Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(881)

Side by Side Diff: joomla-master-htaccess.txt

Issue 4314051: Joomla master .htaccess - differences 2.4.6 - 3.2.f (r) Base URL: http://joomla-master-htaccess.googlecode.com/svn/trunk/
Patch Set: Joomla master .htaccess - differences 2.4.6 - 3.2.f Created 3 years ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 ############################################################################### 1 ###############################################################################
2 ## The Master .htaccess 2 ## The Master .htaccess
3 ## 3 ##
4 ## Version 3.2 - April 8th, 2011 4 ## Version 2.4 (proposed) - April 9th, 2011
5 ## 5 ##
6 ## ---------- 6 ## ----------
7 ## This file is designed to be the template .htaccess file to put on your new 7 ## This file is designed to be the template .htaccess file to put on your new
8 ## sites, increasing your site's security and performance. It is not meant to 8 ## sites, increasing your site's security and performance. It is not meant to
9 ## be just dropped in your site, though. You should go through all of its 9 ## be just dropped in your site, though. You should go through all of its
10 ## sections and modify it to match your site. Most notably, all instances of 10 ## sections and modify it to match your site. Most notably, all instances of
11 ## example.com and example\.com should be replaced with your real domain name. 11 ## example.com and example\.com should be replaced with your real domain name.
12 ## 12 ##
13 ## Some sections are too picky and may cause problems with legitimate requests. 13 ## Some sections are too picky and may cause problems with legitimate requests.
14 ## You are ultimately responsible for disabling them or writing exception rules 14 ## You are ultimately responsible for disabling them or writing exception rules
(...skipping 23 matching lines...) Expand all
38 ## 38 ##
39 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html 39 ## Learn more: http://www.akeebabackup.com/software/admin-tools.html
40 ## ---------------------------------------------------------------------- 40 ## ----------------------------------------------------------------------
41 ## 41 ##
42 ## Have fun, stay safe. 42 ## Have fun, stay safe.
43 ## 43 ##
44 ## Nicholas K. Dionysopoulos 44 ## Nicholas K. Dionysopoulos
45 ## Lead Developer, AkeebaBackup.com 45 ## Lead Developer, AkeebaBackup.com
46 ## 46 ##
47 ## CHANGELOG: 47 ## CHANGELOG:
48 ## Version 3.2 (April 8th, 2011) 48 ## Version 2.4 (proposed) (April 9th, 2011)
49 ## - Some slight improvements with negligible (if any) performance impact 49 ## - Dozens of speed optimisations and many logic and syntax corrections.
50 ## Version 3.1 (April 5th, 2011)
51 ## - Expiration time of static resources adjusted to 1 month instead of 1 year
52 ## - GET variables not passed along in the index.php to site root redirection
53 ## - Fixed typos
54 ## - Alternative for HTTP to HTTPS redirection
55 ## - Common exploits protection: Minor changes in comments, combined base64_enco de/base64_decode rule
56 ## - Bug in query string protection rule
57 ## - Back-end & front-end protection optimization
58 ## - Fixed the UNION SELECT SQLi rule to actually work against real attacks
59 ## - Added comments to Joomla! core SEF section
60 ## Version 3.0 (March 28th, 2011)
61 ## - Massive rewrite
62 ## Version 2.3 (November 18th, 2010) 50 ## Version 2.3 (November 18th, 2010)
63 ## - Added .ico to the pass-through rules, for favicons to load 51 ## - Added .ico to the pass-through rules, for favicons to load
64 ## Version 2.2 (October 25th, 2010) 52 ## Version 2.2 (October 25th, 2010)
65 ## - Bug in the tmpl=component rule 53 ## - Bug in the tmpl=component rule
66 ## Version 2.1 (October 19th, 2010) 54 ## Version 2.1 (October 19th, 2010)
67 ## - index.php to root redirection would kill some AJAX requests 55 ## - index.php to root redirection would kill some AJAX requests
68 ## - Referer filtering was screwed up 56 ## - Referer filtering was screwed up
69 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!) 57 ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!)
