Left: | ||
Right: |
OLD | NEW |
---|---|
1 ############################################################################### | 1 ############################################################################### |
2 ## The Master .htaccess | 2 ## The Master .htaccess |
3 ## | 3 ## |
4 ## Version 2.2 - November 18th, 2010 | 4 ## Version 2.4 (proposed) - March 24th, 2011 |
g1smd
2011/03/25 09:18:08
Ver 2.2 here but noted as 2.3 further down. Assume
| |
5 ## | 5 ## |
6 ## ---------- | 6 ## ---------- |
7 ## This file is designed to be the template .htaccess file to put on your new | 7 ## This file is designed to be the template .htaccess file to put on your new |
8 ## sites, increasing your site's security and performance. It is not meant to | 8 ## sites, increasing your site's security and performance. It is not meant to |
9 ## be just dropped in your site, though. You should go through all of its | 9 ## be just dropped in your site, though. You should go through all of its |
10 ## sections and modify it to match your site. Most notably, all instances of | 10 ## sections and modify it to match your site. Most notably, all instances of |
11 ## domain.com and domain\.com should be replaced with your real domain name. | 11 ## example.com and example\.com should be replaced with your real domain name. |
g1smd
2011/03/25 09:18:08
example.com as per RFC 2606.
| |
12 ## | 12 ## |
13 ## Some sections are too picky and may cause problems with legitimate requests. | 13 ## Some sections are too picky and may cause problems with legitimate requests. |
14 ## You are ultimately responsible for disabling them or writing exception rules | 14 ## You are ultimately responsible for disabling them or writing exception rules |
15 ## for your requests. Most notably, the advanced server protection section will | 15 ## for your requests. Most notably, the advanced server protection section will |
16 ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten- | 16 ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten- |
17 ## sions which use non-standard scripts as their entry points. You must add | 17 ## sions which use non-standard scripts as their entry points. You must add |
18 ## exceptions for them manually. | 18 ## exceptions for them manually. |
19 ## | 19 ## |
20 ## Some sections - depending on your server configuration - may cause your site | 20 ## Some sections - depending on your server configuration - may cause your site |
21 ## to throw 500 Internal Server Error. The only way to figure out which one is | 21 ## to throw 500 Internal Server Error. The only way to figure out which one is |
(...skipping 10 matching lines...) Expand all Loading... | |
32 ## | 32 ## |
33 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html | 33 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html |
34 ## ---------------------------------------------------------------------- | 34 ## ---------------------------------------------------------------------- |
35 ## | 35 ## |
36 ## Have fun, stay safe. | 36 ## Have fun, stay safe. |
37 ## | 37 ## |
38 ## Nicholas K. Dionysopoulos | 38 ## Nicholas K. Dionysopoulos |
39 ## Lead Developer, AkeebaBackup.com | 39 ## Lead Developer, AkeebaBackup.com |
40 ## | 40 ## |
41 ## CHANGELOG: | 41 ## CHANGELOG: |
42 ## Version 2.4 (proposed) (March 24th, 2011) | |
43 ## - Dozens of speed optimisations and many logic and syntax corrections. | |
42 ## Version 2.3 (November 18th, 2010) | 44 ## Version 2.3 (November 18th, 2010) |
43 ## - Added .ico to the pass-through rules, for favicons to load | 45 ## - Added .ico to the pass-through rules, for favicons to load |
44 ## Version 2.2 (October 25th, 2010) | 46 ## Version 2.2 (October 25th, 2010) |
45 ## - Bug in the tmpl=component rule | 47 ## - Bug in the tmpl=component rule |
46 ## Version 2.1 (October 19th, 2010) | 48 ## Version 2.1 (October 19th, 2010) |
47 ## - index.php to root redirection would kill some AJAX requests | 49 ## - index.php to root redirection would kill some AJAX requests |
48 ## - Referer filtering was screwed up | 50 ## - Referer filtering was screwed up |
49 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!) | 51 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!) |
50 ## - The tp/template/tmpl filter was not thorough and killed some components | 52 ## - The tp/template/tmpl filter was not thorough and killed some components |
51 ## - Optimized Joomla! core SEF section | 53 ## - Optimized Joomla! core SEF section |
52 ## - Bot filters and GZip optimization would never run for dynamic content | 54 ## - Bot filters and GZip optimization would never run for dynamic content |
53 ## - Content expiration optimization got more optimized | 55 ## - Content expiration optimization got more optimized |
54 ## - Added ETag rule | 56 ## - Added ETag rule |
55 ## | 57 ## |
56 ############################################################################### | 58 ############################################################################### |
57 | 59 |
58 ########## Begin - RewriteEngine enabled | 60 ########## Begin - RewriteEngine enabled |
59 RewriteEngine On | 61 RewriteEngine On |
62 Options +FollowSymLinks | |
60 ########## End - RewriteEngine enabled | 63 ########## End - RewriteEngine enabled |
61 | 64 |
62 ########## Begin - RewriteBase | 65 ########## Begin - RewriteBase |
63 # Uncomment following line if your webserver's URL | 66 # Uncomment following line if your webserver's URL |
64 # is not directly related to physical file paths. | 67 # is not directly related to physical file paths. |
65 # Update Your Joomla! Directory (just / for root) | 68 # Update Your Joomla! Directory (just / for root) |
66 | 69 |
67 # RewriteBase / | 70 # RewriteBase / |
68 ########## End - RewriteBase | 71 ########## End - RewriteBase |
