MyBe This .htaccess Code Can Help To Secure Ur Url
# SECURE .HTACCESS
# If for some strange reason your host does not have +FollowSymlinks enabled by default at
# the root level then you will need to enable Options +FollowSymlinks for mod_rewrite to work.
# If you are getting HTTP Error 500 Internal server errors and you have checked to make sure
# everything else is set correctly then remove the # sign in front of Options +FollowSymlinks
# below. If you are still getting 500 errors then immediately put the # sign back. All hosts
# these days should have this enabled by default. Enabling this will actually cause 500 server
# errors if your host has this enabled so you should probably never have to remove the # sign.
# Options +FollowSymlinks
# These are some common Apache Directives to force PHP5 to be used instead of PHP4
# Some web hosts have very specific directives - check with your web host first
# Remove the pound sign in front of AddType x-mapp-php5 .php for 1&1 web hosting
# AddType x-mapp-php5 .php
# Other common possibilities depending on your web host - check with your web host first
# AddHandler application/x-httpd-php5 .php
# AddHandler cgi-php5 .php
Options -Indexes
# BEGIN Nahar
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END Nahar
# If you want to add a custom 403 Forbidden page for your website uncomment the
# detailed instructions on how to do this.
# ErrorDocument 403 /forbidden.html
# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|inse rt|union|declare|drop|delete|create|alter|update|o rder|char|set|cast|convert|meta|script|truncate).* [NC]
RewriteRule ^(.*)$ - [F,L]
# Deny Access to config.php, /inc/config.inc.php, all .htaccess files
# php.ini, php5.ini and the WordPress readme.html installation file.
# To allow only yourself access to these files add your IP address below
<FilesMatch "^(include\.php|install\.php|\.htaccess|php\.ini|p hp5\.ini|readme\.html)">
Deny from all
# Allow from xxx.xxx.xxx.xxx <==Your IP
</FilesMatch>
Hmm..If This Post Not Usefull, Just Trash It
# If for some strange reason your host does not have +FollowSymlinks enabled by default at
# the root level then you will need to enable Options +FollowSymlinks for mod_rewrite to work.
# If you are getting HTTP Error 500 Internal server errors and you have checked to make sure
# everything else is set correctly then remove the # sign in front of Options +FollowSymlinks
# below. If you are still getting 500 errors then immediately put the # sign back. All hosts
# these days should have this enabled by default. Enabling this will actually cause 500 server
# errors if your host has this enabled so you should probably never have to remove the # sign.
# Options +FollowSymlinks
# These are some common Apache Directives to force PHP5 to be used instead of PHP4
# Some web hosts have very specific directives - check with your web host first
# Remove the pound sign in front of AddType x-mapp-php5 .php for 1&1 web hosting
# AddType x-mapp-php5 .php
# Other common possibilities depending on your web host - check with your web host first
# AddHandler application/x-httpd-php5 .php
# AddHandler cgi-php5 .php
Options -Indexes
# BEGIN Nahar
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END Nahar
# If you want to add a custom 403 Forbidden page for your website uncomment the
# detailed instructions on how to do this.
# ErrorDocument 403 /forbidden.html
# QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|inse rt|union|declare|drop|delete|create|alter|update|o rder|char|set|cast|convert|meta|script|truncate).* [NC]
RewriteRule ^(.*)$ - [F,L]
# Deny Access to config.php, /inc/config.inc.php, all .htaccess files
# php.ini, php5.ini and the WordPress readme.html installation file.
# To allow only yourself access to these files add your IP address below
<FilesMatch "^(include\.php|install\.php|\.htaccess|php\.ini|p hp5\.ini|readme\.html)">
Deny from all
# Allow from xxx.xxx.xxx.xxx <==Your IP
</FilesMatch>
Hmm..If This Post Not Usefull, Just Trash It
Comment