Htaccess File

Vidal-ru/Vidal/master/web/.htaccess

DOCUMENT_ROOT, ENV, GET, HTTP_HOST, HTTP_REFERER, HTTP_USER_AGENT, POST, QUERY_STRING, REDIRECT_STATUS, REQUEST_FILENAME, REQUEST_METHOD, REQUEST_URI, THE_REQUEST
# RWR v20160313

RewriteEngine On

# Redirect from www ---------------------------------------------------------------------

#RewriteBase /
#RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
#RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

# Config --------------------------------------------------------------------------------

# s-0001
<IfModule autoindex_module.c>
IndexIgnore *
</IfModule>

# s-0002
ServerSignature Off
Options -Indexes
DirectoryIndex index.php index.html index.htm

# s-0003
ErrorDocument 400 default
ErrorDocument 401 default
ErrorDocument 403 "Forbidden"
ErrorDocument 404 "Page Not Found"

# s-0004
<IfModule mod_php4.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
php_flag register_globals off
</IfModule>

<IfModule mod_php5.c>
php_flag display_errors off
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
php_flag register_globals off
</IfModule>

# WAF Rules -----------------------------------------------------------------------------

# Block methods
# s-0005 
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK|DEBUG) [NC]
RewriteRule .* - [F,L]

# Apache range security problem
# s-0006
RewriteCond %{REQUEST_METHOD} ^(HEAD|GET) [NC]
RewriteCond %{HTTP:Range} ([0-9]*-[0-9]*)(s*,s*[0-9]*-[0-9]*)+
RewriteRule .* - [F]

# RFI/LFI Protection
# s-0007
RewriteCond %{QUERY_STRING} ![a-zA-Z0-9_]=http://www.vidal.ru/
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=https:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=ftp:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=gopher:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [OR]
RewriteCond %{QUERY_STRING} (../|%2e%2e%2f|%2e%2e/|..%2f|%2e.%2f|%2e./|.%2e%2f|.%2e/) [OR]
RewriteCond %{QUERY_STRING} =|w| [NC]
RewriteRule .* - [F,L]

# Block system file and folder access
# s-0008
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127.0.0.1) [NC,OR]
RewriteCond %{QUERY_STRING} (.{1,}/)+(motd|etc|bin) [NC,OR]
RewriteCond %{QUERY_STRING} $_POST [NC,OR]
RewriteCond %{QUERY_STRING} wp-config.php [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:).*(;).* [NC,OR]  
RewriteCond %{QUERY_STRING} =PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]
RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC]
RewriteRule .* - [F,L]

RewriteCond %{THE_REQUEST} (%0A|%0D|\r|\n) [NC,OR]
RewriteCond %{THE_REQUEST} cgi-bin [NC,OR]
#RewriteCond %{THE_REQUEST} ? HTTP/ [NC,OR]
#RewriteCond %{THE_REQUEST} /* HTTP/ [NC,OR]
RewriteCond %{REQUEST_URI} owssvr.dll [NC,OR] 
RewriteCond %{REQUEST_URI} server-status [NC]
RewriteRule .* - [F,L]

RewriteRule /DOCUMENT_ROOT - [F,L]
RewriteRule /_mem_bin - [F,L]
RewriteRule /msadc - [F,L]
RewriteRule /_vti_bin - [F,L]
RewriteRule /_vti_inf.html - [F,L]

# Shellshock
RewriteCond %{QUERY_STRING} (s*)s*{s*:;s*};
RewriteCond %{THE_REQUEST} (s*)s*{s*:;s*};
RewriteCond %{HTTP_REFERER} (s*)s*{s*:;s*};
RewriteCond %{HTTP_USER_AGENT} (s*)s*{s*:;s*};
RewriteRule .* - [F,L]

# Block 3rd parties
# s-0009
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress.com|img.youtube|tinypic.com|upload.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress.com|img.youtube|tinypic.com|upload.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F,L]

# TimThumb blocker
# s-0010
RewriteCond %{HTTP_REFERER} ^.*%{HTTP_HOST}.*
RewriteCond %{REQUEST_URI} (timthumb.php|phpthumb.php|thumb.php|thumbs.php) [NC,OR]
RewriteCond %{REQUEST_URI} (uploadify/uploadify.php) [NC] 
RewriteRule .* - [F,L]

# Block suspicious user agents
# s-0011
#RewriteCond %{HTTP_USER_AGENT} (AESOP_com_SpiderMan|AhrefsBot|Alexibot|Anonymouse.org|asterias|attach|BackDoorBot|BackWeb|Bandit|Baiduspider|BatchFTP|Bigfoot|Black.Hole|BlackWidow|BlowFish|Bot mailto:craftbot@yahoo.com|BotALot|BTWebClient|Buddy|BuiltBotTough|Bullseye|BunnySlippers|Cegbfeieh|CheeseBot|CherryPicker|ChinaClaw|Collector|CommentReader|Copier|CopyRightCheck|cosmos|Crescent|Curl|Custo|DA|DISCo|discobot|DIIbot|DittoSpyder|Dolphin|Download|Download Demon|Download Devil|Download Wonder|Downloader|dragonfly|Drip|eCatch|EasyDL|ebingbong|EirGrabber|EmailCollector|EmailSiphon|EmailWolf|EroCrawler|Exabot|Express WebPictures|Extractor|EyeNetIE|Ezooms|FileHound|FlashGet|Foobot|flunky|FrontPage|GetRight|GetSmart|GetWeb!|Go!Zilla|Go-Ahead-Got-It|gotit|Grabber|GrabNet|Grafula|Harvest|havij|hloader|HMView|httplib|HTTrack|humanlinks|ia_archiver|igdeSpyder|IlseBot|Image Stripper|Image Sucker|Indy Library|InfoNaviRobot|InfoTekies|Intelliseek|InterGET|Internet Ninja|Iria|Jakarta|JennyBot|JetCar|JOC|JustView|Jyxobot|Kenjin.Spider|Keyword.Density|larbin|LeechFTP|LexiBot|lftp|libWeb/clsHTTP|likse|LinkextractorPro|LinkScan/8.1a.Unix|LNSpiderguy|LinkWalker|lwp-trivial|LWP::Simple|Magnet|Mag-Net|MarkWatch|Mass Downloader|Mata.Hari|Media Center PC|Memo|MJ12bot|Microsoft.URL|Microsoft URL Control|MIDown tool|MIIxpc|Mirror|Missigua Locator|Mister PiX|moget|Mozilla/3.Mozilla/2.01|Mozilla.*NEWT|NAMEPROTECT|Navroad|NearSite|NetAnts|Netcraft|NetMechanic|NetSpider|Net Vampire|NetZIP|NextGenSearchBot|NG|NICErsPRO|NimbleCrawler|Ninja|NPbot|Octopus|Offline Explorer|Offline Navigator|Openfind|OutfoxBot|PageGrabber|Papa Foto|pavuk|pcBrowser|PHP version tracker|Pockey|ProPowerBot/2.14|ProWebWalker|psbot|Pump|QueryN.Metasearch|RealDownload|Reaper|Recorder|ReGet|RepoMonkey|RMA|Siphon|sitecheck.internetseer.com|SiteSnagger|Slurp|SlySearch|SmartDownload|Snake|Snapbot|Snoopy|sogou|SpaceBison|SpankBot|spanner|Sqworm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|suzuran|Szukacz/1.4|Tagoobot|tAkeOut|Teleport|Telesoft|TurnitinBot/1.5|The.Intraformant|TheNomad|TightTwatBot|Titan|toCrawl/UrlDispatcher|True_Robot|turingos|TurnitinBot|Twiceler|URLy.Warning|Vacuum|VCI|VoidEYE|Web Image Collector|Web Sucker|WebAuto|WebBandit|Webclipping.com|WebCopier|WebEMailExtrac.*|WebEnhancer|WebFetch|WebGo IS|Web.Image.Collector|WebLeacher|WebmasterWorldForumBot|WebReaper|WebSauger|WebSite|Website eXtractor|Website Quester|Webster|WebStripper|WebWhacker|WebZIP|Wget|Whacker|Widow|WISENutbot|WWWOFFLE|WWW-Collector-E|Xaldon|Xenu|Yeti|Zeus|Zyborg) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (;|<|’|>|'|"|)|(|%0A|%0D|%22|%27|%28|%3C|%3E|%00).*(libwww-perl|wget|python|nikto|curl|scan|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC]
RewriteRule .* - [F,L]

