API tools faq
paste
SRD75

.htaccess

SRD75
Jul 20th, 2014
546
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.57 KB | None | 0 0
raw download clone embed print report
  1. # BEGIN iThemes Security
  2. # BEGIN Ban Users
  3. # Begin HackRepair.com Blacklist
  4. RewriteEngine on
  5. RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
  6. RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
  7. RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
  8. RewriteCond %{HTTP_USER_AGENT} ^Bolt\ 0 [NC,OR]
  9. RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot\@yahoo\.com [NC,OR]
  10. RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
  11. RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
  12. RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
  13. RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
  14. RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
  15. RewriteCond %{HTTP_USER_AGENT} ^Default\ Browser\ 0 [NC,OR]
  16. RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
  17. RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
  18. RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
  19. RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
  20. RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR]
  21. RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
  22. RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
  23. RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
  24. RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
  25. RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
  26. RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR]
  27. RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
  28. RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
  29. RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
  30. RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
  31. RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
  32. RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
  33. RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
  34. RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
  35. RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
  36. RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
  37. RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
  38. RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
  39. RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
  40. RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR]
  41. RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR]
  42. RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
  43. RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR]
  44. RewriteCond %{HTTP_USER_AGENT} ^InternetSeer\.com [NC,OR]
  45. RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
  46. RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
  47. RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
  48. RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR]
  49. RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
  50. RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
  51. RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
  52. RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR]
  53. RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
  54. RewriteCond %{HTTP_USER_AGENT} ^microsoft\.url [NC,OR]
  55. RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR]
  56. RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR]
  57. RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*Indy [NC,OR]
  58. RewriteCond %{HTTP_USER_AGENT} ^Mozilla\.*NEWT [NC,OR]
  59. RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
  60. RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
  61. RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
  62. RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR]
  63. RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
  64. RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
  65. RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
  66. RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
  67. RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
  68. RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR]
  69. RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR]
  70. RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
  71. RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR]
  72. RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
  73. RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
  74. RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
  75. RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
  76. RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
  77. RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
  78. RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
  79. RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
  80. RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
  81. RewriteCond %{HTTP_USER_AGENT} ^Rippers\ 0 [NC,OR]
  82. RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
  83. RewriteCond %{HTTP_USER_AGENT} ^sitecheck\.internetseer\.com [NC,OR]
  84. RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
  85. RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
  86. RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
  87. RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
  88. RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
  89. RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
  90. RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
  91. RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
  92. RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR]
  93. RewriteCond %{HTTP_USER_AGENT} ^Toata\ dragostea\ mea\ pentru\ diavola [NC,OR]
  94. RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
  95. RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
  96. RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
  97. RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR]
  98. RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
  99. RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
  100. RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
  101. RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
  102. RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR]
  103. RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
  104. RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
  105. RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
  106. RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR]
  107. RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR]
  108. RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
  109. RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
  110. RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
  111. RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
  112. RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
  113. RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
  114. RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
  115. RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR]
  116. RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
  117. RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
  118. RewriteCond %{HTTP_USER_AGENT} ^CazoodleBot [NC,OR]
  119. RewriteCond %{HTTP_USER_AGENT} ^discobot [NC,OR]
  120. RewriteCond %{HTTP_USER_AGENT} ^ecxi [NC,OR]
  121. RewriteCond %{HTTP_USER_AGENT} ^GT::WWW [NC,OR]
  122. RewriteCond %{HTTP_USER_AGENT} ^heritrix [NC,OR]
  123. RewriteCond %{HTTP_USER_AGENT} ^HTTP::Lite [NC,OR]
  124. RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
  125. RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
  126. RewriteCond %{HTTP_USER_AGENT} ^id-search [NC,OR]
  127. RewriteCond %{HTTP_USER_AGENT} ^id-search\.org [NC,OR]
  128. RewriteCond %{HTTP_USER_AGENT} ^IDBot [NC,OR]
  129. RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
  130. RewriteCond %{HTTP_USER_AGENT} ^IRLbot [NC,OR]
  131. RewriteCond %{HTTP_USER_AGENT} ^ISC\ Systems\ iRc\ Search\ 2\.1 [NC,OR]
  132. RewriteCond %{HTTP_USER_AGENT} ^LinksManager.com_bot [NC,OR]
  133. RewriteCond %{HTTP_USER_AGENT} ^linkwalker [NC,OR]
  134. RewriteCond %{HTTP_USER_AGENT} ^lwp-trivial [NC,OR]
  135. RewriteCond %{HTTP_USER_AGENT} ^MFC_Tear_Sample [NC,OR]
  136. RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control [NC,OR]
  137. RewriteCond %{HTTP_USER_AGENT} ^Missigua\ Locator [NC,OR]
  138. RewriteCond %{HTTP_USER_AGENT} ^panscient.com [NC,OR]
  139. RewriteCond %{HTTP_USER_AGENT} ^PECL::HTTP [NC,OR]
  140. RewriteCond %{HTTP_USER_AGENT} ^PHPCrawl [NC,OR]
  141. RewriteCond %{HTTP_USER_AGENT} ^PleaseCrawl [NC,OR]
  142. RewriteCond %{HTTP_USER_AGENT} ^SBIder [NC,OR]
  143. RewriteCond %{HTTP_USER_AGENT} ^Snoopy [NC,OR]
  144. RewriteCond %{HTTP_USER_AGENT} ^Steeler [NC,OR]
  145. RewriteCond %{HTTP_USER_AGENT} ^URI::Fetch [NC,OR]
  146. RewriteCond %{HTTP_USER_AGENT} ^urllib [NC,OR]
  147. RewriteCond %{HTTP_USER_AGENT} ^User-Agent [NC,OR]
  148. RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR]
  149. RewriteCond %{HTTP_USER_AGENT} ^webalta [NC,OR]
  150. RewriteCond %{HTTP_USER_AGENT} ^WebCollage [NC,OR]
  151. RewriteCond %{HTTP_USER_AGENT} ^Wells\ Search\ II [NC,OR]
  152. RewriteCond %{HTTP_USER_AGENT} ^WEP\ Search [NC,OR]
  153. RewriteCond %{HTTP_USER_AGENT} ^zermelo [NC,OR]
  154. RewriteCond %{HTTP_USER_AGENT} ^ZyBorg [NC]
  155. RewriteRule ^.* - [F]
  156.  