69 | 72 |
70 ########## Begin - File exection order, by Komra.de | 73 ########## Begin - File execution order, by Komra.de |
71 DirectoryIndex index.php index.html | 74 DirectoryIndex index.php index.html |
72 ########## End - File exection order | 75 ########## End - File execution order |
73 | 76 |
74 ########## Begin - No directory listings | 77 ########## Begin - No directory listings |
75 ## Note: +FollowSymlinks may cause problems and you might have to remove it | 78 ## Note: +FollowSymlinks may cause problems and you might have to remove it |
76 IndexIgnore * | 79 IndexIgnore * |
77 Options +FollowSymLinks All -Indexes | 80 Options +FollowSymLinks All -Indexes |
78 ########## End - No directory listings | 81 ########## End - No directory listings |
79 | 82 |
80 ########## Begin - ETag Optimization | 83 ########## Begin - ETag Optimization |
81 ## This rule will create an ETag for files based only on the modification | 84 ## This rule will create an ETag for files based only on the modification |
82 ## timestamp and their size. This works wonders if you are using rsync'ed | 85 ## timestamp and their size. This works wonders if you are using rsync'ed |
83 ## servers, where the inode number of identical files differs. | 86 ## servers, where the inode number of identical files differs. |
84 ## Note: It may cause problems on your server and you may need to remove it | 87 ## Note: It may cause problems on your server and you may need to remove it |
85 FileETag MTime Size | 88 FileETag MTime Size |
86 ########## End - ETag Optimization | 89 ########## End - ETag Optimization |
87 | 90 |
88 ########## Begin - Optimal default expiration time | 91 ########## Begin - Optimal default expiration time |
89 ## Note: this might cause problems and you might have to comment it out by | 92 ## Note: this might cause problems and you might have to comment it out by |
90 ## placing a hash in front of this section's lines | 93 ## placing a hash in front of this section's lines |
91 <IfModule mod_expires.c> | 94 <IfModule mod_expires.c> |
92 # Enable expiration control | 95 # Enable expiration control |
93 ExpiresActive On | 96 ExpiresActive On |
94 | 97 |
95 # Default expiration: 1 hour after request | 98 # Default expiration: 1 hour after request |
96 ExpiresDefault "now plus 1 hour" | 99 ExpiresDefault "now plus 1 hour" |
97 » | 100 |
98 # CSS and JS expiration: 1 week after request | 101 # CSS and JS expiration: 1 week after request |
99 ExpiresByType text/css "now plus 1 week" | 102 ExpiresByType text/css "now plus 1 week" |
100 ExpiresByType application/javascript "now plus 1 week" | 103 ExpiresByType application/javascript "now plus 1 week" |
101 ExpiresByType application/x-javascript "now plus 1 week" | 104 ExpiresByType application/x-javascript "now plus 1 week" |
102 » | 105 |
103 » # Image files expiration: 1 year after request | 106 » # Image files expiration: 1 month after request |
g1smd
2011/03/25 09:18:08
There are diminishing returns after only a few day
|
g1smd
2011/03/25 09:18:08
One month is way more than enough.
|
104 » ExpiresByType image/bmp "now plus 1 year" | 107 » ExpiresByType image/bmp "now plus 1 month" |
105 » ExpiresByType image/gif "now plus 1 year" | 108 » ExpiresByType image/gif "now plus 1 month" |
106 » ExpiresByType image/jpeg "now plus 1 year" | 109 » ExpiresByType image/jpeg "now plus 1 month" |
107 » ExpiresByType image/jp2 "now plus 1 year" | 110 » ExpiresByType image/jp2 "now plus 1 month" |
108 » ExpiresByType image/pipeg "now plus 1 year" | 111 » ExpiresByType image/pipeg "now plus 1 month" |
109 » ExpiresByType image/png "now plus 1 year" | 112 » ExpiresByType image/png "now plus 1 month" |
110 » ExpiresByType image/svg+xml "now plus 1 year" | 113 » ExpiresByType image/svg+xml "now plus 1 month" |
111 » ExpiresByType image/tiff "now plus 1 year" | 114 » ExpiresByType image/tiff "now plus 1 month" |
112 » ExpiresByType image/vnd.microsoft.icon "now plus 1 year" | 115 » ExpiresByType image/vnd.microsoft.icon "now plus 1 month" |
113 » ExpiresByType image/x-icon "now plus 1 year" | 116 » ExpiresByType image/x-icon "now plus 1 month" |
114 » ExpiresByType image/ico "now plus 1 year" | 117 » ExpiresByType image/ico "now plus 1 month" |
115 » ExpiresByType image/icon "now plus 1 year" | 118 » ExpiresByType image/icon "now plus 1 month" |
116 » ExpiresByType text/ico "now plus 1 year" | 119 » ExpiresByType text/ico "now plus 1 month" |
117 » ExpiresByType application/ico "now plus 1 year" | 120 » ExpiresByType application/ico "now plus 1 month" |
118 » ExpiresByType image/vnd.wap.wbmp "now plus 1 year" | 121 » ExpiresByType image/vnd.wap.wbmp "now plus 1 month" |
119 » ExpiresByType application/vnd.wap.wbxml "now plus 1 year" | 122 » ExpiresByType application/vnd.wap.wbxml "now plus 1 month" |
120 » ExpiresByType application/smil "now plus 1 year" | 123 » ExpiresByType application/smil "now plus 1 month" |
121 » | 124 |
122 » # Audio files expiration: 1 year after request | 125 » # Audio files expiration: 1 month after request |
123 » ExpiresByType audio/basic "now plus 1 year" | 126 » ExpiresByType audio/basic "now plus 1 month" |
124 » ExpiresByType audio/mid "now plus 1 year" | 127 » ExpiresByType audio/mid "now plus 1 month" |
125 » ExpiresByType audio/midi "now plus 1 year" | 128 » ExpiresByType audio/midi "now plus 1 month" |
126 » ExpiresByType audio/mpeg "now plus 1 year" | 129 » ExpiresByType audio/mpeg "now plus 1 month" |
127 » ExpiresByType audio/x-aiff "now plus 1 year" | 130 » ExpiresByType audio/x-aiff "now plus 1 month" |
128 » ExpiresByType audio/x-mpegurl "now plus 1 year" | 131 » ExpiresByType audio/x-mpegurl "now plus 1 month" |
129 » ExpiresByType audio/x-pn-realaudio "now plus 1 year" | 132 » ExpiresByType audio/x-pn-realaudio "now plus 1 month" |