70 ## - The tp/template/tmpl filter was not thorough and killed some components 58 ## - The tp/template/tmpl filter was not thorough and killed some components
71 ## - Optimized Joomla! core SEF section 59 ## - Optimized Joomla! core SEF section
72 ## - Bot filters and GZip optimization would never run for dynamic content 60 ## - Bot filters and GZip optimization would never run for dynamic content
73 ## - Content expiration optimization got more optimized 61 ## - Content expiration optimization got more optimized
74 ## - Added ETag rule 62 ## - Added ETag rule
75 ## 63 ##
76 ############################################################################### 64 ###############################################################################
77 65
78 ########## Begin - RewriteEngine enabled 66 ########## Begin - RewriteEngine enabled
79 RewriteEngine On 67 RewriteEngine On
80 ########## End - RewriteEngine enabled 68 ########## End - RewriteEngine enabled
81 69
82 ########## Begin - RewriteBase 70 ########## Begin - RewriteBase
83 # Uncomment following line if your webserver's URL 71 # Uncomment following line if your webserver's URL
g1smd 2011/04/24 09:06:13 Remove spaces.
84 # is not directly related to physical file paths. 72 # is not directly related to physical file paths.
g1smd 2011/04/24 09:06:13 Remove spaces.
85 # Update Your Joomla! Directory (just / for root) 73 # Update Your Joomla! Directory (just / for root)
g1smd 2011/04/24 09:06:13 Remove spaces.
86 74
87 # RewriteBase / 75 # RewriteBase /
88 ########## End - RewriteBase 76 ########## End - RewriteBase
89 77
90 ########## Begin - No directory listings 78 ########## Begin - No directory listings
91 ## Note: +FollowSymlinks may cause problems and you might have to remove it 79 ## Note: +FollowSymlinks may cause problems and you might have to remove it
92 IndexIgnore * 80 IndexIgnore *
93 Options +FollowSymLinks All -Indexes 81 Options +FollowSymLinks All -Indexes
94 ########## End - No directory listings 82 ########## End - No directory listings
95 83
96 ########## Begin - File execution order, by Komra.de 84 ########## Begin - File execution order, by Komra.de
97 DirectoryIndex index.php index.html 85 DirectoryIndex index.php index.html
98 ########## End - File execution order 86 ########## End - File execution order
99 87
100 ########## Begin - ETag Optimization 88 ########## Begin - ETag Optimization
101 ## This rule will create an ETag for files based only on the modification 89 ## This rule will create an ETag for files based only on the modification
102 ## timestamp and their size. This works wonders if you are using rsync'ed 90 ## timestamp and their size. This works wonders if you are using rsync'ed
103 ## servers, where the inode number of identical files differs. 91 ## servers, where the inode number of identical files differs.
104 ## Note: It may cause problems on your server and you may need to remove it 92 ## Note: It may cause problems on your server and you may need to remove it
105 FileETag MTime Size 93 FileETag MTime Size
106 ########## End - ETag Optimization 94 ########## End - ETag Optimization
107 95
108 ########## Begin - Optimal default expiration time 96 ########## Begin - Optimal default expiration time
109 ## Note: this might cause problems and you might have to comment it out by 97 ## Note: this might cause problems and you might have to comment it out by
110 ## placing a hash in front of this section's lines 98 ## placing a hash in front of this section's lines
111 ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year ".
112 ## Suit to taste.
g1smd 2011/04/24 09:06:13 Note is no longer needed.
