Difference between revisions of "Htaccess examples (security)"
From Joomla! Documentation
| Line 2: | Line 2: | ||
=== Rewrite rules to block out some common exploits=== | === Rewrite rules to block out some common exploits=== | ||
| − | + | ########## Begin - Rewrite rules to block out some common exploits | |
| − | + | ## If you experience problems on your site block out the operations listed below | |
| − | + | ## This attempts to block the most common type of exploit `attempts` to Joomla! | |
| − | + | ## Block out any script trying to set a mosConfig value through the URL | |
| − | + | RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] | |
| − | + | # Block out any script trying to base64_encode crap to send via URL | |
| − | RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] | + | RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] |
| − | + | # Block out any script that includes a <script> tag in URL | |
| − | + | RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] | |
| − | + | # Block out any script trying to set a PHP GLOBALS variable via URL | |
| − | RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] | + | RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] |
| − | + | # Block out any script trying to modify a _REQUEST variable via URL | |
| − | + | RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | |
| − | + | # Send all blocked request to homepage with 403 Forbidden error! | |
| − | RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] | + | RewriteRule ^(.*)$ index.php [F,L] |
| − | + | ########### End - Rewrite rules to block out some common exploits | |
| − | |||
| − | |||
| − | RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] | ||
| − | |||
| − | |||
| − | |||
| − | RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) | ||
| − | |||
| − | |||
| − | |||
| − | RewriteRule ^(.*)$ index.php [F,L] | ||
| − | |||
Revision as of 11:37, 6 March 2009
.htaccess examples[edit]
Rewrite rules to block out some common exploits[edit]
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
## Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
########### End - Rewrite rules to block out some common exploits