Advertisement
nicolascluz

.HTTACCES test

May 20th, 2014
298
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.35 KB | None | 0 0
  1. # ------------------
  2. # UTF-8 encoding
  3. # ------------------
  4. # Use UTF-8 encoding for anything served as `text/html` or `text/plain`.
  5. AddDefaultCharset utf-8
  6. # Force UTF-8 for certain file formats.
  7. <IfModule mod_mime.c>
  8. AddCharset utf-8 .atom .css .js .json .jsonld .rss .vtt .webapp .xml .xsl
  9. </IfModule>
  10. # ---------------------------
  11. # BEGIN Cache-Control Headers
  12. # ---------------------------
  13. <IfModule mod_expires.c>
  14. ExpiresActive On
  15. ExpiresByType image/jpg "access plus 2592000 seconds"
  16. ExpiresByType image/jpeg "access plus 2592000 seconds"
  17. ExpiresByType image/png "access plus 2592000 seconds"
  18. ExpiresByType image/gif "access plus 2592000 seconds"
  19. ExpiresByType image/ico "access plus 2592000 seconds"
  20. ExpiresByType image/icon "access plus 2592000 seconds"
  21. ExpiresByType image/x-icon "access plus 2592000 seconds"
  22. ExpiresByType text/css "access plus 2592000 seconds"
  23. ExpiresByType text/javascript "access plus 604800 seconds"
  24. ExpiresByType application/xhtml+xml "access plus 7200 seconds"
  25. ExpiresByType application/javascript "access plus 2592000 seconds"
  26. ExpiresByType application/x-javascript "access plus 2592000 seconds"
  27. ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
  28. ExpiresByType font/ttf "access plus 2592000 seconds"
  29. ExpiresByType application/x-font-woff "access plus 2592000 seconds"
  30. </IfModule>
  31. <IfModule mod_headers.c>
  32. <FilesMatch "\\.(ico|jpe?g|png|gif|swf|gz|woff|svg)$">
  33. Header unset Cookie
  34. Header unset Set-Cookie
  35. Header set Cache-Control "max-age=2592000"
  36. </FilesMatch>
  37. <FilesMatch "\\.(js|css)$">
  38. Header unset Cookie
  39. Header unset Set-Cookie
  40. Header set Cache-Control "max-age=2592000"
  41. </FilesMatch>
  42. </IfModule>
  43. <IfModule mod_headers.c>
  44. Header unset ETag
  45. Header unset Pragma
  46. Header set Connection keep-alive
  47. Header unset Accept-Ranges
  48. </IfModule>
  49. # ---------------
  50. # | Compression |
  51. # ---------------
  52. <IfModule mod_deflate.c>
  53. AddOutputFilterByType DEFLATE application/atom+xml \
  54. application/javascript \
  55. application/json \
  56. application/ld+json \
  57. application/rss+xml \
  58. application/vnd.ms-fontobject \
  59. application/x-font-ttf \
  60. application/x-web-app-manifest+json \
  61. application/xhtml+xml \
  62. application/xml \
  63. font/opentype \
  64. image/svg+xml \
  65. image/x-icon \
  66. text/css \
  67. text/html \
  68. text/plain \
  69. text/x-component \
  70. text/xml
  71. </IfModule>
  72. # ----------------------------------------------------------------------
  73. # BEGIN Security
  74. # ----------------------------------------------------------------------
  75.  
