Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(30)

Side by Side Diff: joomla-master-htaccess.txt

Issue 4290071: Joomla master .htaccess - differences 2.4.1 - 3.0.a / 2.4.3 - 3.0.a Base URL: http://joomla-master-htaccess.googlecode.com/svn/trunk/
Patch Set: 2.4.3 - 3.0.a Created 3 years ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ############################################################################### 1 ###############################################################################
2 ## The Master .htaccess 2 ## The Master .htaccess
3 ## 3 ##
4 ## Version 2.4 (proposed) - April 2nd, 2011 4 ## Version 3 - March 28th, 2010
5 ## 5 ##
6 ## ---------- 6 ## ----------
7 ## This file is designed to be the template .htaccess file to put on your new 7 ## This file is designed to be the template .htaccess file to put on your new
8 ## sites, increasing your site's security and performance. It is not meant to 8 ## sites, increasing your site's security and performance. It is not meant to
9 ## be just dropped in your site, though. You should go through all of its 9 ## be just dropped in your site, though. You should go through all of its
10 ## sections and modify it to match your site. Most notably, all instances of 10 ## sections and modify it to match your site. Most notably, all instances of
11 ## example.com and example\.com should be replaced with your real domain name. 11 ## domain.com and domain\.com should be replaced with your real domain name.
g1smd 2011/04/03 10:29:30 example.com and example\.com
12 ## 12 ##
13 ## Some sections are too picky and may cause problems with legitimate requests. 13 ## Some sections are too picky and may cause problems with legitimate requests.
14 ## You are ultimately responsible for disabling them or writing exception rules 14 ## You are ultimately responsible for disabling them or writing exception rules
15 ## for your requests. Most notably, the advanced server protection section will 15 ## for your requests. Most notably, the advanced server protection section will
16 ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten- 16 ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten-
17 ## sions which use non-standard scripts as their entry points. You must add 17 ## sions which use non-standard scripts as their entry points. You must add
18 ## exceptions for them manually. 18 ## exceptions for them manually.
19 ## 19 ##
20 ## Some sections - depending on your server configuration - may cause your site 20 ## Some sections - depending on your server configuration - may cause your site
21 ## to throw 500 Internal Server Error. The only way to figure out which one is 21 ## to throw 500 Internal Server Error. The only way to figure out which one is
(...skipping 16 matching lines...) Expand all
38 ## 38 ##
39 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html 39 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html
40 ## ---------------------------------------------------------------------- 40 ## ----------------------------------------------------------------------
41 ## 41 ##
42 ## Have fun, stay safe. 42 ## Have fun, stay safe.
43 ## 43 ##
44 ## Nicholas K. Dionysopoulos 44 ## Nicholas K. Dionysopoulos
45 ## Lead Developer, AkeebaBackup.com 45 ## Lead Developer, AkeebaBackup.com
46 ## 46 ##
47 ## CHANGELOG: 47 ## CHANGELOG:
48 ## Version 2.4 (proposed) (April 2nd, 2011) 48 ## Version 3.0 (March 28th, 2011)
49 ## - Dozens of speed optimisations and many logic and syntax corrections. 49 ## - Massive rewrite
50 ## Version 2.3 (November 18th, 2010) 50 ## Version 2.3 (November 18th, 2010)
51 ## - Added .ico to the pass-through rules, for favicons to load 51 ## - Added .ico to the pass-through rules, for favicons to load
52 ## Version 2.2 (October 25th, 2010) 52 ## Version 2.2 (October 25th, 2010)
53 ## - Bug in the tmpl=component rule 53 ## - Bug in the tmpl=component rule
54 ## Version 2.1 (October 19th, 2010) 54 ## Version 2.1 (October 19th, 2010)
55 ## - index.php to root redirection would kill some AJAX requests 55 ## - index.php to root redirection would kill some AJAX requests
56 ## - Referer filtering was screwed up 56 ## - Referer filtering was screwed up
57 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!) 57 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!)
58 ## - The tp/template/tmpl filter was not thorough and killed some components 58 ## - The tp/template/tmpl filter was not thorough and killed some components
59 ## - Optimized Joomla! core SEF section 59 ## - Optimized Joomla! core SEF section
60 ## - Bot filters and GZip optimization would never run for dynamic content 60 ## - Bot filters and GZip optimization would never run for dynamic content
61 ## - Content expiration optimization got more optimized 61 ## - Content expiration optimization got more optimized
62 ## - Added ETag rule 62 ## - Added ETag rule
63 ## 63 ##
64 ############################################################################### 64 ###############################################################################
65 65
66 ########## Begin - RewriteEngine enabled 66 ########## Begin - RewriteEngine enabled
67 RewriteEngine On 67 RewriteEngine On
68 ########## End - RewriteEngine enabled 68 ########## End - RewriteEngine enabled
69 69
70 ########## Begin - RewriteBase 70 ########## Begin - RewriteBase
71 # Uncomment following line if your webserver's URL 71 # Uncomment following line if your webserver's URL
72 # is not directly related to physical file paths. 72 # is not directly related to physical file paths.
