Options +FollowSymLinks
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^page/([a-zA-Z0-9]+)/? pages.php?page=$1 [L]
RewriteRule ^archive archive.php [L]
RewriteRule ^rss/?$ feed/ [NC,L]
RewriteRule ^rss.xml$ feed/ [NC,L]
RewriteRule ^main$ main.php [L]
RewriteRule ^profile profile.php [L]
RewriteRule ^user/([^/]+)/?$ user.php?user=$1 [L]
RewriteRule ^contact contact.php [L]
RewriteRule ^download/(.*)$ paste.php?download&id=$1 [L]
RewriteRule ^raw/(.*)$ paste.php?raw&id=$1 [L]
RewriteRule ^embed/(.*)$ paste.php?embed&id=$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ paste.php?id=$1 [L]
#.htaccess hide file extension
#If you want to hide file extension from your website then you can do it using .htaccess follow this code snippet and hide file extensions.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
#SQl Injection is a code base injection. Hackers using SQL Injection to dump information from a database. For prevent SQL Injection use this code snippet in your website .htaccess
RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)ALL([%20\ /\*+]*)SELECT [NC,OR]
RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)SELECT [NC,OR]
RewriteCond %{QUERY_STRING} /\* [NC,OR]
RewriteCond %{QUERY_STRING} \*/ [NC]
RewriteRule ^.* - [F]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} http:.*\/.*\/ [OR]
RewriteCond %{QUERY_STRING} ..*\/ [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]
RewriteRule (.*) - [F]
#Prevent XSS attacks using .htaccess
#If you want to prevent Cross Site Scripting (XSS) you can do it suing .htaccess now it's time to make your website more secure, let's see how to protect XSS using .htaceess,
RewriteCond %{QUERY_STRING} http://([a-zA-Z0-9_\-]*) [NC,OR]
RewriteCond %{QUERY_STRING} http:/([a-zA-Z0-9_\-]*) [NC,OR]
RewriteCond %{QUERY_STRING} cmd= [NC,OR]
RewriteCond %{QUERY_STRING} &cmd [NC,OR]
RewriteCond %{QUERY_STRING} exec [NC,OR]
RewriteCond %{QUERY_STRING} execu [NC,OR]
RewriteCond %{QUERY_STRING} concat [NC]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\
|\
|%0A|%0D).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark|print|printf|system|exec|scanf).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC]
RewriteRule ^.* - [F]