130 » ExpiresByType audio/x-wav "now plus 1 year" | 133 » ExpiresByType audio/x-wav "now plus 1 month" |
131 » | 134 |
132 » # Movie files expiration: 1 year after request | 135 » # Movie files expiration: 1 month after request |
133 » ExpiresByType application/x-shockwave-flash "now plus 1 year" | 136 » ExpiresByType application/x-shockwave-flash "now plus 1 month" |
134 » ExpiresByType x-world/x-vrml "now plus 1 year" | 137 » ExpiresByType x-world/x-vrml "now plus 1 month" |
135 » ExpiresByType video/x-msvideo "now plus 1 year" | 138 » ExpiresByType video/x-msvideo "now plus 1 month" |
136 » ExpiresByType video/mpeg "now plus 1 year" | 139 » ExpiresByType video/mpeg "now plus 1 month" |
137 » ExpiresByType video/mp4 "now plus 1 year" | 140 » ExpiresByType video/mp4 "now plus 1 month" |
138 » ExpiresByType video/quicktime "now plus 1 year" | 141 » ExpiresByType video/quicktime "now plus 1 month" |
139 » ExpiresByType video/x-la-asf "now plus 1 year" | 142 » ExpiresByType video/x-la-asf "now plus 1 month" |
140 » ExpiresByType video/x-ms-asf "now plus 1 year" | 143 » ExpiresByType video/x-ms-asf "now plus 1 month" |
141 </IfModule> | 144 </IfModule> |
142 ########## End - Optimal expiration time | 145 ########## End - Optimal expiration time |
143 | 146 |
144 ########## Begin - Common hacking tools and bandwidth hoggers block | 147 ########## Begin - Common hacking tools and bandwidth hoggers block |
145 ## By SigSiu.net and @nikosdion. | 148 ## By SigSiu.net and @nikosdion. |
146 ## WARNING: This will also block old versions of JoomlaPack Remote | 149 ## WARNING: This will also block old versions of JoomlaPack Remote |
147 ## and will disallow running CRON jobs using wget. | 150 ## and will disallow running CRON jobs using wget. |
148 # The following rules are for common hacking tools: | 151 # The following rules are for common hacking tools: |
149 SetEnvIf user-agent "Indy Library" stayout=1 | 152 SetEnvIf user-agent "Indy Library" stayout=1 |
150 SetEnvIf user-agent "libwww-perl" stayout=1 | 153 SetEnvIf user-agent "libwww-perl" stayout=1 |
151 SetEnvIf user-agent "Wget" stayout=1 | 154 SetEnvIf user-agent "Wget" stayout=1 |
152 # The following rules are for bandwidth-hogging download tools | 155 # The following rules are for bandwidth-hogging download tools |
153 SetEnvIf user-agent "Download Demon" stayout=1 | 156 SetEnvIf user-agent "Download Demon" stayout=1 |
154 SetEnvIf user-agent "GetRight" stayout=1 | 157 SetEnvIf user-agent "GetRight" stayout=1 |
155 SetEnvIf user-agent "GetWeb!" stayout=1 | 158 SetEnvIf user-agent "GetWeb!" stayout=1 |
156 SetEnvIf user-agent "Go!Zilla" stayout=1 | 159 SetEnvIf user-agent "Go!Zilla" stayout=1 |
157 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1 | 160 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1 |
158 SetEnvIf user-agent "GrabNet" stayout=1 | 161 SetEnvIf user-agent "GrabNet" stayout=1 |
159 SetEnvIf user-agent "TurnitinBot" stayout=1 | 162 SetEnvIf user-agent "TurnitinBot" stayout=1 |
160 # This line denies access to all of the above tools | 163 # This line denies access to all of the above tools |
161 deny from env=stayout | 164 deny from env=stayout |
162 ########## End - Common hacking tools and bandwidth higgers block | 165 ########## End - Common hacking tools and bandwidth higgers block |
163 | 166 |
164 ########## Begin - Automatic compression of resources | 167 ########## Begin - Automatic compression of resources |
165 # Compress text, html, javascript, css, xml, kudos to Komra.de | 168 # Compress text, html, javascript, css, xml, kudos to Komra.de |
166 # May kill access to your site for old versions of Internet Explorer | 169 # May kill access to your site for old versions of Internet Explorer |
170 # The server needs to be compiled with mod_deflate otherwise it will send HTTP 5 00 Error. | |
g1smd
2011/03/25 09:18:08
Helpful note as several people reported 500 error
| |
171 # mod_deflate is not available on Apache 1.x series. Can only be used with Apach e 2.x server. | |
172 # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the futur e. | |
167 AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application /xml application/xhtml+xml application/rss+xml application/javascript applicatio n/x-javascript | 173 AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application /xml application/xhtml+xml application/rss+xml application/javascript applicatio n/x-javascript |
168 ########## End - Automatic compression of resources | 174 ########## End - Automatic compression of resources |
169 | 175 |
170 ########## Begin - Google Apps redirection, by Komra.de | 176 ########## Begin - Google Apps redirection, by Komra.de |
171 Redirect 301 /mail http://mail.google.com/a/domain.com | 177 RewriteRule ^mail http://mail.google.com/a/example.com [R=301,L] |
g1smd
2011/03/25 09:18:08
Execution order not guaranteed if Redirect and Rew
| |
172 ########## End - Google Apps redirection | 178 ########## End - Google Apps redirection |
173 | 179 |
174 ########## Begin - Redirect index.php to / | 180 ########## Begin - Redirect index.html~htm to / for root and /path/ for folders |
175 ## Note: Change domain.com to reflect your own domain | 181 ## Note: Change example.com to reflect your own domain name |
176 RewriteCond %{THE_REQUEST} ^.*/index\.php$ | 182 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.html?\ HTTP/ |
g1smd
2011/03/25 09:18:08
This rule can never work. Pattern will never match
|
g1smd
2011/03/25 09:18:08
Matches "GET /index.html HTTP/1.1" in one pass, bu
|
177 RewriteRule ^index\.php$ http://www.domain.com/ [R,L] | 183 RewriteRule ^(([^/]+/)*)index\.html?$ http://www.example.com/$1 [R=301,L] |
g1smd
2011/03/25 09:18:08
Returns 302 status. 301 required.