113 <IfModule mod_expires.c> 99 <IfModule mod_expires.c>
114 # Enable expiration control 100 # Enable expiration control
115 ExpiresActive On 101 ExpiresActive On
116 102
117 # Default expiration: 1 hour after request 103 # Default expiration: 1 hour after request
118 ExpiresDefault "now plus 1 hour" 104 ExpiresDefault "now plus 1 hour"
119 » 105
120 # CSS and JS expiration: 1 week after request 106 # CSS and JS expiration: 1 week after request
121 ExpiresByType text/css "now plus 1 week" 107 ExpiresByType text/css "now plus 1 week"
122 ExpiresByType application/javascript "now plus 1 week" 108 ExpiresByType application/javascript "now plus 1 week"
123 ExpiresByType application/x-javascript "now plus 1 week" 109 ExpiresByType application/x-javascript "now plus 1 week"
124 » 110
125 # Image files expiration: 1 month after request 111 # Image files expiration: 1 month after request
126 ExpiresByType image/bmp "now plus 1 month" 112 ExpiresByType image/bmp "now plus 1 month"
127 ExpiresByType image/gif "now plus 1 month" 113 ExpiresByType image/gif "now plus 1 month"
128 ExpiresByType image/jpeg "now plus 1 month" 114 ExpiresByType image/jpeg "now plus 1 month"
129 ExpiresByType image/jp2 "now plus 1 month" 115 ExpiresByType image/jp2 "now plus 1 month"
130 ExpiresByType image/pipeg "now plus 1 month" 116 ExpiresByType image/pipeg "now plus 1 month"
131 ExpiresByType image/png "now plus 1 month" 117 ExpiresByType image/png "now plus 1 month"
132 ExpiresByType image/svg+xml "now plus 1 month" 118 ExpiresByType image/svg+xml "now plus 1 month"
133 ExpiresByType image/tiff "now plus 1 month" 119 ExpiresByType image/tiff "now plus 1 month"
134 ExpiresByType image/vnd.microsoft.icon "now plus 1 month" 120 ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
135 ExpiresByType image/x-icon "now plus 1 month" 121 ExpiresByType image/x-icon "now plus 1 month"
136 ExpiresByType image/ico "now plus 1 month" 122 ExpiresByType image/ico "now plus 1 month"
137 ExpiresByType image/icon "now plus 1 month" 123 ExpiresByType image/icon "now plus 1 month"
138 ExpiresByType text/ico "now plus 1 month" 124 ExpiresByType text/ico "now plus 1 month"
139 ExpiresByType application/ico "now plus 1 month" 125 ExpiresByType application/ico "now plus 1 month"
140 ExpiresByType image/vnd.wap.wbmp "now plus 1 month" 126 ExpiresByType image/vnd.wap.wbmp "now plus 1 month"
141 ExpiresByType application/vnd.wap.wbxml "now plus 1 month" 127 ExpiresByType application/vnd.wap.wbxml "now plus 1 month"
142 ExpiresByType application/smil "now plus 1 month" 128 ExpiresByType application/smil "now plus 1 month"
143 » 129
144 # Audio files expiration: 1 month after request 130 # Audio files expiration: 1 month after request
145 ExpiresByType audio/basic "now plus 1 month" 131 ExpiresByType audio/basic "now plus 1 month"
146 ExpiresByType audio/mid "now plus 1 month" 132 ExpiresByType audio/mid "now plus 1 month"
147 ExpiresByType audio/midi "now plus 1 month" 133 ExpiresByType audio/midi "now plus 1 month"
148 ExpiresByType audio/mpeg "now plus 1 month" 134 ExpiresByType audio/mpeg "now plus 1 month"
149 ExpiresByType audio/x-aiff "now plus 1 month" 135 ExpiresByType audio/x-aiff "now plus 1 month"
150 ExpiresByType audio/x-mpegurl "now plus 1 month" 136 ExpiresByType audio/x-mpegurl "now plus 1 month"
151 ExpiresByType audio/x-pn-realaudio "now plus 1 month" 137 ExpiresByType audio/x-pn-realaudio "now plus 1 month"
152 ExpiresByType audio/x-wav "now plus 1 month" 138 ExpiresByType audio/x-wav "now plus 1 month"
153 » 139
154 # Movie files expiration: 1 month after request 140 # Movie files expiration: 1 month after request
155 ExpiresByType application/x-shockwave-flash "now plus 1 month" 141 ExpiresByType application/x-shockwave-flash "now plus 1 month"
156 ExpiresByType x-world/x-vrml "now plus 1 month" 142 ExpiresByType x-world/x-vrml "now plus 1 month"
157 ExpiresByType video/x-msvideo "now plus 1 month" 143 ExpiresByType video/x-msvideo "now plus 1 month"
158 ExpiresByType video/mpeg "now plus 1 month" 144 ExpiresByType video/mpeg "now plus 1 month"
159 ExpiresByType video/mp4 "now plus 1 month" 145 ExpiresByType video/mp4 "now plus 1 month"
160 ExpiresByType video/quicktime "now plus 1 month" 146 ExpiresByType video/quicktime "now plus 1 month"
161 ExpiresByType video/x-la-asf "now plus 1 month" 147 ExpiresByType video/x-la-asf "now plus 1 month"
162 ExpiresByType video/x-ms-asf "now plus 1 month" 148 ExpiresByType video/x-ms-asf "now plus 1 month"
163 </IfModule> 149 </IfModule>
(...skipping 29 matching lines...) Expand all
193 ########## End - Automatic compression of resources 179 ########## End - Automatic compression of resources
194 180
195 ########## Begin - Google Apps redirection, by Komra.de 181 ########## Begin - Google Apps redirection, by Komra.de
196 ## Uncomment the following line to enable: 182 ## Uncomment the following line to enable:
197 # RewriteRule ^mail http://mail.google.com/a/example.com [R=301,L] 183 # RewriteRule ^mail http://mail.google.com/a/example.com [R=301,L]
198 ## If the above doesn't work on your server, try this: 184 ## If the above doesn't work on your server, try this:
199 ## RewriteRule ^mail http://mail.google.com/a/example.com [R,L] 185 ## RewriteRule ^mail http://mail.google.com/a/example.com [R,L]
200 ########## End - Google Apps redirection 186 ########## End - Google Apps redirection
201 187
202 ########## Begin - Redirect index.php to / 188 ########## Begin - Redirect index.php to /
203 ## Note: Change example.com to reflect your own domain 189 ## Note: Change example.com to reflect your own domain name
204 RewriteCond %{THE_REQUEST} !^POST 190 RewriteCond %{THE_REQUEST} !^POST
205 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ 191 RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
206 RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ 192 RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
207 RewriteRule ^index\.php$ http%2://www.example.com/$1 [R=301,L] 193 RewriteRule ^index\.php$ http%2://www.example.com/$1 [R=301,L]
208 # If the above line throws a 500 error, try this instead: 194 # If the above line throws a 500 error, change [R=301,L] to [R,L]
209 # RewriteRule ^index\.php$ http%2://www.example.com/$1 [R,L]
210 ########## End - Redirect index.php to / 195 ########## End - Redirect index.php to /
211 196
212 ########## Begin - Redirect non-www to www 197 ########## Begin - Redirect non-www to www
213 RewriteCond %{HTTP_HOST} !^www\. [NC] 198 RewriteCond %{HTTP_HOST} !^www\. [NC]
214 RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] 199 RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
215 ## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L] 200 ## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L]
216 ########## End - Redirect non-www to www 201 ########## End - Redirect non-www to www
217 202
218 ########## Begin - Redirect www to non-www 203 ########## Begin - Redirect www to non-www
219 ## WARNING: Comment out the non-www to www rule if you choose to use this 204 ## WARNING: Comment out the non-www to www rule if you choose to use this
220 # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] 205 # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
221 # RewriteRule ^(.*)$ http://%1/$1 [R=301,L] 206 # RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
222 ## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L] 207 ## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L]
223 ########## End - Redirect non-www to www 208 ########## End - Redirect non-www to www
224 209
225 ########## Begin - Redirect (www.)olddomain.com to www.example.com 210 ########## Begin - Redirect (www.)olddomain.com to www.example.com
226 ## Note: olddomain.com is your old domain name, you want to redirect FROM, 211 ## Note: olddomain.com is your old domain name, you want to redirect FROM,
227 ## whereas www.example.com is the new domain name you want to redirect TO. 212 ## whereas www.example.com is the new domain name you want to redirect TO.
228 ## Change those names to reflect your current configuration. Remember, this 213 ## Change those names to reflect your current configuration. Remember, this
229 ## part of the file is supposed to be placed in www.olddomain.com! 214 ## small part of the file is supposed to be placed in www.olddomain.com!
