Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # BEGIN Force HTTPSRewriteEngine On
- RewriteCond %{HTTPS} !=on
- RewriteCond %{ENV:HTTPS} !=on
- RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
- RewriteCond %{HTTP_HOST} !=domain.eu
- RewriteRule (.*) https://domain.eu/$1 [R=301,L]
- # END Force HTTPS
- # BEGIN HTTP Security Header
- <ifModule mod_headers.c>
- Header set X-XSS-Protection "1; mode=block"
- Header always append X-Frame-Options "SAMEORIGIN"
- Header set X-Content-Type-Options: "nosniff"
- Header set X-Frame-Options "SAMEORIGIN"
- Header set Strict-Transport-Security "max-age=15768000"
- Header set Cache-Control "no-store, no-cache, must-revalidate"
- Header set Content-Security-Policy "default-src https:"
- Header set Connection "keep-alive"
- </ifModule>
- # END HTTP Security Header
- # BEGIN Zugriffsschutz (verändert)
- <Files wp-login.php>
- AuthName "Restricted Admin-Area"
- AuthType Basic
- AuthUserFile /lib/w/virtual/user/site/.passwd
- Require valid-user
- </Files>
- # END Zugriffsschutz
- # WordPress SEO - XML Sitemap Rewrite Fix
- RewriteEngine On
- RewriteBase /
- RewriteRule ^sitemap_index.xml$ /index.php?sitemap=1 [L]
- RewriteRule ^locations.kml$ /index.php?sitemap=wpseo_local_kml [L]
- RewriteRule ^geo_sitemap.xml$ /index.php?sitemap=geo [L]
- RewriteRule ^([^/]+?)-sitemap([0-9]+)?.xml$ /index.php?sitemap=$1&sitemap_n=$2 [L]
- RewriteRule ^([a-z]+)?-?sitemap.xsl$ /index.php?xsl=$1 [L]
- # END WordPress SEO - XML Sitemap Rewrite Fix
- # BEGIN SF Move Login (verändert)
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteBase /
- RewriteRule ^login/?$ wp-login.php [QSA,L]
- RewriteRule ^post/?$ wp-login.php?action=postpass [QSA,L]
- RewriteRule ^logout/?$ wp-login.php?action=logout [QSA,L]
- RewriteRule ^lostpassword?$ wp-login.php?action=lostpassword [QSA,L]
- RewriteRule ^resetpass/?$ wp-login.php?action=resetpass [QSA,L]
- RewriteRule ^rregister /?$ wp-login.php?action=register [QSA,L]
- </IfModule>
- # END SF Move Login
- # BEGIN WordPress
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteBase /
- RewriteRule ^index\.php$ - [L]
- RewriteCond %{REQUEST_FILENAME} !-f
- RewriteCond %{REQUEST_FILENAME} !-d
- RewriteRule . /index.php [L]
- </IfModule>
- # END WordPress
- # BEGIN Zugriff auf Include-Dateien verhindern
- <IfModule mod_rewrite.c>
- RewriteEngine On
- RewriteBase /
- RewriteRule ^wp-admin/includes/ - [F,L]
- RewriteRule !^wp-includes/ - [S=3]
- RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
- RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
- RewriteRule ^wp-includes/theme-compat/ - [F,L]
- </IfModule>
- # END Zugriff auf Include-Dateien verhindern
- # BEGIN Zugriff auf wp-config, Logdateien, .hta bzw. .htp und Liesmich verhindern
- <FilesMatch "(\.htaccess|\.htpasswd|wp-config\.php|liesmich\.html|readme\.html)">
- order deny,allow
- deny from all
- satisfy all
- </FilesMatch>
- # END Zugriff auf wp-config, Logdateien, .hta bzw. .htp und Liesmich verhindern
- # BEGIN Protect files and directories from prying eyes.
- <FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
- Order allow,deny
- </FilesMatch>
- # END Protect files and directories from prying eyes.
