MyBe This .htaccess Code Can Help To Secure Ur Url

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    MyBe This .htaccess Code Can Help To Secure Ur Url

    # SECURE .HTACCESS

    # If for some strange reason your host does not have +FollowSymlinks enabled by default at
    # the root level then you will need to enable Options +FollowSymlinks for mod_rewrite to work.
    # If you are getting HTTP Error 500 Internal server errors and you have checked to make sure
    # everything else is set correctly then remove the # sign in front of Options +FollowSymlinks
    # below. If you are still getting 500 errors then immediately put the # sign back. All hosts
    # these days should have this enabled by default. Enabling this will actually cause 500 server
    # errors if your host has this enabled so you should probably never have to remove the # sign.
    # Options +FollowSymlinks

    # These are some common Apache Directives to force PHP5 to be used instead of PHP4
    # Some web hosts have very specific directives - check with your web host first
    # Remove the pound sign in front of AddType x-mapp-php5 .php for 1&1 web hosting
    # AddType x-mapp-php5 .php
    # Other common possibilities depending on your web host - check with your web host first
    # AddHandler application/x-httpd-php5 .php
    # AddHandler cgi-php5 .php

    Options -Indexes

    # BEGIN Nahar
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END Nahar

    # If you want to add a custom 403 Forbidden page for your website uncomment the
    # detailed instructions on how to do this.
    # ErrorDocument 403 /forbidden.html

    # QUERY STRING EXPLOITS
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} tag\= [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(execute|exec|sp_executesql|request|select|inse rt|union|declare|drop|delete|create|alter|update|o rder|char|set|cast|convert|meta|script|truncate).* [NC]
    RewriteRule ^(.*)$ - [F,L]

    # Deny Access to config.php, /inc/config.inc.php, all .htaccess files
    # php.ini, php5.ini and the WordPress readme.html installation file.
    # To allow only yourself access to these files add your IP address below
    <FilesMatch "^(include\.php|install\.php|\.htaccess|php\.ini|p hp5\.ini|readme\.html)">
    Deny from all
    # Allow from xxx.xxx.xxx.xxx <==Your IP
    </FilesMatch>

    Hmm..If This Post Not Usefull, Just Trash It
    Last edited by Nahar; 09.02.11, 10:27.

    #2
    ..

    Also add this to ur php.ini
    Code:
    disable_functions = exec,passthru,shell_exec,system,proc_open,popen,c url_exec,curl_multi_exec,parse_ini_file,show_source
    restart your httpd =)


    http://www.toinx.org

    Comment


      #3
      this is a good tutorial!thanks!

      Comment


        #4
        It als0 can sl0w y0ur server l0l..

        Added after 7 minutes:

        Yeah, i agree with rayjee but i already use this before 0n my site.. I got some trouble with .sis, exe and a lot of file...
        Last edited by ewanz; 12.02.11, 13:01.
        our lfe is simple words....
        http://mygenkz.net
        ewanz06@yahoo.com
        PHP Code:
        $output="i am NOoob....";
        $newfile="ewanz.txt";
        $file fopen ($newfile"w");
        fwrite($file$output);
        fclose ($file); 

        Comment


          #5
          m In VPS So i Dont Think my Server Will Slow

          Comment


            #6
            It must have a huge m0ney t0 p00r pers0n like me t0 buy vps and the c0nclusi0n here.. As the big usage in .htaccess as the high server usage
            our lfe is simple words....
            http://mygenkz.net
            ewanz06@yahoo.com
            PHP Code:
            $output="i am NOoob....";
            $newfile="ewanz.txt";
            $file fopen ($newfile"w");
            fwrite($file$output);
            fclose ($file); 

            Comment


              #7
              Just For 6 Month..
              Nvm m8..m Tired For Fighting..
              m In Bad Mood + Sad bCoz My birthday Is Upon Us And This Is My First Time Celebrating a Birthday Without a Mother

              Comment


                #8
                copypaste

                the code is , copy paste from . . . Wordpress !
                Last edited by awan; 16.02.11, 22:21. Reason: wrong

                Comment


                  #9
                  Then what that mean? @awan
                  have connected with http://adexchat.com ?
                  Fun up with
                  http://forum.adexchat.com

                  Comment


                    #10
                    Originally posted by adex3g View Post
                    Then what that mean? @awan
                    N0thing . .

                    Comment


                      #11
                      Cool @awan, good tutorial also secure uploader
                      have connected with http://adexchat.com ?
                      Fun up with
                      http://forum.adexchat.com

                      Comment


                        #12
                        Originally posted by awan View Post
                        the code is , copy paste from . . . Wordpress !
                        LoL..Just Wordpress Can Use This .htaccess??
                        u Can Learn By Blueproof n Btw, i Learn ,htaccess Code From There..
                        u Just Know Post n Dont Know Wht Is Tht??
                        ua So Funny awan..Did u Site Secure Now??LoL

                        Comment


                          #13
                          Originally posted by Nahar View Post
                          LoL..Just Wordpress Can Use This .htaccess??
                          u Can Learn By Blueproof n Btw, i Learn ,htaccess Code From There..
                          u Just Know Post n Dont Know Wht Is Tht??
                          ua So Funny awan..Did u Site Secure Now??LoL
                          Actually ,I already have this code in my htaccess ,thnx 4 inf0.

                          ,senior members , u have a any htaccess code for avoid any hacking tecnique ?

                          Comment


                            #14
                            Stop Use FREE HOST bCoz Its CRAP!!
                            LoL..Ur Script Is Already Secure, m Just Coming From Ur Cpanel..LoL

                            Added after 5 minutes:

                            Btw m8..DId u Know Celcom Broadband User "CANT" Surf Ur Site..
                            Last edited by Nahar; 17.02.11, 15:56.

                            Comment


                              #15
                              Originally posted by Nahar View Post
                              Stop Use FREE HOST bCoz Its CRAP!!
                              LoL..Ur Script Is Already Secure, m Just Coming From Ur Cpanel..LoL

                              Added after 5 minutes:

                              Btw m8..DId u Know Celcom Broadband User "CANT" Surf Ur Site..
                              Give my email back..if u wanted to give back. .

                              Actually . I kn0w about this problem . . My wap cann0t open via pc , because my f**king host . Doest now allow wap . Running on pc , but , can open it using mobile . Damn it !

                              Comment

                              Working...
                              X