73 # Update Your Joomla! Directory (just / for root) 73 # Update Your Joomla! Directory (just / for root)
74 74
75 # RewriteBase / 75 # RewriteBase /
76 ########## End - RewriteBase 76 ########## End - RewriteBase
77 77
78 ########## Begin - No directory listings 78 ########## Begin - No directory listings
79 ## Note: +FollowSymlinks may cause problems and you might have to remove it 79 ## Note: +FollowSymlinks may cause problems and you might have to remove it
80 IndexIgnore * 80 IndexIgnore *
81 Options +FollowSymLinks All -Indexes 81 Options +FollowSymLinks All -Indexes
82 ########## End - No directory listings 82 ########## End - No directory listings
83 83
84 ########## Begin - File execution order, by Komra.de 84 ########## Begin - File exection order, by Komra.de
g1smd 2011/04/03 10:29:30 Spelling.
85 DirectoryIndex index.php index.html 85 DirectoryIndex index.php index.html
86 ########## End - File execution order 86 ########## End - File exection order
g1smd 2011/04/03 10:29:30 Spelling.
87 87
88 ########## Begin - ETag Optimization 88 ########## Begin - ETag Optimization
89 ## This rule will create an ETag for files based only on the modification 89 ## This rule will create an ETag for files based only on the modification
90 ## timestamp and their size. This works wonders if you are using rsync'ed 90 ## timestamp and their size. This works wonders if you are using rsync'ed
91 ## servers, where the inode number of identical files differs. 91 ## servers, where the inode number of identical files differs.
92 ## Note: It may cause problems on your server and you may need to remove it 92 ## Note: It may cause problems on your server and you may need to remove it
93 FileETag MTime Size 93 FileETag MTime Size
94 ########## End - ETag Optimization 94 ########## End - ETag Optimization
95 95
96 ########## Begin - Optimal default expiration time 96 ########## Begin - Optimal default expiration time
97 ## Note: this might cause problems and you might have to comment it out by 97 ## Note: this might cause problems and you might have to comment it out by
98 ## placing a hash in front of this section's lines 98 ## placing a hash in front of this section's lines
99 ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year ".
g1smd 2011/04/03 10:29:30 http://www.webmasterworld.com/apache/4118917.htm#m
100 ## Suit to taste.
99 <IfModule mod_expires.c> 101 <IfModule mod_expires.c>
100 # Enable expiration control 102 # Enable expiration control
101 ExpiresActive On 103 ExpiresActive On
102 104
103 # Default expiration: 1 hour after request 105 # Default expiration: 1 hour after request
104 ExpiresDefault "now plus 1 hour" 106 ExpiresDefault "now plus 1 hour"
105 107 »
106 # CSS and JS expiration: 1 week after request 108 # CSS and JS expiration: 1 week after request
107 ExpiresByType text/css "now plus 1 week" 109 ExpiresByType text/css "now plus 1 week"
108 ExpiresByType application/javascript "now plus 1 week" 110 ExpiresByType application/javascript "now plus 1 week"
109 ExpiresByType application/x-javascript "now plus 1 week" 111 ExpiresByType application/x-javascript "now plus 1 week"
110 112 »
111 » # Image files expiration: 1 month after request 113 » # Image files expiration: 1 year after request
112 » ExpiresByType image/bmp "now plus 1 month" 114 » ExpiresByType image/bmp "now plus 1 year"
113 » ExpiresByType image/gif "now plus 1 month" 115 » ExpiresByType image/gif "now plus 1 year"
114 » ExpiresByType image/jpeg "now plus 1 month" 116 » ExpiresByType image/jpeg "now plus 1 year"
115 » ExpiresByType image/jp2 "now plus 1 month" 117 » ExpiresByType image/jp2 "now plus 1 year"
116 » ExpiresByType image/pipeg "now plus 1 month" 118 » ExpiresByType image/pipeg "now plus 1 year"
117 » ExpiresByType image/png "now plus 1 month" 119 » ExpiresByType image/png "now plus 1 year"
118 » ExpiresByType image/svg+xml "now plus 1 month" 120 » ExpiresByType image/svg+xml "now plus 1 year"
