PHP Classes

File: .htaccess

Recommend this page to a friend!
  Classes of Saro Carvello   PHP Web MVC Framework   .htaccess   Download  
File: .htaccess
Role: Auxiliary data
Content type: text/plain
Description: Auxiliary data
Class: PHP Web MVC Framework
MVC framework providing autogenerated MySQL models
Author: By
Last change: Update .htaccess
Update .htaccess
Update .htaccess
Date: 2 years ago
Size: 4,566 bytes
 

Contents

Class file image Download
# .htaccess # Main Web MVC Framework Rewrite Rules for routing request to index.php and securing website # # copyright (c) 2016 Rosario Carvello <rosario.carvello@gmail.com> - All rights reserved. # see License.txt file # license BSD Clause 3 License # license https://opensource.org/licenses/BSD-3-Clause This software is distributed under BSD-3-Clause Public License # Disables directory listing # Disabilita il listing delle directory Options -Indexes # Set Apache Rewrite Engine to On # Attiva il Rewrite Engine di Apache RewriteEngine On # Ignores errors for not founded directories and apply the RewriteRule # Ignora l'errore sul posizionamento nell directory che non esistono e applica il RewriteRule RewriteCond %{REQUEST_FILENAME} !-d # Ignores errors for not founded files and apply the RewriteRule # Ignora l'errore del caricamento dei file che non esistono e procedi con il RewriteRule RewriteCond %{REQUEST_FILENAME} !-f # Ignores errors for not founded links and apply the RewriteRule # Ignora l'errore dei link che non esistono e procedi con il RewriteRule RewriteCond %{REQUEST_FILENAME} !-l # A simple rule to routes the URL request to index.php with a parameter named url and containing the requested url value. # Routing di tutte le richieste che non possono essere eseguite a index.php con parametro url contenente l'URL sottomessa. RewriteRule ^(.+)$ index.php?url=$1 [QSA,L] # File Protection # Protezione del file .htacess <Files .htaccess> Order Allow,Deny Deny from all </Files> # Secure website using # Sicurezza del sito Options +FollowSymlinks ServerSignature Off # Rule #4a - Block out any script trying to base64_encode crap to send via URL RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # Rule #4b - Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Rule #4c - Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] # Rule #4d - Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) # Rule #4e - Send all blocked request to homepage with 403 Forbidden error! RewriteRule ^(.*)$ index.php [F,L] # Prevent XSS attacks # Prevenzione attacchi XSS RewriteCond %{QUERY_STRING} http://([a-zA-Z0-9_\-]*) [NC,OR] RewriteCond %{QUERY_STRING} http:/([a-zA-Z0-9_\-]*) [NC,OR] RewriteCond %{QUERY_STRING} cmd= [NC,OR] RewriteCond %{QUERY_STRING} &cmd [NC,OR] RewriteCond %{QUERY_STRING} exec [NC,OR] RewriteCond %{QUERY_STRING} execu [NC,OR] RewriteCond %{QUERY_STRING} concat [NC] RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] RewriteCond %{THE_REQUEST} ^.*(\|\|%0A|%0D).* [NC,OR] RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR] RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR] RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR] RewriteCond %{HTTP_USER_AGENT}^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark|print|printf|system|exec|scanf).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC] RewriteRule ^.* - [F] # Prevent SQL injections # Prevenzione SQL injections RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)ALL([%20\ /\*+]*)SELECT [NC,OR] RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)SELECT [NC,OR] RewriteCond %{QUERY_STRING} /\* [NC,OR] RewriteCond %{QUERY_STRING} \*/ [NC] RewriteRule ^.* - [F] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} http:.*\/.*\/ [OR] RewriteCond %{QUERY_STRING} ..*\/ [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteCond %{QUERY_STRING} [^az](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC] RewriteRule (.*) - [F]