  157.  
  158. # END Ban Users
  159. # BEGIN Hide Backend
  160. # Rules to hide the dashboard
  161. RewriteRule ^/wplogin/?$ /wp-login.php [QSA,L]
  162.  
  163. # END Hide Backend
  164. # BEGIN Tweaks
  165. # Rules to block access to WordPress specific files
  166. <files .htaccess>
  167. Order allow,deny
  168. Deny from all
  169. </files>
  170. <files readme.html>
  171. Order allow,deny
  172. Deny from all
  173. </files>
  174. <files readme.txt>
  175. Order allow,deny
  176. Deny from all
  177. </files>
  178. <files install.php>
  179. Order allow,deny
  180. Deny from all
  181. </files>
  182. <files wp-config.php>
  183. Order allow,deny
  184. Deny from all
  185. </files>
  186.  
  187. # Rules to disable directory browsing
  188. Options -Indexes
  189.  
  190. <IfModule mod_rewrite.c>
  191. RewriteEngine On
  192.  
  193. # Rules to protect wp-includes
  194. RewriteRule ^wp-admin/includes/ - [F]
  195. RewriteRule !^wp-includes/ - [S=3]
  196. RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
  197. RewriteRule ^wp-includes/[^/]+\.php$ - [F]
  198. RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
  199. RewriteRule ^wp-includes/theme-compat/ - [F]
  200.  
  201. # Rules to prevent php execution in uploads
  202. RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
  203.  
  204. # Rules to block unneeded HTTP methods
  205. RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
  206. RewriteRule ^(.*)$ - [F]
  207.  
  208. # Rules to block suspicious URIs
  209. RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
  210. RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
  211. RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
  212. RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
  213. RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
  214. RewriteCond %{QUERY_STRING} http\: [NC,OR]
  215. RewriteCond %{QUERY_STRING} https\: [NC,OR]
  216. RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  217. RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
  218. RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
  219. RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|ê|"|;|\?|\*|=$).* [NC,OR]
  220. RewriteCond %{QUERY_STRING} ^.*(&#x22;|&#x27;|&#x3C;|&#x3E;|&#x5C;|&#x7B;|&#x7C;).* [NC,OR]
  221. RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
  222. RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
  223. RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
  224. RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
  225. RewriteCond %{QUERY_STRING} !^loggedout=true
  226. RewriteCond %{QUERY_STRING} !^action=rp
  227. RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
  228. RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
  229. RewriteRule ^(.*)$ - [F]
  230.  
  231. # Rules to block foreign characters in URLs
  232. RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
  233. RewriteRule ^(.*)$ - [F]
  234.  
  235. # Rules to help reduce spam
  236. RewriteCond %{REQUEST_METHOD} POST
  237. RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
  238. RewriteCond %{HTTP_REFERER} !^(.*)net.au.*
  239. RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
  240. RewriteCond %{HTTP_USER_AGENT} ^$
  241. RewriteRule ^(.*)$ - [F]
  242. </IfModule>
  243. # END Tweaks
  244. # END iThemes Security
  245.  
  246. RewriteEngine On
  247. RewriteBase /
  248. RewriteRule ^index\.php$ - [L]
  249. # add a trailing slash to /wp-admin
  250. RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
  251. # uploaded files
  252. RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]
  253. RewriteCond %{REQUEST_FILENAME} -f [OR]
  254. RewriteCond %{REQUEST_FILENAME} -d
  255. RewriteRule ^ - [L]
  256. RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
  257. RewriteRule ^(.*\.php)$ wp/$1 [L]
  258. RewriteRule . index.php [L]
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!