119 » ExpiresByType image/tiff "now plus 1 month" 121 » ExpiresByType image/tiff "now plus 1 year"
120 » ExpiresByType image/vnd.microsoft.icon "now plus 1 month" 122 » ExpiresByType image/vnd.microsoft.icon "now plus 1 year"
121 » ExpiresByType image/x-icon "now plus 1 month" 123 » ExpiresByType image/x-icon "now plus 1 year"
122 » ExpiresByType image/ico "now plus 1 month" 124 » ExpiresByType image/ico "now plus 1 year"
123 » ExpiresByType image/icon "now plus 1 month" 125 » ExpiresByType image/icon "now plus 1 year"
124 » ExpiresByType text/ico "now plus 1 month" 126 » ExpiresByType text/ico "now plus 1 year"
125 » ExpiresByType application/ico "now plus 1 month" 127 » ExpiresByType application/ico "now plus 1 year"
126 » ExpiresByType image/vnd.wap.wbmp "now plus 1 month" 128 » ExpiresByType image/vnd.wap.wbmp "now plus 1 year"
127 » ExpiresByType application/vnd.wap.wbxml "now plus 1 month" 129 » ExpiresByType application/vnd.wap.wbxml "now plus 1 year"
128 » ExpiresByType application/smil "now plus 1 month" 130 » ExpiresByType application/smil "now plus 1 year"
129 131 »
130 » # Audio files expiration: 1 month after request 132 » # Audio files expiration: 1 year after request
131 » ExpiresByType audio/basic "now plus 1 month" 133 » ExpiresByType audio/basic "now plus 1 year"
132 » ExpiresByType audio/mid "now plus 1 month" 134 » ExpiresByType audio/mid "now plus 1 year"
133 » ExpiresByType audio/midi "now plus 1 month" 135 » ExpiresByType audio/midi "now plus 1 year"
134 » ExpiresByType audio/mpeg "now plus 1 month" 136 » ExpiresByType audio/mpeg "now plus 1 year"
135 » ExpiresByType audio/x-aiff "now plus 1 month" 137 » ExpiresByType audio/x-aiff "now plus 1 year"
136 » ExpiresByType audio/x-mpegurl "now plus 1 month" 138 » ExpiresByType audio/x-mpegurl "now plus 1 year"
137 » ExpiresByType audio/x-pn-realaudio "now plus 1 month" 139 » ExpiresByType audio/x-pn-realaudio "now plus 1 year"
138 » ExpiresByType audio/x-wav "now plus 1 month" 140 » ExpiresByType audio/x-wav "now plus 1 year"
139 141 »
140 » # Movie files expiration: 1 month after request 142 » # Movie files expiration: 1 year after request
141 » ExpiresByType application/x-shockwave-flash "now plus 1 month" 143 » ExpiresByType application/x-shockwave-flash "now plus 1 year"
142 » ExpiresByType x-world/x-vrml "now plus 1 month" 144 » ExpiresByType x-world/x-vrml "now plus 1 year"
143 » ExpiresByType video/x-msvideo "now plus 1 month" 145 » ExpiresByType video/x-msvideo "now plus 1 year"
144 » ExpiresByType video/mpeg "now plus 1 month" 146 » ExpiresByType video/mpeg "now plus 1 year"
145 » ExpiresByType video/mp4 "now plus 1 month" 147 » ExpiresByType video/mp4 "now plus 1 year"
146 » ExpiresByType video/quicktime "now plus 1 month" 148 » ExpiresByType video/quicktime "now plus 1 year"
147 » ExpiresByType video/x-la-asf "now plus 1 month" 149 » ExpiresByType video/x-la-asf "now plus 1 year"
148 » ExpiresByType video/x-ms-asf "now plus 1 month" 150 » ExpiresByType video/x-ms-asf "now plus 1 year"
149 </IfModule> 151 </IfModule>
150 ########## End - Optimal expiration time 152 ########## End - Optimal expiration time
151 153
152 ########## Begin - Common hacking tools and bandwidth hoggers block 154 ########## Begin - Common hacking tools and bandwidth hoggers block
153 ## By SigSiu.net and @nikosdion. 155 ## By SigSiu.net and @nikosdion.
154 # This line also disables Akeeba Remote Control 2.5 and earlier 156 # This line also disables Akeeba Remote Control 2.5 and earlier
155 SetEnvIf user-agent "Indy Library" stayout=1 157 SetEnvIf user-agent "Indy Library" stayout=1
156 # WARNING: Disabling wget will also block the most common method for 158 # WARNING: Disabling wget will also block the most common method for
157 # running CRON jobs. Remove if you have issues with CRON jobs. 159 # running CRON jobs. Remove if you have issues with CRON jobs.
158 SetEnvIf user-agent "Wget" stayout=1 160 SetEnvIf user-agent "Wget" stayout=1
(...skipping 13 matching lines...) Expand all
172 ########## Begin - Automatic compression of resources 174 ########## Begin - Automatic compression of resources
173 # Compress text, html, javascript, css, xml, kudos to Komra.de 175 # Compress text, html, javascript, css, xml, kudos to Komra.de
174 # May kill access to your site for old versions of Internet Explorer 176 # May kill access to your site for old versions of Internet Explorer
175 # The server needs to be compiled with mod_deflate otherwise it will send HTTP 5 00 Error. 177 # The server needs to be compiled with mod_deflate otherwise it will send HTTP 5 00 Error.
176 # mod_deflate is not available on Apache 1.x series. Can only be used with Apach e 2.x server. 178 # mod_deflate is not available on Apache 1.x series. Can only be used with Apach e 2.x server.
177 # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the futur e. 179 # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the futur e.
178 AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application /xml application/xhtml+xml application/rss+xml application/javascript applicatio n/x-javascript 180 AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application /xml application/xhtml+xml application/rss+xml application/javascript applicatio n/x-javascript
179 ########## End - Automatic compression of resources 181 ########## End - Automatic compression of resources
180 182
181 ########## Begin - Google Apps redirection, by Komra.de 183 ########## Begin - Google Apps redirection, by Komra.de
182 RewriteRule ^mail http://mail.google.com/a/example.com [R=301,L] 184 Redirect 301 /mail http://mail.google.com/a/domain.com
g1smd 2011/04/03 10:29:30 Don't mix Redirect and RewriteRule in the same sit
185 # If the above doesn't work on your server, try this:
186 # RewriteRule ^mail http://mail.google.com/a/domain.com [R=301,L]
183 ########## End - Google Apps redirection 187 ########## End - Google Apps redirection
184 188
185 ########## Begin - Redirect index.html~htm to / for root and /path/ for folders 189 ########## Begin - Redirect index.php to /
186 ## Note: Change example.com to reflect your own domain name 190 ## Note: Change domain.com to reflect your own domain
187 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.html?\ HTTP/
188 RewriteRule ^(([^/]+/)*)index\.html?$ http://www.example.com/$1 [R=301,L]
189 ########## End - Redirect index.html~htm to / for root and /path/ for folders
190
191 ########## Begin - Redirect index.php to / for root and /path/ for folders
192 ## Note: Change example.com to reflect your own domain name
193 RewriteCond %{THE_REQUEST} !^POST 191 RewriteCond %{THE_REQUEST} !^POST
194 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/ 192 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
195 RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ 193 RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
196 RewriteRule ^(([^/]+/)*)index\.php$ http%2://www.example.com/$1 [R=301,L] 194 RewriteRule ^index\.php$ http%2://www.domain.com/ [R=301,L]
197 # If the above line throws a 500 error, change [R=301,L] to [R,L] 195 # If the above line throws a 500 error, try this instead:
198 ########## End - Redirect index.php to / for root and /path/ for folders 196 # RewriteRule ^index\.php$ http%2://www.domain.com/ [R,L]
g1smd 2011/04/03 10:29:30 Simpler note: "If the above line throws a 500 erro
197 ########## End - Redirect index.php to /
199 198
200 ########## Begin - Redirect non-www to www 199 ########## Begin - Redirect non-www to www
201 ## Note: Change www.example.com to reflect your own domain name 200 RewriteCond %{HTTP_HOST} !^www\. [NC]
202 RewriteCond %{HTTP_HOST} !^(www\.example\.com)?$ 201 RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
g1smd 2011/04/03 10:29:30 [R=301,L]
g1smd 2011/04/03 10:29:30 ^ and $ not required.
203 RewriteRule (.*) http://www.example.com/$1 [R=301,L]
204 ########## End - Redirect non-www to www 202 ########## End - Redirect non-www to www
205 203
206 ########## Begin - Redirect www to non-www 204 ########## Begin - Redirect www to non-www
207 ## WARNING: Comment out the non-www to www rule if you choose to use this 205 ## WARNING: Comment out the non-www to www rule if you choose to use this
208 # RewriteCond %{HTTP_HOST} !^(example\.com)?$ 206 #RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
209 # RewriteRule (.*) http://example.com/$1 [R=301,L] 207 #RewriteRule ^(.*)$ http://%1/$1 [R,L]
g1smd 2011/04/03 10:29:30 [R=301,L]
g1smd 2011/04/03 10:29:30 ^ and $ not required.
210 ########## End - Redirect non-www to www 208 ########## End - Redirect non-www to www
211 209
212 ########## Begin - Redirect (www.)olddomain.com to www.example.com 210 ########## Begin - Redirect (www.)olddomain.com to www.domain.com
213 ## Note: olddomain.com is your old domain name, you want to redirect FROM, 211 ## Note: olddomain.com is your old domain name, you want to redirect FROM,
214 ## whereas www.example.com is the new domain name you want to redirect TO. 212 ## whereas www.domain.com is the new domain name you want to redirect TO.
