vb.org Archive - Professional Htaccess VB 4

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin 4 Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=242)

- - Professional Htaccess VB 4 (https://vborg.vbsupport.ru/showthread.php?t=301960)

Professional Htaccess VB 4

Hi ,

Professional Htaccess For VBulletin 4 ,

Advantage :

Fix Xss Bug

Fix sql Injection

Protect From Htaccess

Not Run Bug In Forum

And ...

Code:

# Comment the following line (add '#' at the beginning)

# to disable mod_rewrite functions.

# Please note: you still need to disable the hack in

# the vBSEO control panel to stop url rewrites.

RewriteEngine On



# Some servers require the Rewritebase directive to be

# enabled (remove '#' at the beginning to activate)

# Please note: when enabled, you must include the path

# to your root vB folder (i.e. RewriteBase /forums/)

#RewriteBase /



#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com

#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]



RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]



RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)

RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]



RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/

RewriteRule ^(.+)$ vbseo.php [L,QSA]

RewriteEngine On

RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]



<files ".htaccess"> order allow,deny deny from all </files>

<FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$">     deny from all </FilesMatch>



<FilesMatch "^php5?\.(ini|cgi)$">

Order Deny,Allow 

Deny from All 

Allow from env=REDIRECT_STATUS 

</FilesMatch>



RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]



#proc/self/environ? no way!

RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]



<?php

// LFI Vulnerable Code

$redirect = $_GET[redirect];

include($redirect);

?>



RewriteEngine On





RewriteCond %{QUERY_STRING} act= [OR]

RewriteCond %{QUERY_STRING} sw= [OR]

RewriteCond %{QUERY_STRING} act [OR]

RewriteCond %{QUERY_STRING} sw [OR]

RewriteCond %{QUERY_STRING} 0x3a [OR]

RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC]

RewriteRule .* - [L,F]



# Prevent use of specified methods in HTTP Request 

RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] 

# Block out use of illegal or unsafe characters in the HTTP Request 

RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] 

# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request 

RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 

# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request 

RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 

# Block out use of illegal characters in URI or use of malformed URI 

RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] 

# Block out  use of empty User Agent Strings

# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 

RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 

# Block out  use of illegal or unsafe characters in the User Agent variable 

RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 

# Measures to block out  SQL injection attacks 

RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] 

# Block out  reference to localhost/loopback/127.0.0.1 in the Query String 

RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] 

# Block out  use of illegal or unsafe characters in the Query String variable 

RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]

Vbseo is dead no need for that in there

Like what you have here, good job!
Havent really seen anything like it till now.

That said, we all know vB left alot to be desired in the oem htaccess offering. I myself had to come up with a completely custom htaccess to just make the url rewrites work properly on my server. Since then, I have added and altered considerably for many different reasons and effects.

I want to ask, excluding the vbseo stuff (I dont use it), and excluding the url rewrite (I already spent way too much time making that work for me),... what would you isolate as the most important htaccess addition, or additions, that one should take away from this.

Quote:

Originally Posted by ForceHSS (Post 2443844)

Vbseo is dead no need for that in there

:) For VB 4 Is a Live !

This code for vbseo user ? I am not using vbseo so how to use this code?

Quote:

Originally Posted by Nirjonadda (Post 2443891)

This code for vbseo user ? I am not using vbseo so how to use this code?

Delete This codes and use IT !

Code:

# Comment the following line (add '#' at the beginning)

# to disable mod_rewrite functions.

# Please note: you still need to disable the hack in

# the vBSEO control panel to stop url rewrites.

RewriteEngine On



# Some servers require the Rewritebase directive to be

# enabled (remove '#' at the beginning to activate)

# Please note: when enabled, you must include the path

# to your root vB folder (i.e. RewriteBase /forums/)

#RewriteBase /



#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com

#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]



RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]



RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)

RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]



RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/

RewriteRule ^(.+)$ vbseo.php [L,QSA]

RewriteEngine On

RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

I don't use vB seo.

The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted?

Seems you are on to a good idea here..

DemOnstar - trying reading the other posts. smh

Quote:

Originally Posted by DemOnstar (Post 2443893)

I don't use vB seo.

The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted?

Seems you are on to a good idea here..

if you dont use vbseo , Read Post 6

:D

Internal Server Error...

X vBulletin 3.8.12 by vBS Debug Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages:

Phrase Groups Available:

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.01206 seconds Memory Usage 1,747KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (2)bbcode_code_printable (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (2)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (10)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: