.HTTACCES test

1. # ------------------
2. # UTF-8 encoding
3. # ------------------
4. # Use UTF-8 encoding for anything served as `text/html` or `text/plain`.
5. AddDefaultCharset utf-8
6. # Force UTF-8 for certain file formats.
7. <IfModule mod_mime.c>
8. AddCharset utf-8 .atom .css .js .json .jsonld .rss .vtt .webapp .xml .xsl
9. </IfModule>
10. # ---------------------------
11. # BEGIN Cache-Control Headers
12. # ---------------------------
13. <IfModule mod_expires.c>
14. ExpiresActive On
15. ExpiresByType image/jpg "access plus 2592000 seconds"
16. ExpiresByType image/jpeg "access plus 2592000 seconds"
17. ExpiresByType image/png "access plus 2592000 seconds"
18. ExpiresByType image/gif "access plus 2592000 seconds"
19. ExpiresByType image/ico "access plus 2592000 seconds"
20. ExpiresByType image/icon "access plus 2592000 seconds"
21. ExpiresByType image/x-icon "access plus 2592000 seconds"
22. ExpiresByType text/css "access plus 2592000 seconds"
23. ExpiresByType text/javascript "access plus 604800 seconds"
24. ExpiresByType application/xhtml+xml "access plus 7200 seconds"
25. ExpiresByType application/javascript "access plus 2592000 seconds"
26. ExpiresByType application/x-javascript "access plus 2592000 seconds"
27. ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
28. ExpiresByType font/ttf "access plus 2592000 seconds"
29. ExpiresByType application/x-font-woff "access plus 2592000 seconds"
30. </IfModule>
31. <IfModule mod_headers.c>
32. <FilesMatch "\\.(ico|jpe?g|png|gif|swf|gz|woff|svg)$">
33. Header unset Cookie
34. Header unset Set-Cookie
35. Header set Cache-Control "max-age=2592000"
36. </FilesMatch>
37. <FilesMatch "\\.(js|css)$">
38. Header unset Cookie
39. Header unset Set-Cookie
40. Header set Cache-Control "max-age=2592000"
41. </FilesMatch>
42. </IfModule>
43. <IfModule mod_headers.c>
44. Header unset ETag
45. Header unset Pragma
46. Header set Connection keep-alive
47. Header unset Accept-Ranges
48. </IfModule>
49. # ---------------
50. # | Compression |
51. # ---------------
52. <IfModule mod_deflate.c>
53. AddOutputFilterByType DEFLATE application/atom+xml \
54. application/javascript \
55. application/json \
56. application/ld+json \
57. application/rss+xml \
58. application/vnd.ms-fontobject \
59. application/x-font-ttf \
60. application/x-web-app-manifest+json \
61. application/xhtml+xml \
62. application/xml \
63. font/opentype \
64. image/svg+xml \
65. image/x-icon \
66. text/css \
67. text/html \
68. text/plain \
69. text/x-component \
70. text/xml
71. </IfModule>
72. # ----------------------------------------------------------------------
73. # BEGIN Security
74. # ----------------------------------------------------------------------
75.  
76. # Begin liste: Bloquer l'acces aux fichiers
77. <Files ~ "^\.ht">
78. Order allow,deny
79. Deny from all
80. Satisfy All
81. </Files>
82. <files readme.html>
83. Order allow,deny
84. Deny from all
85. Satisfy All
86. </files>
87. <files readme.txt>
88. Order allow,deny
89. Deny from all
90. Satisfy All
91. </files>
92. <files install.php>
93. Order allow,deny
94. Deny from all
95. Satisfy All
96. </files>
97. <files wp-config.php>
98. Order allow,deny
99. Deny from all
100. Satisfy All
101. </files>
102. # END liste
103. # Stop spam attack logins and comments
104. <IfModule mod_rewrite.c>
105. RewriteEngine On
106. RewriteCond %{REQUEST_METHOD} POST
107. RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
108. RewriteCond %{HTTP_REFERER} !.*(mabulledu.net).* [OR]
109. RewriteCond %{HTTP_USER_AGENT} ^$
110. RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
111. </ifModule>
112. # 5G BLACKLIST/FIREWALL (2013)
113. # @ http://perishablepress.com/5g-blacklist-2013/
114. # 5G:[QUERY STRINGS]
115. <IfModule mod_rewrite.c>
116. RewriteEngine On
117. RewriteBase /
118. RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
119. RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
120. RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
121. RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
122. RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
123. RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
124. RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
125. RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
126. RewriteRule .* - [F]
127. </IfModule>
128. # 5G:[REQUEST STRINGS]
129. <IfModule mod_alias.c>
130. RedirectMatch 403 (https?|ftp|php)\://
131. RedirectMatch 403 /(https?|ima|ucp)/
132. RedirectMatch 403 /(Permanent|Better)$
133. RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
134. RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
135. RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
136. RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
137. RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
138. RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
139. RedirectMatch 403 \.well\-known/host\-meta
140. RedirectMatch 403 /function\.array\-rand
141. RedirectMatch 403 \)\;\$\(this\)\.html\(
142. RedirectMatch 403 proc/self/environ
143. RedirectMatch 403 msnbot\.htm\)\.\_
144. RedirectMatch 403 /ref\.outcontrol
145. RedirectMatch 403 com\_cropimage
146. RedirectMatch 403 indonesia\.htm
147. RedirectMatch 403 \{\$itemURL\}
148. RedirectMatch 403 function\(\)
149. RedirectMatch 403 labels\.rdf
150. RedirectMatch 403 /playing.php
151. RedirectMatch 403 muieblackcat
152. </IfModule>
153.  
154. # 5G:[REQUEST METHOD]
155. <ifModule mod_rewrite.c>
156. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
157. RewriteRule .* - [F]
158. </IfModule>
159. #Begin BAD IPS
160. <limit GET POST PUT>
161. Order Allow,Deny
162. Allow from all
163. # wp-admin logueur
164. deny from 37.59.2.42
165. deny from 74.14.237.15
166. deny from 85.113.44.241
167. deny from 90.188.236.38
168. deny from 94.154.222.2
169. deny from 103.22.181.8
170. deny from 109.197.193.202
171. deny from 112.134.227.131
172. deny from 159.224.139.133
173. deny from 176.40.120.60
174. deny from 177.6.120.47
175. deny from 177.83.226.146
176. deny from 183.60.214.47
177. deny from 186.220.37.8
178. deny from 189.48.99.100
179. deny from 190.199.241.165
180. deny from 194.150.113.90
181. deny from 200.27.231.114
182. deny from 200.86.198.200
183. deny from 200.139.175.57
184. deny from 201.91.91.14
185. deny from 203.206.167.242
186. deny from 212.145.64.56
187. deny from 217.137.225.153
188. # fin wp-admin logueur
189. # spammeur
190. deny from 37.9.53.129
191. deny from 195.2.240.106
192. deny from 162.248.244.7
193. # Start Custom Blocks
194. # Bluecoat
195. deny from 8.21.4.254
196. deny from 65.46.48.192/30
197. deny from 65.160.238.176/28
198. deny from 85.92.222.0/24
199. deny from 206.51.36.0/22
200. deny from 216.52.23.0/24
201. # cyveillance
202. deny from 38.100.19.8/29
203. deny from 38.100.21.0/24
204. deny from 38.100.41.64/26
205. deny from 38.105.71.0/25
206. deny from 38.105.83.0/27
207. deny from 38.112.21.140/30
208. deny from 38.118.42.32/29
209. deny from 65.213.208.128/27
210. deny from 65.222.176.96/27
211. deny from 65.222.185.72/29
212. # Cyberpatrol
213. deny from 38.103.17.160/27
214. # Internet Identity - Anti-Phishing
215. deny from 66.113.96.0/20
216. deny from 70.35.113.192/27
217. # Ironport
218. deny from 204.15.80.0/22
219. # Lightspeed Systems Security
220. deny from 66.17.15.128/26
221. deny from 69.84.207.32/27
222. deny from 69.84.207.128/25
223. # Layered Technologies
224. deny from 72.36.128.0/17
225. deny from 72.232.0.0/16
226. deny from 72.233.0.0/17
227. deny from 216.32.0.0/14
228. # M86
229. deny from 67.192.231.224/29
230. deny from 208.90.236.0/22
231. # Phish-Inspector.com
232. deny from 209.147.127.208/28
233. # Prescient Software, Inc. Phishmongers
234. deny from 198.186.190.0/23
235. deny from 198.186.192.0/23
236. deny from 198.186.194.0/24
237. # urlfilterdb
238. deny from 207.210.99.32/29
239. # websense-in.car1.sandiego1.level3.net
240. deny from 4.53.120.22
241. # Websense
242. deny from 66.194.6.0/24
243. deny from 67.117.201.128/28
244. deny from 69.67.32.0/20
245. deny from 131.191.87.0/24
246. deny from 204.15.64.0/21
247. deny from 208.80.192.0/21
248. deny from 212.62.26.64/27
249. deny from 213.168.226.0/24
250. deny from 213.168.241.0/30
251. deny from 213.168.242.0/30
252. deny from 213.236.150.16/28
253. </limit>
254. #End BAD IPS
255. #####################################################
256. #Block comment spammers, bad bots and some proxies
257. <ifModule mod_rewrite.c>
258. RewriteEngine on
259. RewriteCond %{REMOTE_HOST} 12.226.240.248 [OR]
260. RewriteCond %{REMOTE_HOST} 24.111.102.26 [OR]
261. RewriteCond %{REMOTE_HOST} 24.117.121.113 [OR]
262. RewriteCond %{REMOTE_HOST} 65.30.216.140 [OR]
263. RewriteCond %{REMOTE_HOST} 67.87.64.23 [OR]
264. RewriteCond %{REMOTE_HOST} 68.12.149.198 [OR]
265. RewriteCond %{REMOTE_HOST} 69.139.167.203 [OR]
266. RewriteCond %{REMOTE_HOST} 74.95.182.57 [OR]
267. RewriteCond %{REMOTE_HOST} 91.121.3.29 [OR]
268. RewriteCond %{REMOTE_HOST} 203.94.229.227 [OR]
269. RewriteCond %{REMOTE_HOST} 208.96.122.142 [OR]
270. RewriteCond %{REMOTE_HOST} 210.0.141.247 [OR]
271. RewriteCond %{REMOTE_HOST} 210.197.97.67 [OR]
272. RewriteCond %{REMOTE_HOST} 212.179.127.188 [OR]
273. RewriteCond %{REMOTE_HOST} 216.246.60.183 [OR]
274. RewriteCond %{REMOTE_HOST} 220.156.189.233 [OR]
275. RewriteCond %{REMOTE_HOST} 222.36.12.42 [OR]
276. </IfModule>
277. #End Block comment spammers, bad bots and some proxies