  76. # Begin liste: Bloquer l'acces aux fichiers
  77. <Files ~ "^\.ht">
  78. Order allow,deny
  79. Deny from all
  80. Satisfy All
  81. </Files>
  82. <files readme.html>
  83. Order allow,deny
  84. Deny from all
  85. Satisfy All
  86. </files>
  87. <files readme.txt>
  88. Order allow,deny
  89. Deny from all
  90. Satisfy All
  91. </files>
  92. <files install.php>
  93. Order allow,deny
  94. Deny from all
  95. Satisfy All
  96. </files>
  97. <files wp-config.php>
  98. Order allow,deny
  99. Deny from all
  100. Satisfy All
  101. </files>
  102. # END liste
  103. # Stop spam attack logins and comments
  104. <IfModule mod_rewrite.c>
  105. RewriteEngine On
  106. RewriteCond %{REQUEST_METHOD} POST
  107. RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
  108. RewriteCond %{HTTP_REFERER} !.*(mabulledu.net).* [OR]
  109. RewriteCond %{HTTP_USER_AGENT} ^$
  110. RewriteRule (.*) http://%{REMOTE_ADDR}/$ [R=301,L]
  111. </ifModule>
  112. # 5G BLACKLIST/FIREWALL (2013)
  113. # @ http://perishablepress.com/5g-blacklist-2013/
  114. # 5G:[QUERY STRINGS]
  115. <IfModule mod_rewrite.c>
  116. RewriteEngine On
  117. RewriteBase /
  118. RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
  119. RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
  120. RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
  121. RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
  122. RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
  123. RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
  124. RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
  125. RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
  126. RewriteRule .* - [F]
  127. </IfModule>
  128. # 5G:[REQUEST STRINGS]
  129. <IfModule mod_alias.c>
  130. RedirectMatch 403 (https?|ftp|php)\://
  131. RedirectMatch 403 /(https?|ima|ucp)/
  132. RedirectMatch 403 /(Permanent|Better)$
  133. RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
  134. RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
  135. RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
  136. RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
  137. RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
  138. RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
  139. RedirectMatch 403 \.well\-known/host\-meta
  140. RedirectMatch 403 /function\.array\-rand
  141. RedirectMatch 403 \)\;\$\(this\)\.html\(
  142. RedirectMatch 403 proc/self/environ
  143. RedirectMatch 403 msnbot\.htm\)\.\_
  144. RedirectMatch 403 /ref\.outcontrol
  145. RedirectMatch 403 com\_cropimage
  146. RedirectMatch 403 indonesia\.htm
  147. RedirectMatch 403 \{\$itemURL\}
  148. RedirectMatch 403 function\(\)
  149. RedirectMatch 403 labels\.rdf
  150. RedirectMatch 403 /playing.php
  151. RedirectMatch 403 muieblackcat
  152. </IfModule>
  153.  
  154. # 5G:[REQUEST METHOD]
  155. <ifModule mod_rewrite.c>
  156. RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
  157. RewriteRule .* - [F]
  158. </IfModule>
  159. #Begin BAD IPS
  160. <limit GET POST PUT>
  161. Order Allow,Deny
  162. Allow from all
  163. # wp-admin logueur
  164. deny from 37.59.2.42
  165. deny from 74.14.237.15
  166. deny from 85.113.44.241
  167. deny from 90.188.236.38
  168. deny from 94.154.222.2
  169. deny from 103.22.181.8
  170. deny from 109.197.193.202
  171. deny from 112.134.227.131
  172. deny from 159.224.139.133
  173. deny from 176.40.120.60
  174. deny from 177.6.120.47
  175. deny from 177.83.226.146
  176. deny from 183.60.214.47
  177. deny from 186.220.37.8
  178. deny from 189.48.99.100