230 ## Note: Replace [R=301,L] with [R,L] if you get error 500. 215 ## Note: Replace [R=301,L] with [R,L] if you get error 500.
231 ## Uncomment the following lines to enable: 216 ## Uncomment the following lines to enable:
232 # RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC] 217 # RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC]
233 # RewriteRule (.*) http://www.example.com/$1 [R=301,L] 218 # RewriteRule (.*) http://www.example.com/$1 [R=301,L]
234 ########## End - Redirect olddomain.com to www.example.com 219 ## Note: The above section is only required if you are changing your domain name .
220 ########## End - Redirect (www.)olddomain.com to www.example.com
g1smd 2011/04/24 09:06:13 Add (www.) to olddomain.com
235 221
236 ########## Begin - Force HTTPS for certain pages 222 ########## Begin - Force HTTPS for certain pages
237 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says. 223 # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says.
238 # This is a sample redirection for foobar.html. Do note that you have to change 224 # This is a sample redirection for foobar.html. Do note that you have to change
239 # www.example.com to reflect your own domain. Remember to escape the dots using 225 # www.example.com to reflect your own domain. Remember to escape the dots using
240 # \. in the left hand side of each rule. You need BOTH LINES PER URL for the rul e 226 # \. in the left hand side of each rule. You need BOTH LINES PER URL for the rul e
241 # to work. 227 # to work.
242 RewriteCond %{SERVER_PORT} !^443$ 228 RewriteCond %{SERVER_PORT} !^443$
243 ## Alternatively, comment the above line and uncomment the following line: 229 ## Alternatively, comment the above line and uncomment the following line:
244 # RewriteCond %{HTTPS} ^off$ [NC] 230 # RewriteCond %{HTTPS} ^off$ [NC]
245 RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [R=301,L] 231 RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [R=301,L]
246 ## NOTE: If you get an HTTP 500 error, please swap [R=301,L] with [R,L] 232 ## NOTE: If you get an HTTP 500 error, please swap [R=301,L] with [R,L]
247 # Add more rules below this line 233 # Add more rules below this line as required
248 ########## End - Force HTTPS for certain pages 234 ########## End - Force HTTPS for certain pages
249 235
250 ########## Begin - Rewrite rules to block out some common exploits 236 ########## Begin - Rewrite rules to block out some common exploits
251 ## If you experience problems on your site block out the operations listed below 237 ## If you experience problems on your site block out the operations listed below
252 ## This attempts to block the most common type of exploit `attempts` to Joomla! 238 ## This attempts to block the most common type of exploit `attempts` to Joomla!
253 # 239 #
254 # If the request query string contains /proc/self/environ (by SigSiu.net) 240 # If the request query string contains /proc/self/environ (by SigSiu.net)
255 RewriteCond %{QUERY_STRING} proc/self/environ [OR] 241 RewriteCond %{QUERY_STRING} proc/self/environ [OR]
256 # Legacy variable injection (these attacks wouldn't work w/out Joomla! 1.5's Leg acy Mode plugin) 242 # Block out any script trying to set a mosConfig value through the URL
243 # (these attacks wouldn't work w/out Joomla! 1.5's Legacy Mode plugin)
257 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] 244 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
258 # Block out any script trying to base64_encode/base64_decode data to send via UR L 245 # Block out any script trying to base64_encode or base64_decode data within the URL
259 RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR] 246 RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
260 ## IMPORTANT: If the above line throws an HTTP 500 error, replace it with these 2 lines: 247 ## IMPORTANT: If the above line throws an HTTP 500 error, replace it with these 2 lines:
261 # RewriteCond %{QUERY_STRING} base64_encode\(.*\) [OR] 248 # RewriteCond %{QUERY_STRING} base64_encode\(.*\) [OR]
262 # RewriteCond %{QUERY_STRING} base64_decode\(.*\) [OR] 249 # RewriteCond %{QUERY_STRING} base64_decode\(.*\) [OR]
263 # Block out any script that includes a <script> tag in URL 250 # Block out any script that includes a <script> tag in URL
