. <IfModule mod_setenvif.c>
178. BrowserMatch ^Mozilla/4 gzip-only-text/html
179. BrowserMatch ^Mozilla/4\.0[678] no-gzip
180. BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
181. BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
182. </IfModule>
183. <IfModule mod_headers.c>
184. Header append Vary User-Agent env=!dont-vary
185. </IfModule>
186. <IfModule mod_filter.c>
187. AddOutputFilterByType DEFLATE text/css application/x-javascript text/x-component text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
188. </IfModule>
189. </IfModule>
190. <FilesMatch "\.(css|js|htc|CSS|JS|HTC)$">
191. FileETag None
192. <IfModule mod_headers.c>
193. Header set X-Powered-By "W3 Total Cache/0.9.2.4"
194. </IfModule>
195. </FilesMatch>
196. <FilesMatch "\.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|HTML|HTM|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|XML)$">
197. FileETag None
198. <IfModule mod_headers.c>
199. Header set X-Powered-By "W3 Total Cache/0.9.2.4"
200. </IfModule>
201. </FilesMatch>
202. <FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EOT|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|OTF|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SVG|SVGZ|SWF|TAR|TIF|TIFF|TTF|TTC|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
203. FileETag None
204. <IfModule mod_headers.c>
205. Header set X-Powered-By "W3 Total Cache/0.9.2.4"
206. </IfModule>
207. </FilesMatch>
208. # END W3TC Browser Cache
209. # BEGIN W3TC Page Cache core
210. <IfModule mod_rewrite.c>
211. RewriteEngine On
212. RewriteBase /
213. RewriteRule ^(.*\/)?w3tc_rewrite_test$ $1?w3tc_rewrite_test=1 [L]
214. RewriteCond %{HTTP:Accept-Encoding} gzip
215. RewriteRule .* - [E=W3TC_ENC:_gzip]
216. RewriteCond %{REQUEST_METHOD} !=POST
217. RewriteCond %{QUERY_STRING} =""
218. RewriteCond %{HTTP_HOST} =blindscribblings.com
219. RewriteCond %{REQUEST_URI} \/$ [OR]
220. RewriteCond %{REQUEST_URI} (sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?) [NC]
221. RewriteCond %{REQUEST_URI} !(\/wp-admin\/|\/xmlrpc.php|\/wp-(app|cron|login|register|mail)\.php|\/feed\/|wp-.*\.php|index\.php) [NC,OR]
222. RewriteCond %{REQUEST_URI} (wp\-comments\-popup\.php|wp\-links\-opml\.php|wp\-locations\.php) [NC]
223. RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wordpress_\[a\-f0\-9\]\+|wordpress_logged_in) [NC]
224. RewriteCond %{HTTP_USER_AGENT} !(W3\ Total\ Cache/0\.9\.2\.4) [NC]
225. RewriteCond "%{DOCUMENT_ROOT}/wp-content/w3tc/pgcache/%{REQUEST_URI}/_index%{ENV:W3TC_UA}%{ENV:W3TC_REF}%{ENV:W3TC_SSL}.html%{ENV:W3TC_ENC}" -f
226. RewriteRule .* "/wp-content/w3tc/pgcache/%{REQUEST_URI}/_index%{ENV:W3TC_UA}%{ENV:W3TC_REF}%{ENV:W3TC_SSL}.html%{ENV:W3TC_ENC}" [L]
227. </IfModule>
228. # END W3TC Page Cache core
229. <IfModule mod_expires.c>
230. ExpiresActive On
231. ExpiresByType image/jpg "access 1 year"
232. ExpiresByType image/jpeg "access 1 year"
233. ExpiresByType image/gif "access 1 year"
234. ExpiresByType image/png "access 1 year"
235. ExpiresByType text/css "access 1 month"
236. ExpiresByType application/pdf "access 1 month"
237. ExpiresByType text/x-javascript "access 1 month"
238. ExpiresByType application/x-shockwave-flash "access 1 month"
239. ExpiresByType image/x-icon "access 1 year"
240. ExpiresDefault "access 2 days"
241. </IfModule>
242. <FilesMatch ".(gif|jpg|jpeg|png|ico)$">
243. Header set Cache-Control "max-age=2592000"
244. </FilesMatch>
245. </Directory>
246.  
247. ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
248. <Directory "/usr/lib/cgi-bin">
249. AllowOverride None
250. Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
251. AddHandler cgi-script .cgi
252. Order allow,deny
253. Allow from all
254. </Directory>
255.  
256. ErrorLog ${APACHE_LOG_DIR}/error.log
257.  
258. # Possible values include: debug, info, notice, warn, error, crit,
259. # alert, emerg.
260. LogLevel warn
261.  
262. CustomLog ${APACHE_LOG_DIR}/access.log combined
263. </VirtualHost>