| |
178 ########## End - Redirect index.php to / | 184 ########## End - Redirect index.html~htm to / for root and /path/ for folders· |
185 | |
186 ########## Begin - Redirect index.php to / for root and /path/ for folders | |
187 ## Note: Change example.com to reflect your own domain name | |
188 RewriteCond %{THE_REQUEST} !^POST | |
g1smd
2011/03/25 09:18:08
POST should not be redirected, so stops this redir
| |
189 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/ | |
g1smd
2011/03/25 09:18:08
Matches "GET /index.php HTTP/1.1" in one pass.
| |
190 RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ | |
g1smd
2011/03/25 09:18:08
Preserves HTTP/HTTPS from original request in the
| |
191 RewriteRule ^(([^/]+/)*)index\.php$ http%2://www.example.com/$1 [R=301,L] | |
g1smd
2011/03/25 09:18:08
Redirects in folders and in root. Avoids Duplicate
| |
192 ########## End - Redirect index.php to / for root and /path/ for folders | |
179 | 193 |
180 ########## Begin - Redirect non-www to www | 194 ########## Begin - Redirect non-www to www |
181 RewriteCond %{HTTP_HOST} !^www\. [NC] | 195 ## Note: Change www.example.com to reflect your own domain name |
g1smd
2011/03/25 09:18:08
Domain canonicalisation fails for www.example.com:
| |
182 RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L] | 196 RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ |
g1smd
2011/03/25 09:18:08
Returns 302 status. 301 required.
|
g1smd
2011/03/25 09:18:08
If not EXACTLY www.example.com then redirect to ww
|
197 RewriteRule (.*) http://www.example.com/$1 [R=301,L] | |
183 ########## End - Redirect non-www to www | 198 ########## End - Redirect non-www to www |
184 | 199 |
185 ########## Begin - Redirect www to non-www | 200 ########## Begin - Redirect www to non-www |
186 ## WARNING: Comment out the non-www to www rule if you choose to use this | 201 ## WARNING: Comment out the non-www to www rule if you choose to use this |
187 #RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] | 202 #RewriteCond %{HTTP_HOST} !^(example\.com)?$ |
g1smd
2011/03/25 09:18:08
Domain canonicalisation fails for example.com:80 r
|
g1smd
2011/03/25 09:18:08
If not EXACTLY example.com then redirect to exampl
|
188 #RewriteRule ^(.*)$ http://%1/$1 [R,L] | 203 #RewriteRule (.*) http://example.com/$1 [R=301,L] |
g1smd
2011/03/25 09:18:08
Returns 302 status. 301 required.
| |
189 ########## End - Redirect non-www to www | 204 ########## End - Redirect non-www to www |
190 | 205 |
191 ########## Begin - Redirect olddomain.com to www.domain.com | 206 ########## Begin - Redirect (www.)olddomain.com to www.example.com |
192 ## Note: olddomain.com is your old domain name, you want to redirect FROM, | 207 ## Note: olddomain.com is your old domain name, you want to redirect FROM, |
193 ## whereas www.domain.com is the new domain name you want to redirect TO. | 208 ## whereas www.example.com is the new domain name you want to redirect TO. |
194 ## Change those names to reflect your current configuration. Remember, this | 209 ## Change those names to reflect your current configuration. Remember, this |
195 ## file is supposed to be placed in www.domain.com! | 210 ## small part of the file is supposed to be placed in olddomain.com! |
196 RewriteCond %{HTTP_HOST} ^olddomain.com [NC]· | 211 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC] |
g1smd
2011/03/25 09:18:08
Literal periods in patterns should be escaped. Red
|
g1smd
2011/03/25 09:18:08
Redirect both www and non-www for olddomain reques
|
197 RewriteRule ^(.*)$ http://www.domain.com/$1 [L,R] | 212 RewriteRule ^(([^/]+/)*)index\.(php|html?) http://www.example.com/$1 [R=301,L] |
g1smd
2011/03/25 09:18:08
Returns 302 status. 301 required.