264 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR] 251 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
265 # Block out any script trying to set a PHP GLOBALS variable via URL 252 # Block out any script trying to set a PHP GLOBALS variable via URL
266 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] 253 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
267 # Block out any script trying to modify a _REQUEST variable via URL 254 # Block out any script trying to modify a _REQUEST variable via URL
268 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 255 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
269 # Return a 403 Forbidden header and show the content of the root homepage 256 # Return 403 Forbidden header and show the content of the root homepage
270 RewriteRule .* index.php [F] 257 RewriteRule .* index.php [F]
271 # 258 #
272 ########## End - Rewrite rules to block out some common exploits 259 ########## End - Rewrite rules to block out some common exploits
273 260
274 ########## Begin - File injection protection, by SigSiu.net 261 ########## Begin - File injection protection, by SigSiu.net
275 RewriteCond %{REQUEST_METHOD} GET 262 RewriteCond %{REQUEST_METHOD} GET
276 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] 263 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
277 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] 264 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
278 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] 265 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
279 RewriteRule .* - [F] 266 RewriteRule .* - [F]
280 ########## End - File injection protection 267 ########## End - File injection protection
281 268
282 ########## Begin - Advanced server protection rules exceptions #### 269 ########## Begin - Advanced server protection rules exceptions ####
283 ## 270 ##
284 ## These are sample exceptions to the Advanced Server Protection 3.0 271 ## These are sample exceptions to the Advanced Server Protection 3.1
g1smd 2011/04/24 09:06:13 The code is much altered since August 2010. The 3.
285 ## rule set further down this file. 272 ## rule set further down this file.
286 ## 273 ##
287 ## Allow UddeIM CAPTCHA 274 ## Allow UddeIM CAPTCHA
288 RewriteRule ^components/com_uddeim/captcha15\.php$ - [L] 275 RewriteRule ^components/com_uddeim/captcha15\.php$ - [L]
289 ## Allow Phil Taylor's Turbo Gears 276 ## Allow Phil Taylor's Turbo Gears
290 RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php$ - [L] 277 RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php$ - [L]
291 ## Allow JoomlaWorks AllVideos 278 ## Allow JoomlaWorks AllVideos
292 RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [L] 279 RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [L]
293 ## Allow Admin Tools Joomla! updater to run 280 ## Allow Admin Tools Joomla! updater to run
294 RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L] 281 RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L]
(...skipping 13 matching lines...) Expand all
308 ## Uncomment to allow full access to the cache directory (strongly not recommend ed!) 295 ## Uncomment to allow full access to the cache directory (strongly not recommend ed!)
309 #RewriteRule ^cache/ - [L] 296 #RewriteRule ^cache/ - [L]
310 ## Uncomment to allow full access to the tmp directory (strongly not recommended !) 297 ## Uncomment to allow full access to the tmp directory (strongly not recommended !)
311 #RewriteRule ^tmp/ - [L] 298 #RewriteRule ^tmp/ - [L]
312 299
313 # Add more full access rules here 300 # Add more full access rules here
314 301
315 ########## End - Advanced server protection rules exceptions #### 302 ########## End - Advanced server protection rules exceptions ####
316 303
317 ########## Begin - Advanced server protection 304 ########## Begin - Advanced server protection
318 # Advanced server protection, version 2.0 - August 2010 305 # Advanced server protection, version 3.1 - April 2011
g1smd 2011/04/24 09:06:13 The code is much altered since August 2010. The 2.
319 # by Nicholas K. Dionysopoulos 306 # by Nicholas K. Dionysopoulos
320 307
321 ## Referrer filtering for common media files. Replace with your own domain. 308 ## Referrer filtering for common media files. Replace with your own domain name.
