The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

httacces file suggestions

Discussion in 'Security' started by vlee, Sep 15, 2010.

  1. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    272
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    Las Vegas, Nevada, United Stat
    cPanel Access Level:
    Root Administrator
    I spent a about a week testing and put together what I research on the web on making a htaccess file that will provide security websites and help reduce servers resources and loads.

    Feel free to comment, add and improve the code before for all to use. I want to do what I can to help support cPanel and developers to make websites preform better and secure.

    Code:
    RewriteEngine On
    
    <Files ~ "^\.(htaccess|htpasswd)$">
    deny from all
    </Files>
    
    <Files robots.txt>
    deny from all
    </Files>
    
    Options All -Indexes
    
    # Begin - Rewrite rules to block out some common exploits
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
    # Block out any script trying to base64_encode crap to send via URL
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
    # Block out any script that includes a <script> tag in URL
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    # Block out any script trying to set a PHP GLOBALS variable via URL
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    # Block out any script trying to modify a _REQUEST variable via URL
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    # Send all blocked request to homepage with 403 Forbidden error!
    RewriteRule ^(.*)$ index.php [F,L]
    
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/index.php
    RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
    RewriteRule (.*) index.php
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
    
    # Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only[403]
    RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
    RewriteRule .* - [F,NS,L]
    
    # Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD[403]
    RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]
    RewriteRule .* - [F,NS,L]
    
    # anti xss script 1 - pci compliance - by pixclinic  
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]  
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]  
    RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})  
    RewriteRule ^(.*)$ index_error.php [F,L]  
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)  
    RewriteRule .* - [F]
    
    # extra anti uri and xss attack script 2 - sql injection prevention  
    RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]  
    RewriteRule ^(.*)$ log.php [NC]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
    RewriteRule ^(.*)$ log.php [NC]  
    RewriteCond %{QUERY_STRING} (javascript:).*(;).* [NC]  
    RewriteRule ^(.*)$ log.php [NC]  
    RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
    RewriteRule ^(.*)$ log.php [NC]
    RewriteRule (,|;|<|>|'|`) /log.php [NC] 
    
    # block proxy servers from site access
    RewriteCond %{HTTP:VIA}                 !^$ [OR]
    RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
    RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
    RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
    RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
    RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
    RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
    RewriteRule ^(.*)$ - [F]
    
    # Block out any script trying to modify a _REQUEST variable via URL
    RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
    
    # this ruleset is for unwanted useragents... possibly email harvesters
    RewriteCond %{HTTP_REFERER} ^-?$ [NC]
    RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC]
    RewriteRule .* - [F,L]
    
    RewriteCond %{HTTP_USER_AGENT} (^libwww-perl) [nc]
    RewriteRule !^error.shtml$ - [f,l]
    
    # No Hot Linking
    RewriteCond %{REQUEST_FILENAME} .*jpg$|.*gif$|.*png$ [NC]
    RewriteCond %{HTTP_REFERER} !^$ 
    RewriteCond %{HTTP_REFERER} !pointaction\.com [NC] 
    RewriteCond %{HTTP_REFERER} !alexa\.com [NC]  
    RewriteCond %{HTTP_REFERER} !google\. [NC] 
    RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
    
    #Disallow hotlinking while allowing from blank or localhost, requests for robots.txt and favicons
    RewriteCond %{REQUEST_URI} !(^/robots\.txt�\.ico)$
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC]
    RewriteRule .*\.(gif�jpg�jpeg�bmp�pdf)$ [F,L]
    
    # Filter against PHPSHELL.PHP, REMOTEVIEW, c99Shell and others
    RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
    RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
    RewriteCond %{QUERY_STRING} ^(.*)=(/|%2F)(h|%68|%48)(o|%6F|%4F)(m|%6D|%4D)(e|%65|%45)(.+)?(/|%2F)(.*)(/|%2F)(.*)$ [OR]
    RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
    RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
    RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
    RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
    RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|uname|unzip|gzip|gunzip|grep|more|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
    RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
    RewriteRule .* - [F]
    
    
     
    #1 vlee, Sep 15, 2010
    Last edited: Sep 15, 2010
  2. vlee

    vlee Well-Known Member

    Joined:
    Oct 13, 2005
    Messages:
    272
    Likes Received:
    6
    Trophy Points:
    18
    Location:
    Las Vegas, Nevada, United Stat
    cPanel Access Level:
    Root Administrator
    Now I am try find and ways to use htaccess to improve site performance and help reduce CPU and Memory server loads.

    I would like to add it to my current htaccess file in this thread.

    Does anyone have any really good bright ideas on this this subject?
     
Loading...

Share This Page