RewriteCond %{HTTP_USER_AGENT} ":s:[0-9]+:" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "JDatabaseDriver" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "NT 5.1; SV1" [NC]
RewriteRule .* - [F,L]

RewriteCond %{HTTP:X-FORWARDED-FOR} ":s:[0-9]+:" [NC,OR]
RewriteCond %{HTTP:X-FORWARDED-FOR} "JDatabaseDriver" [NC]
RewriteRule .* - [F,L]

# Filter out referer
# s-0012
RewriteCond %{HTTP_REFERER} (%0A|%0D|%27|%3C|%3E|%00) [NC]
RewriteRule .* - [F,L]

# Protect against SQL Injections and code injection

# s-0013
RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(eval|chmod|chdir|mkdir|rmdir|whoami|uname|unzip|gunzip|grep|more|umask|telnet|ssh|ftp|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query|file_get_contents)([^a-zA-Z0-9].+)*$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|popen|proc_open)(.*)$
RewriteRule .* - [F,L]

# s-0014
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*embed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^e]*e)+mbed.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*object.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^o]*o)+bject.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*iframe.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [NC,OR]
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*([^)]*) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} ^.*((|)|<|>|%3c|%3e).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(x00|x04|x08|x0d|x1b|x3c|x3e|x7f).* [NC,OR]
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [NC,OR]
RewriteCond %{QUERY_STRING} concat[^(]*( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} -[sdcr].*(allow_url_include|allow_url_fopen|safe_mode|disable_functions|auto_prepend_file) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|'|"|)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]
RewriteRule .* - [F,L]

# Block sensitive files
# s-0015
<FilesMatch ".(cfg|pl|htaccess|htpasswd|ini|phps|fla|psd|log|sh|sql|inc|tpl|svn|git|cvs|phtml|asp)$">
Order Allow,Deny
Deny from All
</FilesMatch>