322 ## This blocks most common fingerprinting attacks ;) 309 ## This blocks most common fingerprinting attacks ;)
323 ## Note: Change www\.example\.com with your own domain name, substituting the 310 ## Note: Change www\.example\.com with your own domain name, substituting the
324 ## dots with \., i.e.: www\.example\.com for www.example.com 311 ## dots with \. i.e. use www\.example\.com for www.example.com
325 RewriteRule ^images/stories/[^.]+\.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [L ] 312 RewriteRule ^images/stories/[^.]+\.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [L ]
326 RewriteCond %{HTTP_REFERER} . 313 RewriteCond %{HTTP_REFERER} .
327 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] 314 RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC]
328 RewriteRule \.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [F] 315 RewriteRule \.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [F]
329 316
330 ## Disallow visual fingerprinting of Joomla! sites (module position dump) 317 ## Disallow visual fingerprinting of Joomla! sites (module position dump)
331 ## Initial idea by Brian Teeman and Ken Crowder, see: 318 ## Initial idea by Brian Teeman and Ken Crowder, see:
332 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets 319 ## http://www.slideshare.net/brianteeman/hidden-joomla-secrets
333 ## Improved by @nikosdion to work more efficiently and handle template 320 ## Improved by @nikosdion to work more efficiently and handle template
334 ## and tmpl query parameters 321 ## and tmpl query parameters
335 RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC] 322 RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC]
336 RewriteRule .* - [L] 323 RewriteRule .* - [L]
337 RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC] 324 RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC]
338 RewriteRule .* - [F] 325 RewriteRule .* - [F]
339 326
340 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine 327 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
341 ## your PHP version). See http://www.0php.com/php_easter_egg.php and 328 ## your PHP version). See http://www.0php.com/php_easter_egg.php and
342 ## http://osvdb.org/12184 for more information 329 ## http://osvdb.org/12184 for more information
343 RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4} -[a-f0-9]{12} [NC] 330 RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4} -[0-9a-f]{12} [NC]
g1smd 2011/04/24 09:06:13 This is a hexadecimal match: [0-9a-f] [NC].
g1smd 2011/04/24 09:06:13 This is a hexadecimal match: [0-9a-f] [NC].
344 RewriteRule .* - [F] 331 RewriteRule .* - [F]
345 332
346 ## Back-end protection 333 ## Back-end protection
347 ## This also blocks fingerprinting attacks browsing for XML and INI files 334 ## This also blocks fingerprinting attacks browsing for XML and INI files
348 RewriteRule ^administrator/?$ - [L] 335 RewriteRule ^administrator/?$ - [L]
349 RewriteRule ^administrator/index\.(php|html?)$ - [L] 336 RewriteRule ^administrator/index\.(php|html?)$ - [L]
350 RewriteRule ^administrator/index[23]\.php$ - [L] 337 RewriteRule ^administrator/index[23]\.php$ - [L]
351 RewriteRule ^administrator/(components|modules|templates|images|plugins)/[^.]+\. (jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx? |pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [L] 338 RewriteRule ^administrator/(components|modules|templates|images|plugins)/[^.]+\. (jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx? |pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [L]
352 RewriteRule ^administrator/ - [F] 339 RewriteRule ^administrator/ - [F]
353 340
(...skipping 14 matching lines...) Expand all
368 ## Uncomment the following line if your template requires direct access to PHP f iles 355 ## Uncomment the following line if your template requires direct access to PHP f iles
369 ## inside its directory, e.g. GZip compressed copies of its CSS files 356 ## inside its directory, e.g. GZip compressed copies of its CSS files
370 # RewriteRule ^templates/[^.]+\.php$ - [L] 357 # RewriteRule ^templates/[^.]+\.php$ - [L]
371 RewriteRule ^(components|modules|plugins|templates)/ - [F] 358 RewriteRule ^(components|modules|plugins|templates)/ - [F]
372 359
373 ## Disallow rogue scripts in your site's root 360 ## Disallow rogue scripts in your site's root
374 # Exception: Allow Joomla!'s index.php and index2.php files 361 # Exception: Allow Joomla!'s index.php and index2.php files
375 RewriteRule ^index2?\.php$ - [L] 362 RewriteRule ^index2?\.php$ - [L]
376 RewriteRule ^[^.]+\.php$ - [F] 363 RewriteRule ^[^.]+\.php$ - [F]
377 364
378 ## Disallow access to htaccess.txt and configuration.php-dist 365 ## Disallow access to htaccess.txt, configuration.php, configuration.php-dist an d php.ini
g1smd 2011/04/24 09:06:13 and php.ini
379 RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini)$ - [F] 366 RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ - [F]
380 367
381 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ 368 ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @
382 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html 369 ## http://www.sigsiu.net/presentations/fortifying_your_joomla_website.html
383 ## May cause problems on legitimate requests 370 ## May cause problems on legitimate requests
384 RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR] 371 RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
385 RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR] 372 RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
386 RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC] 373 RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC]
387 RewriteRule .* - [F] 374 RewriteRule .* - [F]
388 375
389 ########## End - Advanced server protection 376 ########## End - Advanced server protection
390 377
391 ########## Begin - Basic antispam Filter, by SigSiu.net 378 ########## Begin - Basic antispam Filter, by SigSiu.net
392 ## I removed some common words, tweak to your liking 379 ## I removed some common words, tweak to your liking
393 ## This code uses PCRE and works only with Apache 2.x. 380 ## This code uses PCRE and works only with Apache 2.x.