215 ## Change those names to reflect your current configuration. Remember, this 213 ## Change those names to reflect your current configuration. Remember, this
216 ## small part of the file is supposed to be placed in olddomain.com! 214 ## file is supposed to be placed in www.domain.com!
g1smd 2011/04/03 10:29:30 If the file is placed in www.domain.com then it wi
217 ## Note: Replace [R=301,L] with [R,L] if you get error 500. 215 ## Note: Replace [L=301,R] with [L,R] if you get error 500.
g1smd 2011/04/03 10:29:30 Correction: "Note: Replace [R=301,L] with [R,L] if
218 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC] 216 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC]
g1smd 2011/04/03 10:29:30 Escape literal periods.
219 RewriteRule ^(([^/]+/)*)index\.(php|html?) http://www.example.com/$1 [R=301,L] 217 RewriteRule ^index\.php$ http://www.domain.com/ [L=301,R]
g1smd 2011/04/03 10:29:30 [L=301,R] should be [R=301,L]
220 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC] 218 RewriteCond %{HTTP_HOST} ^(www\.)?olddomain.com [NC]
g1smd 2011/04/03 10:29:30 Escape literal periods.
221 RewriteRule (.*) http://www.example.com/$1 [R=301,L] 219 RewriteRule ^(.*)$ http://www.domain.com/$1 [L=301,R]
g1smd 2011/04/03 10:29:30 [L=301,R] should be [R=301,L]
g1smd 2011/04/03 10:29:30 ^ and $ not required.
222 ## Note: The above section is only required if you are changing your domain name . 220 ########## End - Redirect olddomain.com to www.domain.com
223 ########## End - Redirect (www.)olddomain.com to www.example.com
224 221
225 ########## Begin - Force HTTPS for certain pages 222 ########## Begin - Force HTTPS for certain pages
226 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says. 223 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says.
227 # This line is required for this rule to work properly 224 # This line is required for this rule to work properly
228 RewriteCond %{SERVER_PORT} !^443$ 225 RewriteCond %{HTTPS} ^off$ [NC]
229 # This is a sample redirection for foobar.html. Do note that you have to change 226 # This is a sample redirection for foobar.html. Do note that you have to change
230 # www.example.com to reflect your own domain. Remember to escape the dots using 227 # www.domain.com to reflect your own domain. Remember to escape the dots using
231 # \. in the left hand side of each rule. 228 # \. in the left hand side of each rule.
232 RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [R=301,L] 229 RewriteRule ^foobar\.html$ https://www.domain.com/foobar.html [L,R]
g1smd 2011/04/03 10:29:30 [R=301,L]
233 # Add more rules below this line as required 230 # Add mode rules below this line
g1smd 2011/04/03 10:29:30 mode -> more
234 ########## End - Force HTTPS for certain pages 231 ########## End - Force HTTPS for certain pages
235 232
236 ########## Begin - Rewrite rules to block out some common exploits 233 ########## Begin - Rewrite rules to block out some common exploits
237 ## If you experience problems on your site block out the operations listed below 234 ## If you experience problems on your site block out the operations listed below
238 ## This attempts to block the most common type of exploit `attempts` to Joomla! 235 ## This attempts to block the most common type of exploit `attempts` to Joomla!