|
g1smd
2011/03/25 09:18:08
Canonicalisation for index requests made to old do
|
198 ########## End - Redirect olddomain.com to www.domain.com | 213 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC] |
g1smd
2011/03/25 09:18:08
Redirect both www and non-www for olddomain reques
| |
214 RewriteRule (.*) http://www.example.com/$1 [R=301,L] | |
215 ## Note: The above section is only required if you are changing your domain name . | |
216 ########## End - Redirect (www.)olddomain.com to www.example.com | |
199 | 217 |
200 ########## Begin - Force HTTPS for certain pages | 218 ########## Begin - Force HTTPS for certain pages |
201 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says. | 219 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says. |
202 # This line is required for this rule to work properly | 220 # This line is required for this rule to work properly |
203 RewriteCond %{HTTPS} ^off$ [NC] | 221 RewriteCond %{SERVER_PORT} !^443$ |
g1smd
2011/03/25 09:18:08
HTTPS variable isn't available on all servers.
|
g1smd
2011/03/25 09:18:08
SERVER_PORT is a more reliable test.
|
204 # This is a sample redirection for foobar.html. Do note that you have to change | 222 # This is a sample redirection for foobar.html. Do note that you have to change |
205 # www.domain.com to reflect your own domain. Remember to escape the dots using | 223 # www.example.com to reflect your own domain. Remember to escape the dots using |
206 # \. in the left hand side of each rule. | 224 # \. in the left hand side of each rule. |
207 RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R] | 225 RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [R=301,L] |
g1smd
2011/03/25 09:18:08
Returns 302 status. 301 required.
| |
208 # Add mode rules below this line | 226 # Add more rules below this line as required |
209 ########## End - Force HTTPS for certain pages | 227 ########## End - Force HTTPS for certain pages |
210 | 228 |
211 ########## Begin - Rewrite rules to block out some common exploits | 229 ########## Begin - Rewrite rules to block out some common exploits |
212 ## If you experience problems on your site block out the operations listed below | 230 ## If you experience problems on your site block out the operations listed below |
213 ## This attempts to block the most common type of exploit `attempts` to Joomla! | 231 ## This attempts to block the most common type of exploit `attempts` to Joomla! |
214 # | 232 # |
215 # If the request contains /proc/self/environ (by SigSiu.net) | 233 # If the request query string contains /proc/self/environ (by SigSiu.net) |
216 RewriteCond %{QUERY_STRING} proc\/self\/environ [OR] | 234 RewriteCond %{QUERY_STRING} proc/self/environ [OR] |
g1smd
2011/03/25 09:18:08
Slashes should not be escaped.
| |
217 # Legacy configuration variable injection | 235 # Block out any script trying to set a mosConfig value through the URL |
218 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] | 236 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] |
219 # Block out any script trying to base64_encode stuff to send via URL | 237 # Block out any script trying to base64_encode or base64_decode data within the URL |
220 RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] | 238 RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR] |
g1smd
2011/03/25 09:18:08
The .* forces multiple backoff and retry attempts.
| |
221 # Block out any script trying to base64_decode stuff to send via URL | |
222 RewriteCond %{QUERY_STRING} base64_decode.*\(.*\) [OR] | |
g1smd
2011/03/25 09:18:08
The .* forces multiple backoff and retry attempts.
| |
223 # Block out any script that includes a <script> tag in URL | 239 # Block out any script that includes a <script> tag in URL |
224 RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] | 240 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] |
g1smd
2011/03/25 09:18:08
The .* forces multiple backoff and retry attempts.
| |
225 # Block out any script trying to set a PHP GLOBALS variable via URL | 241 # Block out any script trying to set a PHP GLOBALS variable via URL |
226 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | 242 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] |
227 # Block out any script trying to modify a _REQUEST variable via URL | 243 # Block out any script trying to modify a _REQUEST variable via URL |
228 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | 244 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) |
229 # Return a 403 Forbidden | 245 # Return 403 Forbidden header and show the content of the root homepage |
230 RewriteRule ^(.*)$ index.php [F,L] | 246 RewriteRule .* index.php [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
231 # | 247 # |
232 ########## End - Rewrite rules to block out some common exploits | 248 ########## End - Rewrite rules to block out some common exploits |
233 | 249 |
234 ########## Begin - File injection protection, by SigSiu.net | 250 ########## Begin - File injection protection, by SigSiu.net |
235 RewriteCond %{REQUEST_METHOD} GET | 251 RewriteCond %{REQUEST_METHOD} GET |
236 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]\=http:\/\/(.*) | 252 RewriteCond %{QUERY_STRING} [a-z0-9_]=http:// [NC] |
g1smd
2011/03/25 09:18:08
[a-zA-Z] simplifies to [a-z] when used with [NC] f
| |
237 RewriteRule ^(.*)$ - [F,L] | 253 RewriteRule .* - [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
238 ########## End - File injection protection | 254 ########## End - File injection protection |
239 | 255 |
240 ########## Begin - Advanced server protection rules exceptions #### | 256 ########## Begin - Advanced server protection rules exceptions #### |
241 ## | 257 ## |
242 ## These are sample exceptions to the Advanced Server Protection 2.0 | 258 ## These are sample exceptions to the Advanced Server Protection 2.0 |
243 ## rule set further down this file. | 259 ## rule set further down this file. |
244 ## | 260 ## |
245 ## Allow UddeIM CAPTCHA | 261 ## Allow UddeIM CAPTCHA |
246 RewriteRule ^(components/com_uddeim/captcha15\.php)$ $1 [L] | 262 RewriteRule ^components/com_uddeim/captcha15\.php$ - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
247 ## Allow Phil Taylor's Turbo Gears | 263 ## Allow Phil Taylor's Turbo Gears |
248 RewriteRule ^(plugins/system/GoogleGears/gears-manifest\.php) $1 [L] | 264 RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
249 ## Allow JoomlaWorks AllVideos | 265 ## Allow JoomlaWorks AllVideos |
250 RewriteRule ^(plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php) $ 1 [L] | 266 RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php - [ L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
251 ## Allow Admin Tools Joomla! updater to run | 267 ## Allow Admin Tools Joomla! updater to run |
252 RewriteRule ^(administrator/components/com_admintools/restore\.php) $1 [L] | 268 RewriteRule ^administrator/components/com_admintools/restore\.php - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
253 ## Allow Akeeba Backup Professional's integrated restoration script to run | 269 ## Allow Akeeba Backup Professional's integrated restoration script to run |
254 RewriteRule ^(administrator/components/com_akeeba/restore\.php) $1 [L] | 270 RewriteRule ^administrator/components/com_akeeba/restore\.php - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
255 | 271 |
256 # Add more rules to single PHP files here | 272 # Add more rules to single PHP files here |
257 | 273 |
258 ## Allow Agora attachments, but not PHP files in that directory! | 274 ## Allow Agora attachments, but not PHP files in that directory! |
275 RewriteCond %{REQUEST_FILENAME} !(\.php)$ | |
259 RewriteCond %{REQUEST_FILENAME} -f | 276 RewriteCond %{REQUEST_FILENAME} -f |
260 RewriteCond %{REQUEST_FILENAME} !(\.php)$ | 277 RewriteRule ^components/com_agora/img/members/ - [L] |
g1smd
2011/03/25 09:18:08
Don't run the very slow and inefficient file-syste
| |
261 RewriteRule ^(components/com_agora/img/members/.*) $1 [L] | |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
262 | 278 |
263 # Add more rules for allowing full access (except PHP files) on more directories here | 279 # Add more rules for allowing full access (except PHP files) on more directories here |
264 | 280 |
265 ## Uncomment to allow full access to the cache directory (strongly not recommend ed!) | 281 ## Uncomment to allow full access to the cache directory (strongly not recommend ed!) |
266 #RewriteRule ^(cache/.*)$ $1 [L] | 282 #RewriteRule ^cache/ - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
267 ## Uncomment to allow full access to the tmp directory (strongly not recommended !) | 283 ## Uncomment to allow full access to the tmp directory (strongly not recommended !) |
268 #RewriteRule ^(tmp/.*)$ $1 [L] | 284 #RewriteRule ^tmp/ - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
269 | 285 |
270 # Add more full access rules here | 286 # Add more full access rules here |
271 | 287 |
272 ########## End - Advanced server protection rules exceptions #### | 288 ########## End - Advanced server protection rules exceptions #### |
273 | 289 |
274 ########## Begin - Advanced server protection | 290 ########## Begin - Advanced server protection |
275 # Advanced server protection, version 2.0 - August 2010 | 291 # Advanced server protection, version 2.0 - August 2010 |
276 # by Nicholas K. Dionysopoulos | 292 # by Nicholas K. Dionysopoulos |
277 | 293 |
278 ## Referrer filtering for common media files. Replace with your own domain. | 294 ## Referrer filtering for common media files. Replace with your own domain. |
279 ## This blocks most common fingerprinting attacks ;) | 295 ## This blocks most common fingerprinting attacks ;) |
280 ## Note: Change www\.domain\.com with your own domain name, substituting the dot s with | 296 ## Note: Change www\.example\.com with your own domain name, substituting |
281 ## \., i.e.: www\.example\.com for www.example.com | 297 ## the dots with \. i.e. use www\.example\.com for www.example.com |
g1smd
2011/03/25 09:18:08
visual clarity for \. characters.
| |
282 RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l] ?))$ $1 [L] | 298 RewriteRule ^images/stories/([^.]+)\.(jpe?[g2]?|png|gif|bmp|css|js|swf|ico|html? ) - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
g1smd
2011/03/25 21:39:45
The pattern "/stories/*\.(jpe" matches only when t
| |
299 RewriteCond %{HTTP_REFERER} . | |
300 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] | |
g1smd
2011/03/25 09:18:08
Cater for http and https.
