Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

is this httaccess ok


surcie

Recommended Posts

Posted

Hi im posting here a complete htaccess for www.mysite.com/ whereas the osc is in www.mysite.com/catalog, so this is the content of the .htaccess file in www.mysite.com/ root:

 

Options All -Indexes

#BOF Fix to allow hover Product, thumbnail Manufacturer contrib
AddType text/x-component .htc
#EOF Fix to allow hover Product, thumbnail Manufacturer contrib

#BOF code added IP trap contrib
#users don't call your white list or banned list
SetEnvIfNoCase Request_URI IP_Trapped\.txt ban
<Files ~ "^.*$">
order allow,deny
allow from all
deny from env=ban
</Files>
#EOF code added IP trap contrib

#BOF USU5 htaccess contribs
# If you are getting errors you may need to comment this out like ..
# Options +FollowSymLinks

Options +FollowSymLinks
<IfModule mod_rewrite.c>
 RewriteEngine On

# RewriteBase instructions
# Change RewriteBase dependent on how your shop is accessed as below.
# http://www.mysite.com = RewriteBase /
# http://www.mysite.com/catalog/ = RewriteBase /catalog/ 
# http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/

# Change RewriteBase using the instructions above  
#RewriteBase /
RewriteBase /catalog/

RewriteRule ^(.*)-p-([0-9]+).html$ product_info.php?products_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-c-([0-9_]+).html$ index.php?cPath=$2&%{QUERY_STRING}
RewriteRule ^(.*)-m-([0-9]+).html$ index.php?manufacturers_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-pi-([0-9]+).html$ popup_image.php?pID=$2&%{QUERY_STRING}
RewriteRule ^(.*)-pr-([0-9]+).html$ product_reviews.php?products_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-pri-([0-9]+).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING}
# Articles contribution
RewriteRule ^(.*)-t-([0-9_]+).html$ articles.php?tPath=$2&%{QUERY_STRING}
RewriteRule ^(.*)-a-([0-9]+).html$ article_info.php?articles_id=$2&%{QUERY_STRING}
# Information pages
RewriteRule ^(.*)-i-([0-9]+).html$ information.php?info_id=$2&%{QUERY_STRING}
# Links contribution
RewriteRule ^(.*)-links-([0-9_]+).html$ links.php?lPath=$2&%{QUERY_STRING}
# Newsdesk contribution
RewriteRule ^(.*)-n-([0-9]+).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-nc-([0-9]+).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING}
RewriteRule ^(.*)-nri-([0-9]+).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING}
RewriteRule ^(.*)-nra-([0-9]+).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING}
</IfModule>
#EOF USU5 htaccess contribs

#BOF fellow in oscforums
#avoids using queryes with <normal url>?=sort ../../ etc
RewriteEngine On
RewriteCond %{QUERY_STRING}  \.\./\.\./
RewriteRule  ^.* - [F]

RewriteEngine On
RewriteCond %{REQUEST_URI}  \.\./\.\./
RewriteRule  ^.* - [F]
#EOF fellow in oscforums

# BOF ANTI Cross Site Scripting attacks
# 1) add these lines to your .htaccess file
# 2) create an index_error.php file with whatever content you want to be displayed.
Options +FollowSymLinks
RewriteEngine On 
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# EOF ANTI Cross Site Scripting attacks

#BOF More security
<Files .htaccess>
order allow,deny
deny from all
</Files>
<FilesMatch "\.(bak|sql|inc)$" >
deny from all
</FilesMatch>
#EOF More security

##BOF htaccess_protection 
# filter for most common exploits
RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR]
RewriteCond %{QUERY_STRING} tool25 [OR]
RewriteCond %{QUERY_STRING} cmd.txt [OR]
RewriteCond %{QUERY_STRING} cmd.gif [OR]
RewriteCond %{QUERY_STRING} r57shell [OR]
RewriteCond %{QUERY_STRING} c99 [OR]

[b]# ban spam bots is crashing not usefull
#RewriteCond %{HTTP_USER_AGENT} almaden [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
#RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
#RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
#RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
#RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR]
#RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR]
#RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR]
#RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR]
#RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
#RewriteCond %{HTTP_USER_AGENT} ^CICC [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Collector [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Copier [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
#RewriteCond %{HTTP_USER_AGENT} ^DA [OR]
#RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR]
#RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
#RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Drip [OR]
#RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR]
#RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
#RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR]
#RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
#RewriteCond %{HTTP_USER_AGENT} email [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR]
#RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
#RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
#RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
#RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
#RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR]
#RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
#RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
#RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR]
#RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
#RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
#RewriteCond %{HTTP_USER_AGENT} ^gotit [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR]
#RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
#RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR]
#RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
#RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR]
#RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR]
#RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR]
#RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
#RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
#RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Iria [OR]
#RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR]
#RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
#RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
#RewriteCond %{HTTP_USER_AGENT} ^JustView [OR]
#RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
#RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
#RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR]
#RewriteCond %{HTTP_USER_AGENT} ^lftp [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR]
#RewriteCond %{HTTP_USER_AGENT} ^likse [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Link [OR]
#RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Memo [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR]
#RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR]
#RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR]
#RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR]
#RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR]
#RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
#RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
#RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
#RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR]
#RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
#RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
#RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR]
#RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
#RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
#RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Ping [OR]
#RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR]
#RewriteCond %{HTTP_USER_AGENT} ^psbot [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Pump [OR]
#RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR]
#RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR]
#RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR]
#RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR]
#RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
#RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR]
#RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Snake [OR]
#RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR]
#RewriteCond %{HTTP_USER_AGENT} ^sproose [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
#RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR]
#RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
#RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR]
#RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
#RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR]
#RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Website [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Webster [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
#RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
#RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
#RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
#RewriteCond %{HTTP_USER_AGENT} ^Zeus
#RewriteRule ^.* - [F,L]
#RewriteCond %{HTTP_REFERER} ^http://wwww.mysite.com$
#RewriteRule !^http://[^/.]\.mysite.com.* - [F,L]
##EOF htaccess_protection[/b]

####BOF More secure http://corz.org/serv/tricks/htaccess2.php
##Teleport pro away
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC]
RewriteRule . abuse.txt 
##Suckers, h4x0rz, kiddies, cross-site scripters and more.. Bye now!
# why not come visit me directly?
RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR]
# this prevents stoopid cross-site discovery attacks..
RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR]
# please stop pretending to be the Googlebot..
RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR]
# really, we need a special page for these twats..
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{THE_REQUEST} etc/passwd [NC,OR]
RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR]
# you can probably work these out..
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]
RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR]

#BAN United States and United States Minor Islands from accessing server
#ErrorDocument 403 http://www.blockacountry.com/blocked.php <-- 
#Not wise to block contries where the search engine resides

 

Notice the amount of code i had to take out because was crashing and is related to avoid people stealing your whole web site using tools such as teleport pro and others, i would like to know how to turn it on so it doesnt crash the site and protects my site against web stealers.

 

Thanks

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...