394 ## This code will NOT work with Apache 1.x servers. 381 ## This code will NOT work with Apache 1.x servers.
395 RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erec tile)\b [NC,OR] 382 RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erec tile)\b [NC,OR]
396 RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitr a|libido)\b [NC,OR] 383 RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitr a|libido)\b [NC,OR]
397 RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|t royhamby)\b [NC,OR] 384 RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|t royhamby)\b [NC,OR]
385 RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxai eo)\b [NC]
398 ## Note: The final RewriteCond must NOT use the [OR] flag. 386 ## Note: The final RewriteCond must NOT use the [OR] flag.
399 RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxai eo)\b [NC]
400 RewriteRule .* - [F] 387 RewriteRule .* - [F]
401 ## Note: The previous lines are a "compressed" version 388 ## Note: The previous lines are a "compressed" version
402 ## of the filters. You can add your own filters as: 389 ## of the filters. You can add your own filters as:
403 ## RewriteCond %{QUERY_STRING} \bbadword\b [NC,OR] 390 ## RewriteCond %{QUERY_STRING} \bbadword\b [NC,OR]
404 ## where "badword" is the word you want to exclude 391 ## where "badword" is the word you want to exclude.
405 ########## End - Basic antispam Filter, by SigSiu.net 392 ########## End - Basic antispam Filter, by SigSiu.net
406 393
407 ########## Begin - Joomla! core SEF Section 394 ########## Begin - Joomla! core SEF Section
408 # 395 #
409 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] 396 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
397 #
410 # If the requested path and file is not /index.php and the request 398 # If the requested path and file is not /index.php and the request
411 # has not already been internally rewritten to the index.php script 399 # has not already been internally rewritten to the index.php script
412 RewriteCond %{REQUEST_URI} !^/index\.php 400 RewriteCond %{REQUEST_URI} !^/index\.php
413 # and the request is for the site root, or for an extensionless URL, 401 # and the request is for the site root, or for an extensionless URL,
414 # or the requested URL ends with one of the listed extensions 402 # or the requested URL ends with one of the listed extensions
415 RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip |json|file|vcf))$ [NC] 403 RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw|ini |zip|json|file))$ [NC]
g1smd 2011/04/24 09:06:13 vcf is after pdf and before raw in the official fi
g1smd 2011/04/24 09:06:13 vcf is after pdf and before raw in the official fi
416 # and the requested path and file doesn't directly match a physical file 404 # and the requested path and file doesn't directly match a physical file
417 RewriteCond %{REQUEST_FILENAME} !-f 405 RewriteCond %{REQUEST_FILENAME} !-f
418 # and the requested path doesn't match a physical folder 406 # and the requested path doesn't directly match a physical folder
419 RewriteCond %{REQUEST_FILENAME} !-d 407 RewriteCond %{REQUEST_FILENAME} !-d
420 # internally rewrite the request to the index.php script 408 # internally rewrite the request to the index.php script
421 RewriteRule .* index.php [L] 409 RewriteRule .* index.php [L]
422 # 410 #
423 ########## End - Joomla! core SEF Section 411 ########## End - Joomla! core SEF Section
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld 1278:e6ce13d99bf5