| |
283 RewriteCond %{REQUEST_FILENAME} -f | 301 RewriteCond %{REQUEST_FILENAME} -f |
g1smd
2011/03/25 09:18:08
Don't run the very slow and inefficient file-syste
|
g1smd
2011/03/25 09:18:08
Expensive file system read is the last condition,
|
284 RewriteCond %{HTTP_REFERER} !^http://www\.domain\.com [NC] | 302 RewriteRule \.(jpe?[g2]?|png|gif|bmp|css|js|swf|ico|html?)$ - [F] |
g1smd
2011/03/25 09:18:08
Rule fails if REFERER is HTTPS version of own site
| |
285 RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L] | |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
286 | 303 |
287 ## Disallow visual fingerprinting of Joomla! sites (module position dump) | 304 ## Disallow visual fingerprinting of Joomla! sites (module position dump) |
288 ## Initial idea by Brian Teeman and Ken Crowder, see: | 305 ## Initial idea by Brian Teeman and Ken Crowder, see: |
289 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets | 306 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets |
290 ## Improved by @nikosdion to work more efficientyl and handle template | 307 ## Improved by @nikosdion to work more efficiently and handle template |
291 ## and tmpl query parameters | 308 ## and tmpl query parameters |
292 RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC] | 309 RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC] |
293 RewriteRule ^(.*)$ $1 [L] | 310 RewriteRule .* - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
294 RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR] | 311 RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR] |
295 RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR] | 312 RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR] |
296 RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC] | 313 RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC] |
297 RewriteRule ^(.*)$ - [F,L] | 314 RewriteRule .* - [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
298 | 315 |
299 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine | 316 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine |
300 ## your PHP version). See http://www.0php.com/php_easter_egg.php and | 317 ## your PHP version). See http://www.0php.com/php_easter_egg.php and |
301 ## http://osvdb.org/12184 for more information | 318 ## http://osvdb.org/12184 for more information |
302 RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}- [a-z0-9]{12} [NC] | 319 RewriteCond %{QUERY_STRING} PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[ 0-9a-f]{12} [NC] |
g1smd
2011/03/25 09:18:08
Leading "=" says the following is LITERAL, not a p
| |
303 RewriteRule ^(.*)$ - [F,L] | 320 RewriteRule .* - [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
304 | 321 |
305 ## Back-end protection | 322 ## Back-end protection |
306 ## This also blocks fingerprinting attacks browsing for XML and INI files | 323 ## This also blocks fingerprinting attacks browsing for XML and INI files |
307 RewriteRule ^(administrator[/]?)$ administrator/index.php [L] | 324 RewriteRule ^administrator/?$ administrator/index.php [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
308 RewriteRule ^(administrator/index.htm[l]?)$ $1 [L] | 325 RewriteRule ^administrator/index\.(php|html?)$ - [L] |
g1smd
2011/03/25 09:18:08
Literal periods in patterns must be escaped. No ne
| |
309 RewriteRule ^(administrator/index.php)$ $1 [L] | 326 RewriteRule ^administrator/index[23]\.php$ - [L] |
g1smd
2011/03/25 09:18:08
Literal periods in patterns must be escaped. The p
| |
310 RewriteRule ^(administrator/index[2,3].php)$ $1 [L] | 327 RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+) \.(jpe?[g2]?|png|gif|bmp|css|js|swf|html?)$ - [L] |
g1smd
2011/03/25 09:18:08
Literal periods in patterns must be escaped. No ne
| |
311 RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(j pe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L] | 328 RewriteRule ^administrator/ - [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
312 RewriteRule ^administrator/(.*)$ - [F,L] | |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
313 | 329 |
314 ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ d irectory | 330 ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ d irectory |
315 RewriteRule ^(xmlrpc/index\.php)$ $1 [L] | 331 RewriteRule ^xmlrpc/(index\.php)?$ - [L] |
g1smd
2011/03/25 09:18:08
"-" instead of "$1" is faster.
g1smd
2011/03/25 21:39:45
Comment says "allow plain xmlrpc/ directory" but c
|
g1smd
2011/03/25 09:18:08
Allow "/xmlrec/" index page and named "/xmlrpc/ind
g1smd
2011/03/25 21:39:45
Code changed to now do what comment says it should
|
316 RewriteRule ^xmlrpc/(.*)$ - [F,L] | 332 RewriteRule ^xmlrpc/ - [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
317 | 333 |
318 ## Disallow front-end access for certain Joomla! system directories | 334 ## Disallow front-end access for certain Joomla! system directories |
319 RewriteRule ^(includes/js/.*)$ $1 [L] | 335 RewriteRule ^includes/js/ - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
320 RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L] | 336 RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F] |
g1smd
2011/03/25 09:18:08
Trailing .* forces pattern matching to read whole
| |
321 | 337 |
322 ## Allow limited access for certain Joomla! system directories with client-acces sible content | 338 ## Allow limited access for certain Joomla! system directories with client-acces sible content |
323 RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bm p|css|js|swf|ico|htm[l]?))$ $1 [L] | 339 RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jpe?[g2]?|png|gif| bmp|css|js|swf|ico|html?)$ - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
324 RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L] | 340 RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
325 RewriteRule ^(templates/.*\.php)$ $1 [L] | 341 RewriteRule ^templates/([^.]+)\.php$ - [L] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
326 RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L] | 342 RewriteRule ^(components|modules|plugins|templates)/.+ - [F] |
g1smd
2011/03/25 09:18:08
Trailing .* forces pattern matching to read whole
| |
343 ## Changed above patterns to allow both /folder/ and /folder/index.php requests for JA Purity II | |
327 | 344 |
328 ## Disallow access to htaccess.txt and configuration.php-dist | 345 ## Disallow access to htaccess.txt, configuration.php, configuration.php-dist an d php.ini |
329 RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L] | 346 RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F] |
g1smd
2011/03/25 09:18:08
[F] implies [L]. Omit [L].
|
g1smd
2011/03/25 09:18:08
Match both configuration.php and configuration.php
|
330 | 347 |
331 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ | 348 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ |
332 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html | 349 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html |
333 ## May cause problems on legitimate requests | 350 ## May cause problems on legitimate requests |
334 RewriteCond %{QUERY_STRING} concat.*\( [NC,OR] | 351 RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] |
g1smd
2011/03/25 09:18:08
The .* forces multiple backoff and retry attempts.
| |
335 RewriteCond %{QUERY_STRING} union.*select.*\( [NC,OR] | 352 RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR] |
g1smd
2011/03/25 09:18:08
The .* forces multiple backoff and retry attempts.