  179. deny from 190.199.241.165
  180. deny from 194.150.113.90
  181. deny from 200.27.231.114
  182. deny from 200.86.198.200
  183. deny from 200.139.175.57
  184. deny from 201.91.91.14
  185. deny from 203.206.167.242
  186. deny from 212.145.64.56
  187. deny from 217.137.225.153
  188. # fin wp-admin logueur
  189. # spammeur
  190. deny from 37.9.53.129
  191. deny from 195.2.240.106
  192. deny from 162.248.244.7
  193. # Start Custom Blocks
  194. # Bluecoat
  195. deny from 8.21.4.254
  196. deny from 65.46.48.192/30
  197. deny from 65.160.238.176/28
  198. deny from 85.92.222.0/24
  199. deny from 206.51.36.0/22
  200. deny from 216.52.23.0/24
  201. # cyveillance
  202. deny from 38.100.19.8/29
  203. deny from 38.100.21.0/24
  204. deny from 38.100.41.64/26
  205. deny from 38.105.71.0/25
  206. deny from 38.105.83.0/27
  207. deny from 38.112.21.140/30
  208. deny from 38.118.42.32/29
  209. deny from 65.213.208.128/27
  210. deny from 65.222.176.96/27
  211. deny from 65.222.185.72/29
  212. # Cyberpatrol
  213. deny from 38.103.17.160/27
  214. # Internet Identity - Anti-Phishing
  215. deny from 66.113.96.0/20
  216. deny from 70.35.113.192/27
  217. # Ironport
  218. deny from 204.15.80.0/22
  219. # Lightspeed Systems Security
  220. deny from 66.17.15.128/26
  221. deny from 69.84.207.32/27
  222. deny from 69.84.207.128/25
  223. # Layered Technologies
  224. deny from 72.36.128.0/17
  225. deny from 72.232.0.0/16
  226. deny from 72.233.0.0/17
  227. deny from 216.32.0.0/14
  228. # M86
  229. deny from 67.192.231.224/29
  230. deny from 208.90.236.0/22
  231. # Phish-Inspector.com
  232. deny from 209.147.127.208/28
  233. # Prescient Software, Inc. Phishmongers
  234. deny from 198.186.190.0/23
  235. deny from 198.186.192.0/23
  236. deny from 198.186.194.0/24
  237. # urlfilterdb
  238. deny from 207.210.99.32/29
  239. # websense-in.car1.sandiego1.level3.net
  240. deny from 4.53.120.22
  241. # Websense
  242. deny from 66.194.6.0/24
  243. deny from 67.117.201.128/28
  244. deny from 69.67.32.0/20
  245. deny from 131.191.87.0/24
  246. deny from 204.15.64.0/21
  247. deny from 208.80.192.0/21
  248. deny from 212.62.26.64/27
  249. deny from 213.168.226.0/24
  250. deny from 213.168.241.0/30
  251. deny from 213.168.242.0/30
  252. deny from 213.236.150.16/28
  253. </limit>
  254. #End BAD IPS
  255. #####################################################
  256. #Block comment spammers, bad bots and some proxies
  257. <ifModule mod_rewrite.c>
  258. RewriteEngine on
  259. RewriteCond %{REMOTE_HOST} 12.226.240.248 [OR]
  260. RewriteCond %{REMOTE_HOST} 24.111.102.26 [OR]
  261. RewriteCond %{REMOTE_HOST} 24.117.121.113 [OR]
  262. RewriteCond %{REMOTE_HOST} 65.30.216.140 [OR]
  263. RewriteCond %{REMOTE_HOST} 67.87.64.23 [OR]
  264. RewriteCond %{REMOTE_HOST} 68.12.149.198 [OR]
  265. RewriteCond %{REMOTE_HOST} 69.139.167.203 [OR]
  266. RewriteCond %{REMOTE_HOST} 74.95.182.57 [OR]
  267. RewriteCond %{REMOTE_HOST} 91.121.3.29 [OR]
  268. RewriteCond %{REMOTE_HOST} 203.94.229.227 [OR]
  269. RewriteCond %{REMOTE_HOST} 208.96.122.142 [OR]
  270. RewriteCond %{REMOTE_HOST} 210.0.141.247 [OR]
  271. RewriteCond %{REMOTE_HOST} 210.197.97.67 [OR]
  272. RewriteCond %{REMOTE_HOST} 212.179.127.188 [OR]
  273. RewriteCond %{REMOTE_HOST} 216.246.60.183 [OR]
  274. RewriteCond %{REMOTE_HOST} 220.156.189.233 [OR]
  275. RewriteCond %{REMOTE_HOST} 222.36.12.42 [OR]
  276. </IfModule>
  277. #End Block comment spammers, bad bots and some proxies
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement