1988gadocansey/SRMS/master/.htaccess - Htaccess File

1988gadocansey/SRMS/master/.htaccess

##
# @version    $Id: htaccess.txt   2014-10-07 15:47:33Z 
# @package    root
# @copyright          Copyright (C) 2014 - 2015 Takoradi Polytechnic. All rights reserved.
# @license    GNU General Public License version 2 or later; see LICENSE.txt
##

SetEnv TZ Africa/Accra
SetEnv SERVER_ADMIN gadocansey@google.com
IndexIgnore * 
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^.]+)$ $1.php [NC,L]
# redirect the site to only https
 
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*([^)]*) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
 
#Enabling URL open in order to send sms
php_value allow_url_fopen On
 # PHP error handling for production servers

# disable display of startup errors
php_flag display_startup_errors off

# disable display of all other errors
php_flag display_errors off

# disable html markup of errors
php_flag html_errors off

# enable logging of errors
php_flag log_errors on

# disable ignoring of repeat errors
php_flag ignore_repeated_errors off

# disable ignoring of unique source errors
php_flag ignore_repeated_source off

# enable logging of php memory leaks
php_flag report_memleaks on

# preserve most recent error via php_errormsg
php_flag track_errors on

# disable formatting of error reference links
php_value docref_root 0

# disable formatting of error reference links
php_value docref_ext 0

# specify path to php error log
php_value error_log localhost/flat-accountant/error.txt

# specify recording of all php errors
# [see footnote 3] # php_value error_reporting 999999999
php_value error_reporting -1

# disable max error string length
php_value log_errors_max_len 0

# protect error log by preventing public access
<Files PHP_errors.log>
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

# to denied an ip use # someone else giving the ruskies a bad name..
#order allow,deny
#deny from 83.222.23.219
#allow from all
# custom error documents
ErrorDocument 401  https://localhost/Students_Records_Management_System/404.html
ErrorDocument 403  https://localhost/Students_Records_Management_System/404.html
ErrorDocument 404  https://localhost/Students_Records_Management_System/404.htm
ErrorDocument 500 https://localhost/Students_Records_Management_System505.html
#Denies any request for static files (images, css, etc) if referrer is not local site or empty.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{HTTP_REFERER} !^https://www.askapache.com.*$ [NC]
RewriteRule .(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L]

 

 
  php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200
#Blocking request based on User-Agent Header
SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
Deny from env=HTTP_SAFE_BADBOT

#deny acces to .htaccess
<Files ~ "^.ht">
 Order allow,deny
 Deny from all
 Satisfy All
</Files>
# don't even think about setting this to 'on'
php_value register_globals off

# no session id's in the URL PULEEZE!
php_value session.use_trans_sid 0

# should be the same as..
php_flag session.use_trans_sid off
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi

Options -ExecCGI

# implementing caching for performance

# MONTH

Header set Cache-Control "max-age=2592000"

# WEEK

Header set Cache-Control "max-age=604800"

# DAY

Header set Cache-Control "max-age=43200"

#
# A (partial) domain-name

#Allow from 10.1.0.0/255.255.0.0

# Full IP address

#Allow from 10.1.2.3

# More than 1 full IP address

#Allow from 192.168.1.104 192.168.1.205

# Partial IP addresses

# first 1 to 3 bytes of IP, for subnet restriction.

#Allow from 10.1

#Allow from 10 172.20 192.168.2

# network/netmask pair

#Allow from 10.1.0.0/255.255.0.0

# network/nnn CIDR specification

#Allow from 10.1.0.0/16

# IPv6 addresses and subnets

#Allow from 2001:db8::a00:20ff:fea7:ccea

#Allow from 2001:db8::a00:20ff:fea7:ccea/10
 
#block access to files during certain hours of the day

# If the hour is 16 (8 PM) Then deny all access

On Github License

Files

Download PDF of Htaccess file
HTTP_REFERER, QUERY_STRING, REQUEST_FILENAME, REQUEST_URI, SERVER_ADMIN, static, TZ

Comments

Apache