- # BEGIN Prevent folder browsing
- Options -Indexes
- # END Prevent folder browsing
- # BEGIN XML RPC deaktivieren
- <Files xmlrpc.php>
- Order Deny,Allow
- Deny from all
- </Files>
- # END XML RPC deaktivieren
- # DISABLE ETAGS
- <filesMatch "\\.(ico|pdf|flv|jpe?g?|png|gif|js|css|swf|txt|mp3|avi|mpe?g?|wmv)$">
- FileETag none
- </filesMatch>
- # BEGIN BLOCK EVIL REQUESTS
- <ifModule mod_rewrite.c>
- Options +SymLinksIfOwnerMatch
- RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
- RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
- RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
- RewriteRule .* blacklist.php [F,L]
- </ifModule>
- # END BLOCK EVIL REQUESTS
- # BEGIN PHP Errors nicht anzeigen
- # php_flag display_errors Off
- # END PHP Errors nicht anzeigen
- # BEGIN gzip Compression if availiable
- <IfModule mod_gzip.c>
- mod_gzip_on Yes
- mod_gzip_dechunk Yes
- mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
- mod_gzip_item_include handler ^cgi-script$
- mod_gzip_item_include mime ^text/.*
- mod_gzip_item_include mime ^application/x-javascript.*
- mod_gzip_item_exclude mime ^image/.*
- mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
- </IfModule>
- # END gzip Compression if availiable
- # BEGIN Deflate Compress text files
- <ifModule mod_deflate.c>
- AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript application/x-shockwave-flash
- </ifModule>
- # END Compress text files
- # BEGIN Expire headers
- <ifModule mod_expires.c>
- ExpiresActive On
- ExpiresDefault "access plus 60 seconds"
- ExpiresByType image/x-icon "access plus 1 month"
- ExpiresByType image/jpeg "access plus 1 month"
- ExpiresByType image/png "access plus 1 month"
- ExpiresByType image/gif "access plus 1 month"
- ExpiresByType application/x-shockwave-flash "access plus 1 month"
- ExpiresByType text/css "access plus 2 weeks"
- ExpiresByType text/javascript "access plus 1 week"
- ExpiresByType application/javascript "access plus 1 week"
- ExpiresByType application/x-javascript "access plus 1 week"
- ExpiresByType text/html "access plus 900 seconds"
- ExpiresByType application/xhtml+xml "access plus 900 seconds"
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
- ExpiresByType application/x-font-ttf "access plus 1 month"
- ExpiresByType application/x-font-woff "access plus 1 month"
- ExpiresByType font/opentype "access plus 1 month"
- ExpiresByType image/svg+xml "access plus 1 day"
- </ifModule>
- # END Expire headers
- # Keep alive
- <ifModule mod_headers.c>
- Header set Connection keep-alive
- </ifModule>
- # BEGIN Cache-Control Headers
- <ifModule mod_headers.c>
- <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
- Header set Cache-Control "public"
- </filesMatch>
- <filesMatch "\.(css)$">
- Header set Cache-Control "public"
- </filesMatch>
- <filesMatch "\.(js)$">
- Header set Cache-Control "private"
- </filesMatch>
- <filesMatch "\.(x?html?|php)$">
- Header set Cache-Control "private, must-revalidate"
- </filesMatch>
- </ifModule>
- # END Cache-Control Headers
- # BEGIN Deaktivate ETags
- Header unset ETag
- FileETag None
- # END Deaktivate ETags
- # BEGIN No Hotlinking
- RewriteCond %{HTTP_REFERER} !^$
- RewriteCond %{HTTP_REFERER} !^https://domain.eu/.*$ [NC]
- RewriteCond %{HTTP_REFERER} !^https://domain.eu$ [NC]
- RewriteCond %{HTTP_REFERER} !^https://domain.eu/.*$ [NC]
- RewriteCond %{HTTP_REFERER} !^https://www.domain.eu$ [NC]
- RewriteRule .*\.(jpg|jpeg|gif|png|bmp)$ http://sorry.nohotlinking [R,NC]
- # END No Hotlinking
- # BEGIN Better experience for IE users
- <IfModule mod_headers.c>
- Header set X-UA-Compatible "IE=Edge,chrome=1"
- # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
- <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$" >
- Header unset X-UA-Compatible
- </FilesMatch>
- </IfModule>
- # END Better experience for IE users
- # BEGIN Proper MIME type for all files
- AddType application/javascript js
- AddType audio/ogg oga ogg
- AddType audio/mp4 m4a
- AddType video/ogg ogv
- AddType video/mp4 mp4 m4v
- AddType video/webm webm
- AddType image/svg+xml svg svgz
- AddEncoding gzip svgz
- AddType application/vnd.ms-fontobject eot
- AddType application/x-font-ttf ttf ttc
- AddType font/opentype otf
- AddType application/x-font-woff woff
- AddType image/x-icon ico
- AddType image/webp webp
- AddType text/cache-manifest appcache manifest
- AddType text/x-component htc
- AddType application/x-chrome-extension crx
- AddType application/x-xpinstall xpi
- AddType application/octet-stream safariextz
- AddType text/x-vcard vcf
- # END Proper MIME type for all files
- # BEGIN Use UTF-8 encoding for anything served text/plain or text/html
- AddDefaultCharset utf-8
- AddCharset utf-8 .html .css .js .xml .json .rss .atom
- # END Use UTF-8 encoding for anything served text/plain or text/html
- <IfModule mod_rewrite.c>
- # BEGIN Block access to "hidden" directories
- RewriteRule "(^|/)\." - [F]
- # END Block access to "hidden" directories
- # BEGIN Rules to prevent php execution in uploads
- RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
- # END Rules to prevent php execution in uploads
- # BEGIN Rules to block unneeded HTTP methods
- RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
- RewriteRule ^(.*)$ - [F]
- # END Rules to block unneeded HTTP methods
- # BEGIN Rules to block suspicious URIs
- RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
- RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
- RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
- RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
- RewriteCond %{QUERY_STRING} http\: [NC,OR]
- RewriteCond %{QUERY_STRING} https\: [NC,OR]
- RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
- RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
- RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
- RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
- RewriteCond %{QUERY_STRING} !^loggedout=true
- RewriteCond %{QUERY_STRING} !^action=jetpack-sso
- RewriteCond %{QUERY_STRING} !^action=rp
- RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
- RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
- RewriteRule ^(.*)$ - [F]
- # BEGIN Rules to block suspicious URIs
- </IfModule>
- # BEGIN Block Semalt related referrer spam
- RewriteEngine on
- RewriteCond %{HTTP_REFERER} ^http://.*youtubedownload\.org/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*softomix\.ru/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*zazagames\.org/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*youtubedownload\.org/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*vapmedia\.org/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*soundfrost\.org/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*joingames\.org/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*videofrost\.net/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*softomix\.net/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*feedouble\.net/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*backgroundpictures\.net/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*joinandplay\.me/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*videofrost\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*srecorder\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*softomix\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*openmediasoft\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*openfrost\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*myprintscreen\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*musicprojectfoundation\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*feedouble\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*fbfreegifts\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*extener\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*embedle\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*savetubevideo\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*kambasoft\.com/ [NC,OR]
- RewriteCond %{HTTP_REFERER} buttons\-for\-website\.com [NC,OR]
- RewriteCond %{HTTP_REFERER} ^http://.*semalt\.com/ [NC]
- RewriteCond %{HTTP_REFERER} 7makemoneyonline\.com [NC,OR]
- RewriteRule ^(.*)$ – [F,L]
- # END Block Semalt related referrer spam
- # BEGIN Badbots blockieren [Letzte Aktualisierung: 12.02.2015]
- RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
- RewriteCond %{HTTP_USER_AGENT} updown_tester [OR]
- RewriteCond %{HTTP_USER_AGENT} (spbot|OpenLinkProfiler) [OR]
- RewriteCond %{HTTP_USER_AGENT} (Squider|Squider/0.01)$ [OR]
- RewriteCond %{HTTP_USER_AGENT} (memorybot|memoryBot) [OR]
- RewriteCond %{HTTP_USER_AGENT} ^magpie-crawler/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} SiteExplorer/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} Spiderlytics/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} ProCogSEOBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} ^libwww-perl/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} TurnitinBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} meanpathbot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} SemrushBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} Infohelfer/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} CompSpyBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} AhrefsBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} CareerBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} Moreover/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} BLEXBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} Ezooms/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} Abonti/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} DCPbot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} ^Java/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} oBot/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} ^BOT/[0-9] [OR]
- RewriteCond %{HTTP_USER_AGENT} SearchmetricsBot [OR]
- RewriteCond %{HTTP_USER_AGENT} OpenindexSpider [OR]
- RewriteCond %{HTTP_USER_AGENT} BacklinkCrawler [OR]
- RewriteCond %{HTTP_USER_AGENT} ^ssearch_bot [OR]
- RewriteCond %{HTTP_USER_AGENT} UnisterBot [OR]
- RewriteCond %{HTTP_USER_AGENT} 360Spider$ [OR]
- RewriteCond %{HTTP_USER_AGENT} HubSpot\sWebcrawler$ [OR]
- RewriteCond %{HTTP_USER_AGENT} SISTRIX
- RewriteRule ^ - [F,L]
- # END Badbots blockieren
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement