PastonBin/.htaccess
2017-06-17 19:22:17 +02:00

79 lines
3.5 KiB
ApacheConf

Options +FollowSymLinks
RewriteEngine on
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^page/([a-zA-Z0-9]+)/? pages.php?page=$1 [L]
RewriteRule ^archive archive.php [L]
RewriteRule ^rss/?$ feed/ [NC,L]
RewriteRule ^rss.xml$ feed/ [NC,L]
RewriteRule ^main$ main.php [L]
RewriteRule ^profile profile.php [L]
RewriteRule ^user/([^/]+)/?$ user.php?user=$1 [L]
RewriteRule ^contact contact.php [L]
RewriteRule ^download/(.*)$ paste.php?download&id=$1 [L]
RewriteRule ^raw/(.*)$ paste.php?raw&id=$1 [L]
RewriteRule ^embed/(.*)$ paste.php?embed&id=$1 [L]
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ paste.php?id=$1 [L]
</IfModule>
#.htaccess hide file extension
#If you want to hide file extension from your website then you can do it using .htaccess follow this code snippet and hide file extensions.
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
</IfModule>
#SQl Injection is a code base injection. Hackers using SQL Injection to dump information from a database. For prevent SQL Injection use this code snippet in your website .htaccess
RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)ALL([%20\ /\*+]*)SELECT [NC,OR]
RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)SELECT [NC,OR]
RewriteCond %{QUERY_STRING} /\* [NC,OR]
RewriteCond %{QUERY_STRING} \*/ [NC]
RewriteRule ^.* - [F]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} http:.*\/.*\/ [OR]
RewriteCond %{QUERY_STRING} ..*\/ [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [^a-z](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]
RewriteRule (.*) - [F]
#Prevent XSS attacks using .htaccess
#If you want to prevent Cross Site Scripting (XSS) you can do it suing .htaccess now it's time to make your website more secure, let's see how to protect XSS using .htaceess,
RewriteCond %{QUERY_STRING} http://([a-zA-Z0-9_\-]*) [NC,OR]
RewriteCond %{QUERY_STRING} http:/([a-zA-Z0-9_\-]*) [NC,OR]
RewriteCond %{QUERY_STRING} cmd= [NC,OR]
RewriteCond %{QUERY_STRING} &cmd [NC,OR]
RewriteCond %{QUERY_STRING} exec [NC,OR]
RewriteCond %{QUERY_STRING} execu [NC,OR]
RewriteCond %{QUERY_STRING} concat [NC]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\
|\
|%0A|%0D).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark|print|printf|system|exec|scanf).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC]
RewriteRule ^.* - [F]