239 # 236 #
240 # If the request query string contains /proc/self/environ (by SigSiu.net) 237 # If the request contains /proc/self/environ (by SigSiu.net)
g1smd 2011/04/03 10:29:30 Clarification: If the request _query string_ conta
241 RewriteCond %{QUERY_STRING} proc/self/environ [OR] 238 RewriteCond %{QUERY_STRING} proc/self/environ [OR]
242 # Block out any script trying to set a mosConfig value through the URL 239 # Legacy configuration variable injection
g1smd 2011/04/03 10:29:30 # Block out any script trying to set a mosConfig v
243 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] 240 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
244 # Block out any script trying to base64_encode or base64_decode data within the URL 241 # Block out any script trying to base64_encode stuff to send via URL
g1smd 2011/04/03 10:29:30 stuff to send via URL -> data within the URL
245 RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR] 242 RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
g1smd 2011/04/03 10:29:30 No idea why a combined rule would fail. This is ba
243 # Block out any script trying to base64_decode stuff to send via URL
g1smd 2011/04/03 10:29:30 stuff to send via URL -> data within the URL
244 RewriteCond %{QUERY_STRING} base64_decode[^(]*\([^)]*\) [OR]
246 # Block out any script that includes a <script> tag in URL 245 # Block out any script that includes a <script> tag in URL
247 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] 246 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
248 # Block out any script trying to set a PHP GLOBALS variable via URL 247 # Block out any script trying to set a PHP GLOBALS variable via URL
249 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] 248 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
250 # Block out any script trying to modify a _REQUEST variable via URL 249 # Block out any script trying to modify a _REQUEST variable via URL
251 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 250 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
252 # Return 403 Forbidden header and show the content of the root homepage 251 # Return a 403 Forbidden
g1smd 2011/04/03 10:29:30 # Return 403 Forbidden header and show the content
253 RewriteRule .* index.php [F] 252 RewriteRule .* index.php [F]
254 # 253 #
255 ########## End - Rewrite rules to block out some common exploits 254 ########## End - Rewrite rules to block out some common exploits
256 255
257 ########## Begin - File injection protection, by SigSiu.net 256 ########## Begin - File injection protection, by SigSiu.net
258 RewriteCond %{REQUEST_METHOD} GET 257 RewriteCond %{REQUEST_METHOD} GET
259 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] 258 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
260 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.\//?)+ [OR] 259 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.\/{1,2}){1,} [OR]
261 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] 260 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]/{1,2}){1,} [NC]
g1smd 2011/04/03 10:29:30 Nice set of extra rules. Unusual use of /{1,2}. I'
262 RewriteRule .* - [F] 261 RewriteRule .* - [F]
263 ########## End - File injection protection 262 ########## End - File injection protection
264 263
265 ########## Begin - Advanced server protection rules exceptions #### 264 ########## Begin - Advanced server protection rules exceptions ####
266 ## 265 ##
267 ## These are sample exceptions to the Advanced Server Protection 3.0 266 ## These are sample exceptions to the Advanced Server Protection 3.0
268 ## rule set further down this file. 267 ## rule set further down this file.
269 ## 268 ##
270 ## Allow UddeIM CAPTCHA 269 ## Allow UddeIM CAPTCHA
271 RewriteRule ^components/com_uddeim/captcha15\.php$ - [L] 270 RewriteRule ^components/com_uddeim/captcha15\.php$ - [L]
(...skipping 25 matching lines...) Expand all
297 # Add more full access rules here 296 # Add more full access rules here
298 297
299 ########## End - Advanced server protection rules exceptions #### 298 ########## End - Advanced server protection rules exceptions ####
300 299
301 ########## Begin - Advanced server protection 300 ########## Begin - Advanced server protection
302 # Advanced server protection, version 2.0 - August 2010 301 # Advanced server protection, version 2.0 - August 2010
303 # by Nicholas K. Dionysopoulos 302 # by Nicholas K. Dionysopoulos
304 303
305 ## Referrer filtering for common media files. Replace with your own domain. 304 ## Referrer filtering for common media files. Replace with your own domain.
306 ## This blocks most common fingerprinting attacks ;) 305 ## This blocks most common fingerprinting attacks ;)
307 ## Note: Change www\.example\.com with your own domain name, substituting 306 ## Note: Change www\.domain\.com with your own domain name, substituting the dot s with
308 ## the dots with \. i.e. use www\.example\.com for www.example.com 307 ## \., i.e.: www\.example\.com for www.example.com
g1smd 2011/04/03 10:29:30 Not clear to read the \. part.
309 RewriteRule ^images/stories/([^.]+)\.(jpe?[g2]?|png|gif|bmp|css|js|swf|ico|html? )$ - [L] 308 RewriteRule ^images/stories/([^.]+)\.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|htm l?)$ - [L]
g1smd 2011/04/03 10:29:30 jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
310 RewriteCond %{HTTP_REFERER} . 309 RewriteCond %{HTTP_REFERER} .
311 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] 310 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?domain\.com [NC]
312 RewriteCond %{REQUEST_FILENAME} -f 311 RewriteCond %{REQUEST_FILENAME} -f
313 RewriteRule \.(jpe?[g2]?|png|gif|bmp|css|js|swf|ico|html?)$ - [F] 312 RewriteRule \.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|ico|html?)$ - [F]
g1smd 2011/04/03 10:29:30 jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
314 313
315 ## Disallow visual fingerprinting of Joomla! sites (module position dump) 314 ## Disallow visual fingerprinting of Joomla! sites (module position dump)
316 ## Initial idea by Brian Teeman and Ken Crowder, see: 315 ## Initial idea by Brian Teeman and Ken Crowder, see:
317 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets 316 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets
318 ## Improved by @nikosdion to work more efficiently and handle template 317 ## Improved by @nikosdion to work more efficiently and handle template
319 ## and tmpl query parameters 318 ## and tmpl query parameters
320 RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC] 319 RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC]
321 RewriteRule .* - [L] 320 RewriteRule .* - [L]
322 RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC] 321 RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC,OR]
g1smd 2011/04/03 10:29:30 [NC,OR] -> [NC]
323 RewriteRule .* - [F] 322 RewriteRule .* - [F]
324 323
325 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine 324 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
326 ## your PHP version). See http://www.0php.com/php_easter_egg.php and 325 ## your PHP version). See http://www.0php.com/php_easter_egg.php and
327 ## http://osvdb.org/12184 for more information 326 ## http://osvdb.org/12184 for more information
328 RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4} -[0-9a-f]{12} [NC] 327 RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4} -[a-f0-9]{12} [NC]
329 RewriteRule .* - [F] 328 RewriteRule .* - [F]
330 329
331 ## Back-end protection 330 ## Back-end protection
332 ## This also blocks fingerprinting attacks browsing for XML and INI files 331 ## This also blocks fingerprinting attacks browsing for XML and INI files
333 RewriteRule ^administrator/?$ - [L] 332 RewriteRule ^administrator/?$ - [L]
334 RewriteRule ^administrator/index\.(php|html?)$ - [L] 333 RewriteRule ^administrator/index.html?$ - [L]
g1smd 2011/04/03 10:29:30 Escape literal periods.
335 RewriteRule ^administrator/index[23]\.php$ - [L] 334 RewriteRule ^administrator/index2?.php$ - [L]
g1smd 2011/04/03 10:29:30 Escape literal periods.
336 RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+) \.(jpe?[g2]?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx ?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [L] 335 RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^.]+) \.(jp(eg|g|2)?|png|gif|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|d ocx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
g1smd 2011/04/03 10:29:30 jp(eg|g|2)? simplifies to jp(e?g|2)? or jpe?[g2]?
g1smd 2011/04/03 10:29:30 mp(e|eg|3|4) simplifies to mp(eg?|[34])
g1smd 2011/04/03 10:29:30 og(g|v) simplifies to og[gv]
g1smd 2011/04/03 10:29:30 od(t|s|p) simplifies to od[tsp]
337 RewriteRule ^administrator/ - [F] 336 RewriteRule ^administrator/ - [F]
338 337
339 ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ d irectory 338 ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ d irectory
340 RewriteRule ^xmlrpc/(index\.php)?$ - [L] 339 RewriteRule ^xmlrpc/(index\.php)?$ - [L]
341 RewriteRule ^xmlrpc/ - [F] 340 RewriteRule ^xmlrpc/ - [F]
342 341
343 ## Disallow front-end access for certain Joomla! system directories 342 ## Disallow front-end access for certain Joomla! system directories
344 RewriteRule ^includes/js/ - [L] 343 RewriteRule ^includes/js/ - [L]
345 RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F] 344 RewriteRule ^(cache|includes|language|libraries|logs|tmp)/? - [F]
346 345
347 ## Allow limited access for certain Joomla! system directories with client-acces sible content 346 ## Allow limited access for certain Joomla! system directories with client-acces sible content
348 RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jpe?[g2]?|png|gif| bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|x ps|txt|7z|svg|od[tsp]|flv|mov)$ - [L] 347 RewriteRule ^(components|modules|plugins|templates)/([^.]+)\.(jp(eg|g|2)?|png|gi f|bmp|css|js|swf|html?|mp(e|eg|3|4)|avi|wav|og(g|v)|xlsx?|docx?|pptx?|zip|rar|pd f|xps|txt|7z|svg|od(t|s|p)|flv|mov)$ - [L]
g1smd 2011/04/03 10:29:30 Simplifications as above.