# Block sensitive files
# s-0016
<FilesMatch ".(cgi)$">
Order Allow,Deny
Deny from All
</FilesMatch>

# Block unsafe system components
# s-0017
RewriteRule /phpmy/ - [F,L]
RewriteRule /phpmyadmin/ - [F,L]
RewriteRule /phpMy/ - [F,L]
RewriteRule /_phpmyadmin/ - [F,L]
RewriteRule /pma/ - [F,L]
RewriteRule /MyAdmin/ - [F,L]
RewriteRule scripts/setup.php - [F,L]
RewriteRule /backup - [F,L]
RewriteRule dumper.php - [F,L]
RewriteRule /admin/phpmyadmin  - [F,L]
RewriteRule /admin/pma - [F,L]
RewriteRule /dbadmin - [F,L]
RewriteRule /mysql-admin - [F,L]
RewriteRule /mysqlmanager - [F,L]
RewriteRule /mysql - [F,L]
RewriteRule /phpadmin - [F,L]
RewriteRule /phpmanager - [F,L]
RewriteRule /phpmyadmin1 - [F,L]
RewriteRule /phpmyadmin2 - [F,L]
RewriteRule /phpMyAdmin-2 - [F,L]
RewriteRule /php-myadmin - [F,L]
RewriteRule /phpmy-admin - [F,L]
RewriteRule /pma2005 - [F,L]
RewriteRule /PMA2005 - [F,L]
RewriteRule /p/m/a - [F,L]
RewriteRule /pma - [F,L]
RewriteRule /sqlmanager - [F,L]
RewriteRule /sqlweb - [F,L]
RewriteRule /typo3/phpmyadmin - [F,L]
RewriteRule /webadmin - [F,L]
RewriteRule /webdb - [F,L]
RewriteRule /web/phpMyAdmin - [F,L]
RewriteRule /xampp/phpmyadmin - [F,L]
RewriteRule /myadminscripts/setup.php - [F,L]
RewriteRule /mysqladmin - [F,L]
RewriteRule /php-my-admin - [F,L]
RewriteRule /phpmyadmin - [F,L]
RewriteRule /websql - [F,L]
RewriteRule /myadmin - [F,L]
RewriteRule /sql/ - [F,L]
RewriteRule /mysql/ - [F,L]
RewriteRule /setup.php?dir - [F,L]
RewriteRule /MSOffice/cltreq.asp - [F,L]
RewriteRule ///?_SERVER[DOCUMENT_ROOT] - [F,L]
RewriteRule //?_SERVER[DOCUMENT_ROOT] - [F,L]
RewriteRule /pagead/test_domain.js - [F,L]
RewriteRule /pagead/osd.js - [F,L]
RewriteRule /pagead/expansion_embed.js - [F,L]
RewriteRule /pagead/render_ads.js - [F,L]
RewriteRule /pagead/atf.js - [F,L]
RewriteRule (.*)cmd.exe$ - [F,L]

# Block parasite traffic
# s-0018
RewriteCond %{HTTP_REFERER} iskalko.ru [NC,OR]
RewriteCond %{HTTP_REFERER} buttons-for-website.com
RewriteCond %{HTTP_REFERER} semalt.semalt.com
RewriteCond %{HTTP_REFERER} cenoval.ru
RewriteCond %{HTTP_REFERER} darodar.com
RewriteCond %{HTTP_REFERER} cenokos.ru
RewriteCond %{HTTP_REFERER} seoexperimenty.ru
RewriteCond %{HTTP_REFERER} gobongo.info
RewriteCond %{HTTP_REFERER} adcash.com
RewriteCond %{HTTP_REFERER} websocial.me
RewriteCond %{HTTP_REFERER} cityadspix.com
RewriteCond %{HTTP_REFERER} luxup.ru
RewriteCond %{HTTP_REFERER} superiends.org
RewriteCond %{HTTP_REFERER} socialseet.ru
RewriteCond %{HTTP_REFERER} screentoolkit.com
RewriteCond %{HTTP_REFERER} cur.lv
RewriteRule .* - [F]

###########################################################################

AddDefaultCharset utf-8

# снимаем ограничение используемой памяти - иначе админке не хватает
php_value memory_limit -1
# очистка сессий не раньше, чем через месяц
php_value session.gc_maxlifetime 2592000
# закачка больших видео-файлов в админке
php_value upload_max_filesize 50M
php_value post_max_size 50M
php_value max_execution_time 1200
# прочие радости настроек сервера
php_flag output_buffering On
php_flag magic_quotes_gpc Off
php_value allow_url_fopen 0
php_value allow_url_include 0
php_value mail.add_x_header 1
php_value expose_php 0
php_value date.timezone Europe/Moscow

Redirect 301 /novosti/4611 http://www.vidal.ru/novosti/4618

# Use the front controller as index file. It serves as fallback solution when
# every other rewrite/redirect fails (e.g. in an aliased environment without
# mod_rewrite). Additionally, this reduces the matching process for the
# startpage (path "/") because otherwise Apache will apply the rewritting rules
# to each configured DirectoryIndex file (e.g. index.php, index.html, index.pl).
DirectoryIndex app.php

<IfModule mod_rewrite.c>
    RewriteEngine On

    RewriteCond %{HTTP_HOST} ^195.62.52.105
    RewriteRule (.*) http://www.vidal.ru/$1 [R=301,L]

