surcie Posted July 21, 2010 Posted July 21, 2010 Hi im posting here a complete htaccess for www.mysite.com/ whereas the osc is in www.mysite.com/catalog, so this is the content of the .htaccess file in www.mysite.com/ root: Options All -Indexes #BOF Fix to allow hover Product, thumbnail Manufacturer contrib AddType text/x-component .htc #EOF Fix to allow hover Product, thumbnail Manufacturer contrib #BOF code added IP trap contrib #users don't call your white list or banned list SetEnvIfNoCase Request_URI IP_Trapped\.txt ban <Files ~ "^.*$"> order allow,deny allow from all deny from env=ban </Files> #EOF code added IP trap contrib #BOF USU5 htaccess contribs # If you are getting errors you may need to comment this out like .. # Options +FollowSymLinks Options +FollowSymLinks <IfModule mod_rewrite.c> RewriteEngine On # RewriteBase instructions # Change RewriteBase dependent on how your shop is accessed as below. # http://www.mysite.com = RewriteBase / # http://www.mysite.com/catalog/ = RewriteBase /catalog/ # http://www.mysite.com/catalog/shop/ = RewriteBase /catalog/shop/ # Change RewriteBase using the instructions above #RewriteBase / RewriteBase /catalog/ RewriteRule ^(.*)-p-([0-9]+).html$ product_info.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-c-([0-9_]+).html$ index.php?cPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-m-([0-9]+).html$ index.php?manufacturers_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pi-([0-9]+).html$ popup_image.php?pID=$2&%{QUERY_STRING} RewriteRule ^(.*)-pr-([0-9]+).html$ product_reviews.php?products_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-pri-([0-9]+).html$ product_reviews_info.php?products_id=$2&%{QUERY_STRING} # Articles contribution RewriteRule ^(.*)-t-([0-9_]+).html$ articles.php?tPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-a-([0-9]+).html$ article_info.php?articles_id=$2&%{QUERY_STRING} # Information pages RewriteRule ^(.*)-i-([0-9]+).html$ information.php?info_id=$2&%{QUERY_STRING} # Links contribution RewriteRule ^(.*)-links-([0-9_]+).html$ links.php?lPath=$2&%{QUERY_STRING} # Newsdesk contribution RewriteRule ^(.*)-n-([0-9]+).html$ newsdesk_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nc-([0-9]+).html$ newsdesk_index.php?newsPath=$2&%{QUERY_STRING} RewriteRule ^(.*)-nri-([0-9]+).html$ newsdesk_reviews_info.php?newsdesk_id=$2&%{QUERY_STRING} RewriteRule ^(.*)-nra-([0-9]+).html$ newsdesk_reviews_article.php?newsdesk_id=$2&%{QUERY_STRING} </IfModule> #EOF USU5 htaccess contribs #BOF fellow in oscforums #avoids using queryes with <normal url>?=sort ../../ etc RewriteEngine On RewriteCond %{QUERY_STRING} \.\./\.\./ RewriteRule ^.* - [F] RewriteEngine On RewriteCond %{REQUEST_URI} \.\./\.\./ RewriteRule ^.* - [F] #EOF fellow in oscforums # BOF ANTI Cross Site Scripting attacks # 1) add these lines to your .htaccess file # 2) create an index_error.php file with whatever content you want to be displayed. Options +FollowSymLinks RewriteEngine On RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) RewriteRule ^(.*)$ index_error.php [F,L] RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] # EOF ANTI Cross Site Scripting attacks #BOF More security <Files .htaccess> order allow,deny deny from all </Files> <FilesMatch "\.(bak|sql|inc)$" > deny from all </FilesMatch> #EOF More security ##BOF htaccess_protection # filter for most common exploits RewriteCond %{HTTP_USER_AGENT} libwww-perl [OR] RewriteCond %{QUERY_STRING} tool25 [OR] RewriteCond %{QUERY_STRING} cmd.txt [OR] RewriteCond %{QUERY_STRING} cmd.gif [OR] RewriteCond %{QUERY_STRING} r57shell [OR] RewriteCond %{QUERY_STRING} c99 [OR] [b]# ban spam bots is crashing not usefull #RewriteCond %{HTTP_USER_AGENT} almaden [OR] #RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR] #RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR] #RewriteCond %{HTTP_USER_AGENT} ^attach [OR] #RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR] #RewriteCond %{HTTP_USER_AGENT} ^BackWeb [OR] #RewriteCond %{HTTP_USER_AGENT} ^Bandit [OR] #RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [OR] #RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] #RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] #RewriteCond %{HTTP_USER_AGENT} ^Buddy [OR] #RewriteCond %{HTTP_USER_AGENT} ^bumblebee [OR] #RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [OR] #RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] #RewriteCond %{HTTP_USER_AGENT} ^CICC [OR] #RewriteCond %{HTTP_USER_AGENT} ^Collector [OR] #RewriteCond %{HTTP_USER_AGENT} ^Copier [OR] #RewriteCond %{HTTP_USER_AGENT} ^Crescent [OR] #RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] #RewriteCond %{HTTP_USER_AGENT} ^DA [OR] #RewriteCond %{HTTP_USER_AGENT} ^DIIbot [OR] #RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] #RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [OR] #RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] #RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [OR] #RewriteCond %{HTTP_USER_AGENT} ^Downloader [OR] #RewriteCond %{HTTP_USER_AGENT} ^Drip [OR] #RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [OR] #RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] #RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [OR] #RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] #RewriteCond %{HTTP_USER_AGENT} email [NC,OR] #RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [OR] #RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] #RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] #RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] #RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] #RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] #RewriteCond %{HTTP_USER_AGENT} ^FileHound [OR] #RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] #RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR] #RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] #RewriteCond %{HTTP_USER_AGENT} ^GetSmart [OR] #RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] #RewriteCond %{HTTP_USER_AGENT} ^gigabaz [OR] #RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [OR] #RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] #RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] #RewriteCond %{HTTP_USER_AGENT} ^gotit [OR] #RewriteCond %{HTTP_USER_AGENT} ^Grabber [OR] #RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] #RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] #RewriteCond %{HTTP_USER_AGENT} ^grub-client [OR] #RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] #RewriteCond %{HTTP_USER_AGENT} ^HTTrack [OR] #RewriteCond %{HTTP_USER_AGENT} ^httpdown [OR] #RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR] #RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [OR] #RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] #RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] #RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [OR] #RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] #RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] #RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [OR] #RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] #RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [OR] #RewriteCond %{HTTP_USER_AGENT} ^Iria [OR] #RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [OR] #RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] #RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] #RewriteCond %{HTTP_USER_AGENT} ^JustView [OR] #RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] #RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] #RewriteCond %{HTTP_USER_AGENT} ^LexiBot [OR] #RewriteCond %{HTTP_USER_AGENT} ^lftp [OR] #RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [OR] #RewriteCond %{HTTP_USER_AGENT} ^likse [OR] #RewriteCond %{HTTP_USER_AGENT} ^Link [OR] #RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [OR] #RewriteCond %{HTTP_USER_AGENT} ^Magnet [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] #RewriteCond %{HTTP_USER_AGENT} ^Memo [OR] #RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [OR] #RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mirror [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [OR] #RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [OR] #RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [OR] #RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [OR] #RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [OR] #RewriteCond %{HTTP_USER_AGENT} ^MSProxy [OR] #RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] #RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] #RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] #RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [OR] #RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] #RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] #RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] #RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [OR] #RewriteCond %{HTTP_USER_AGENT} ^Ninja [OR] #RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] #RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] #RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] #RewriteCond %{HTTP_USER_AGENT} ^Openfind [OR] #RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] #RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] #RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] #RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] #RewriteCond %{HTTP_USER_AGENT} ^Ping [OR] #RewriteCond %{HTTP_USER_AGENT} ^PingALink [OR] #RewriteCond %{HTTP_USER_AGENT} ^Pockey [OR] #RewriteCond %{HTTP_USER_AGENT} ^psbot [OR] #RewriteCond %{HTTP_USER_AGENT} ^Pump [OR] #RewriteCond %{HTTP_USER_AGENT} ^QRVA [OR] #RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] #RewriteCond %{HTTP_USER_AGENT} ^Reaper [OR] #RewriteCond %{HTTP_USER_AGENT} ^Recorder [OR] #RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] #RewriteCond %{HTTP_USER_AGENT} ^Scooter [OR] #RewriteCond %{HTTP_USER_AGENT} ^Seeker [OR] #RewriteCond %{HTTP_USER_AGENT} ^Siphon [OR] #RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [OR] #RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] #RewriteCond %{HTTP_USER_AGENT} ^SlySearch [OR] #RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] #RewriteCond %{HTTP_USER_AGENT} ^Snake [OR] #RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [OR] #RewriteCond %{HTTP_USER_AGENT} ^sproose [OR] #RewriteCond %{HTTP_USER_AGENT} ^Stripper [OR] #RewriteCond %{HTTP_USER_AGENT} ^Sucker [OR] #RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] #RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] #RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] #RewriteCond %{HTTP_USER_AGENT} ^Szukacz [OR] #RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] #RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] #RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [OR] #RewriteCond %{HTTP_USER_AGENT} ^Vacuum [OR] #RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] #RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] #RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] #RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[bb]andit [OR] #RewriteCond %{HTTP_USER_AGENT} ^webcollage [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] #RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebHook [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebMiner [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebMirror [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] #RewriteCond %{HTTP_USER_AGENT} ^Website [OR] #RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] #RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] #RewriteCond %{HTTP_USER_AGENT} ^Webster [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] #RewriteCond %{HTTP_USER_AGENT} WebWhacker [OR] #RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] #RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] #RewriteCond %{HTTP_USER_AGENT} ^Whacker [OR] #RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] #RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] #RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [OR] #RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] #RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR] #RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR] #RewriteCond %{HTTP_USER_AGENT} ^Zeus #RewriteRule ^.* - [F,L] #RewriteCond %{HTTP_REFERER} ^http://wwww.mysite.com$ #RewriteRule !^http://[^/.]\.mysite.com.* - [F,L] ##EOF htaccess_protection[/b] ####BOF More secure http://corz.org/serv/tricks/htaccess2.php ##Teleport pro away RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC] RewriteRule . abuse.txt ##Suckers, h4x0rz, kiddies, cross-site scripters and more.. Bye now! # why not come visit me directly? RewriteCond %{HTTP_REFERER} \.opendirviewer\. [NC,OR] # this prevents stoopid cross-site discovery attacks.. RewriteCond %{THE_REQUEST} \?\ HTTP/ [NC,OR] # please stop pretending to be the Googlebot.. RewriteCond %{HTTP_REFERER} users\.skynet\.be.* [NC,OR] # really, we need a special page for these twats.. RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{THE_REQUEST} etc/passwd [NC,OR] RewriteCond %{REQUEST_URI} owssvr\.dll [NC,OR] # you can probably work these out.. RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR] RewriteCond %{THE_REQUEST} \/\*\ HTTP/ [NC,OR] #BAN United States and United States Minor Islands from accessing server #ErrorDocument 403 http://www.blockacountry.com/blocked.php <-- #Not wise to block contries where the search engine resides Notice the amount of code i had to take out because was crashing and is related to avoid people stealing your whole web site using tools such as teleport pro and others, i would like to know how to turn it on so it doesnt crash the site and protects my site against web stealers. Thanks
Recommended Posts
Archived
This topic is now archived and is closed to further replies.