349 RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)? - [L] 348 RewriteRule ^(components|modules|plugins|templates)/([^.]+)/index\.php(.*)$ - [L ]
g1smd 2011/04/03 10:29:30 ([^/]+/)* is "not a slash, one or more times, foll
g1smd 2011/04/03 10:29:30 The question mark makes this pattern match both <s
g1smd 2011/04/03 10:29:30 ([^.]+)/ is "not a period one or more times". No i
g1smd 2011/04/03 10:29:30 With trailing (.*) and no question mark this no lo
350 RewriteRule ^templates/([^.]+)\.php$ - [L] 349 RewriteRule ^templates/([^.]+)\.php$ $1 [L]
g1smd 2011/04/03 10:29:30 $1 should be - here. It is not the [^.] that makes
351 RewriteRule ^(components|modules|plugins|templates)/ - [F] 350 RewriteRule ^(components|modules|plugins|templates)/? - [F]
352 ## Changed above patterns to allow both /folder/ and /folder/index.php requests for JA Purity II
353 351
354 ## Disallow rogue scripts in your site's root 352 ## Disallow rogue scripts in your site's root
355 # Exception: Allow Joomla!'s index.php and index2.php files 353 # Exception: Allow Joomla!'s index.php and index2.php files
356 RewriteRule ^index2?\.php$ - [L] 354 RewriteRule ^index2?\.php$ - [L]
357 RewriteRule ^[^.]+\.php$ - [F] 355 RewriteRule ^[^/]+\.php$ - [F]
g1smd 2011/04/03 10:29:30 Match "not a slash, followed by a period" will fai
358 356
359 ## Disallow access to htaccess.txt, configuration.php, configuration.php-dist an d php.ini 357 ## Disallow access to htaccess.txt and configuration.php-dist
360 RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F] 358 RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F]
g1smd 2011/04/03 10:29:30 Matches configuration.php and configuration.php-di
g1smd 2011/04/03 10:29:30 Doesn't match configuration.php and php.ini
361 359
362 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ 360 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @
363 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html 361 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html
364 ## May cause problems on legitimate requests 362 ## May cause problems on legitimate requests
365 RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] 363 RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
366 RewriteCond %{QUERY_STRING} union([^s]*s)+elect[^\(]*\( [NC,OR] 364 RewriteCond %{QUERY_STRING} union([^s]*s)+elect.*[^\(]*\( [NC,OR]
g1smd 2011/04/03 10:29:30 union([^s]*s)+elect[^\(]*\( matches "union" follow
g1smd 2011/04/03 10:29:30 The .* is superfluous.
367 RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC] 365 RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC]
368 RewriteRule .* - [F] 366 RewriteRule .* - [F]
369 367
370 ########## End - Advanced server protection 368 ########## End - Advanced server protection
371 369
372 ########## Begin - Basic antispam Filter, by SigSiu.net 370 ########## Begin - Basic antispam Filter, by SigSiu.net
373 ## I removed some common words, tweak to your liking 371 ## I removed some common words, tweak to your liking
374 ## This code uses PCRE and works only with Apache 2.x. 372 ## This code uses PCRE and works only with Apache 2.x.
375 ## This code will NOT work with Apache 1.x servers. 373 ## This code will NOT work with Apache 1.x servers.
376 RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erec tile)\b [NC,OR] 374 RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erec tile)\b [NC,OR]
377 RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitr a|libido)\b [NC,OR] 375 RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitr a|libido)\b [NC,OR]
378 RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|t royhamby)\b [NC,OR] 376 RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|t royhamby)\b [NC,OR]
377 ## Note: The final RewriteCond must NOT use the [OR] flag.
379 RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxai eo)\b [NC] 378 RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxai eo)\b [NC]
380 ## Note: The final RewriteCond must NOT use the [OR] flag.
g1smd 2011/04/03 10:29:30 The note is on the end in case people add more Rew
381 RewriteRule .* - [F] 379 RewriteRule .* - [F]
382 ## Note: The previous lines are a "compressed" version 380 ## Note: The previous lines are a "compressed" version
383 ## of the filters. You can add your own filters as: 381 ## of the filters. You can add your own filters as:
384 ## RewriteCond %{QUERY_STRING} \bbadword\b [NC,OR] 382 ## RewriteCond %{QUERY_STRING} \bbadword\b [NC,OR]
385 ## where "badword" is the word you want to exclude. 383 ## where "badword" is the word you want to exclude
386 ########## End - Basic antispam Filter, by SigSiu.net 384 ########## End - Basic antispam Filter, by SigSiu.net
387 385
388 ########## Begin - Joomla! core SEF Section 386 ########## Begin - Joomla! core SEF Section
389 # 387 #
390 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 388 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
391 # 389 RewriteCond %{REQUEST_URI} !^/index.php
g1smd 2011/04/03 10:29:30 Escape literal periods.
392 # If the requested path and file is not /index.php and the request
g1smd 2011/04/03 10:29:30 These notes now appear in the Joomla official file
393 # has not already been internally rewritten to the index.php script
394 RewriteCond %{REQUEST_URI} !^/index\.php
395 # and the request is for the site root, or for an extensionless URL,
396 # or the requested URL ends with one of the listed extensions
397 RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip|json|file)) $ [NC] 390 RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip|json|file)) $ [NC]
398 # and the requested path and file doesn't directly match a physical file
399 RewriteCond %{REQUEST_FILENAME} !-f 391 RewriteCond %{REQUEST_FILENAME} !-f
400 # and the requested path doesn't directly match a physical folder
401 RewriteCond %{REQUEST_FILENAME} !-d 392 RewriteCond %{REQUEST_FILENAME} !-d
402 # internally rewrite the request to the index.php script
403 RewriteRule .* index.php [L] 393 RewriteRule .* index.php [L]
404 # 394 #
405 ########## End - Joomla! core SEF Section 395 ########## End - Joomla! core SEF Section
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1278:e6ce13d99bf5