    # redirect last slash to non-slash
    RewriteRule ^(.+[^/])/$ http://%{HTTP_HOST}/$1 [R=301,L]

  # old subdomains
  RewriteCond %{HTTP_HOST} ^(twiga.vidal.ru|mailserver.vidal.ru|vidal.ru)
    RewriteRule ^(.*)$ http://www.vidal.ru/$1 [R=301,L]

    # Determine the RewriteBase automatically and set it as environment variable.
    # If you are using Apache aliases to do mass virtual hosting or installed the
    # project in a subdirectory, the base path will be prepended to allow proper
    # resolution of the app.php file and to redirect to the correct URI. It will
    # work in environments without path prefix as well, providing a safe, one-size
    # fits all solution. But as you do not need it in this case, you can comment
    # the following 2 lines to eliminate the overhead.
    RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::2$
    RewriteRule ^(.*) - [E=BASE:%1]

    # Redirect to URI without front controller to prevent duplicate content
    # (with and without `/app.php`). Only do this redirect on the initial
    # rewrite by Apache and not on subsequent cycles. Otherwise we would get an
    # endless redirect loop (request -> rewrite to front controller ->
    # redirect -> request -> ...).
    # So in case you get a "too many redirects" error or you always get redirected
    # to the startpage because your Apache does not expose the REDIRECT_STATUS
    # environment variable, you have 2 choices:
    # - disable this feature by commenting the following 2 lines or
    # - use Apache >= 2.3.9 and replace all L flags by END flags and remove the
    #   following RewriteCond (best solution)
    RewriteCond %{ENV:REDIRECT_STATUS} ^$
    RewriteRule ^app.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]

    # If the requested filename exists, simply serve it.
    # We only want to let Apache serve files and not directories.
    RewriteCond %{REQUEST_URI} !^/download
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule .? - [L]

    # Rewrite all other queries to the front controller.
    RewriteRule .? %{ENV:BASE}/app.php [L]
</IfModule>

<IfModule !mod_rewrite.c>
    <IfModule mod_alias.c>
        # When mod_rewrite is not available, we instruct a temporary redirect of
        # the startpage to the front controller explicitly so that the website
        # and the generated links can still be used.
        RedirectMatch 302 ^/$ /app.php/
        # RedirectTemp cannot be used instead
    </IfModule>
</IfModule>

<IfModule mod_headers.c>
    <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$">
        Header set Cache-Control "max-age=2592000"
    </FilesMatch>
</IfModule>

######################################################
#<Files reprotect.php>
#AuthName "Need authorization"
#AuthType Basic
#AuthUserFile /home/twigavid/vidal/2016-03-25_12.03.46/web/psw/.htpasswd
#require valid-user
#</Files>

#<Files unprotect.php>
#AuthName "Need authorization"
#AuthType Basic
#AuthUserFile /home/twigavid/vidal/2016-03-25_12.03.46/web/psw/.htpasswd
#require valid-user
#</Files>

#<Files revtest.php>
#AuthName "Need authorization"
#AuthType Basic
#AuthUserFile /home/twigavid/vidal/2016-03-25_12.03.46/web/psw/.htpasswd
#require valid-user
#</Files>

# .htaccess how to set password for single URL
SetEnvIf Request_URI "^/bundles/vidalmain/kcfinder" export_uri
SetEnvIf Request_URI "^/admin" export_uri
SetEnvIf Request_URI "^/reprotect.php" export_uri
SetEnvIf Request_URI "^/revtest.php" export_uri
SetEnvIf Request_URI "^/unprotect.php" export_uri

AuthType Basic
AuthName "Need authorization"
#AuthUserFile C:/wamp/www/Vidal/web/psw/.htpasswd
AuthUserFile /home/twigavid/public_html/current/web/psw/.htpasswd
Require valid-user

Order allow,deny
Allow from all
Deny from env=export_uri
Satisfy any
Exit mobile version