| |
336 RewriteCond %{QUERY_STRING} union.*all.*select.* [NC] | 353 RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC] |
g1smd
2011/03/25 09:18:08
The .* forces multiple backoff and retry attempts.
| |
337 RewriteRule ^(.*)$ - [F,L] | 354 RewriteRule .* - [F] |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
338 | 355 |
339 ########## End - Advanced server protection | 356 ########## End - Advanced server protection |
340 | 357 |
341 ########## Begin - Basic antispam Filter, by SigSiu.net | 358 ########## Begin - Basic antispam Filter, by SigSiu.net |
342 ## I removed some common words, tweak to your liking | 359 ## I removed some common words, tweak to your liking |
343 RewriteCond %{query_string} \bviagra\b [NC,OR] | 360 ## This code uses PCRE and works only with Apache 2.x.· |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
|
g1smd
2011/03/25 09:18:08
Useful note.
|
344 RewriteCond %{query_string} \bambien\b [NC,OR] | 361 ## This code will NOT work with Apache 1.x servers. |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
| |
345 RewriteCond %{query_string} \bblue\spill\b [NC,OR] | 362 RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erec tile)\b [NC,OR] |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
| |
346 RewriteCond %{query_string} \bcialis\b [NC,OR] | 363 RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitr a|libido)\b [NC,OR] |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
| |
347 RewriteCond %{query_string} \bcocaine\b [NC,OR] | 364 RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|t royhamby)\b [NC,OR] |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
| |
348 RewriteCond %{query_string} \bejaculation\b [NC,OR] | 365 RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxai eo)\b [NC] |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
|
g1smd
2011/03/25 09:18:08
Local OR parses faster.
|
349 RewriteCond %{query_string} \berectile\b [NC,OR] | 366 ## Note: The final RewriteCond must NOT use the [OR] flag. |
350 RewriteCond %{query_string} \berections\b [NC,OR] | 367 RewriteRule .* - [F] |
g1smd
2011/03/25 09:18:08
%{QUERY_STRING} not %{query_string}
|
g1smd
2011/03/25 09:18:08
.* instead of (.*)
|
351 RewriteCond %{query_string} \bhoodia\b [NC,OR] | |
352 RewriteCond %{query_string} \bhuronriveracres\b [NC,OR] | |
353 RewriteCond %{query_string} \bimpotence\b [NC,OR] | |
354 RewriteCond %{query_string} \blevitra\b [NC,OR] | |
355 RewriteCond %{query_string} \blibido\b [NC,OR] | |
356 RewriteCond %{query_string} \blipitor\b [NC,OR] | |
357 RewriteCond %{query_string} \bphentermin\b [NC,OR] | |
358 RewriteCond %{query_string} \bprosac\b [NC,OR] | |
359 RewriteCond %{query_string} \bsandyauer\b [NC,OR] | |
360 RewriteCond %{query_string} \btramadol\b [NC,OR] | |
361 RewriteCond %{query_string} \btroyhamby\b [NC,OR] | |
362 RewriteCond %{query_string} \bultram\b [NC,OR] | |
363 RewriteCond %{query_string} \bunicauca\b [NC,OR] | |
364 RewriteCond %{query_string} \bvalium\b [NC,OR] | |
365 RewriteCond %{query_string} \bviagra\b [NC,OR] | |
g1smd
2011/03/25 21:39:45
Duplicate entry.
| |
366 RewriteCond %{query_string} \bvicodin\b [NC,OR] | |
367 RewriteCond %{query_string} \bxanax\b [NC,OR] | |
368 RewriteCond %{query_string} \bypxaieo\b [NC] | |
369 RewriteRule ^(.*)$ - [F,L] | |
g1smd
2011/03/25 09:18:08
No need to create backreference that isn't going t
| |
370 ########## End - Basic antispam Filter, by SigSiu.net | 368 ########## End - Basic antispam Filter, by SigSiu.net |
371 | 369 |
372 ########## Begin - Joomla! core SEF Section | 370 ########## Begin - Joomla! core SEF Section |
373 # | 371 # |
374 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] | 372 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] |
375 RewriteCond %{REQUEST_URI} !^/index.php | 373 # |
g1smd
2011/03/25 21:39:45
Literal periods in patterns must be escaped.
| |
376 RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|\.ini|\.zip| \.json|/[^.]*)$ [NC] | 374 # If the requested path and file is not /index.php and the request |
g1smd
2011/03/25 09:18:08
Why "find" the period nine times when you can find
| |
375 # has not already been internally rewritten to the index.php script | |
376 RewriteCond %{REQUEST_URI} !^/index\.php | |
377 # and the request is for the site root, or for an extensionless URL, | |
378 # or the requested URL ends with one of the listed extensions | |
379 RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip|json))$ [NC ] | |
g1smd
2011/03/25 09:18:08
Find root or extensionless. If it fails then find
| |
380 # and the requested path and file doesn't directly match a physical file | |
377 RewriteCond %{REQUEST_FILENAME} !-f | 381 RewriteCond %{REQUEST_FILENAME} !-f |
382 # and the requested path doesn't directly match a physical folder | |
378 RewriteCond %{REQUEST_FILENAME} !-d | 383 RewriteCond %{REQUEST_FILENAME} !-d |
379 RewriteRule (.*) index.php [L] | 384 # internally rewrite the request to the index.php script |
385 RewriteRule .* index.php [L] | |
380 # | 386 # |
381 ########## End - Joomla! core SEF Section | 387 ########## End - Joomla! core SEF Section |
OLD | NEW |