vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4 Articles (https://vborg.vbsupport.ru/forumdisplay.php?f=242)
-   -   Professional Htaccess VB 4 (https://vborg.vbsupport.ru/showthread.php?t=301960)

Moh4m4d 09-06-2013 10:00 PM
Professional Htaccess VB 4
 
Hi ,

Professional Htaccess For VBulletin 4 ,

Advantage :

Fix Xss Bug

Fix sql Injection

Protect From Htaccess

Not Run Bug In Forum

And ...

Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

<files ".htaccess"> order allow,deny deny from all </files>
<FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$">    deny from all </FilesMatch>

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]

<?php
// LFI Vulnerable Code
$redirect = $_GET[redirect];
include($redirect);
?>

RewriteEngine On


RewriteCond %{QUERY_STRING} act= [OR]
RewriteCond %{QUERY_STRING} sw= [OR]
RewriteCond %{QUERY_STRING} act [OR]
RewriteCond %{QUERY_STRING} sw [OR]
RewriteCond %{QUERY_STRING} 0x3a [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC]
RewriteRule .* - [L,F]

# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
# Block out use of illegal or unsafe characters in the HTTP Request
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal characters in URI or use of malformed URI
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
# Block out  use of empty User Agent Strings
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
# Block out  use of illegal or unsafe characters in the User Agent variable
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Measures to block out  SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
# Block out  reference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
# Block out  use of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]

ForceHSS 09-07-2013 02:58 AM
Vbseo is dead no need for that in there

smirkley 09-07-2013 04:05 AM
Like what you have here, good job!
Havent really seen anything like it till now.

That said, we all know vB left alot to be desired in the oem htaccess offering. I myself had to come up with a completely custom htaccess to just make the url rewrites work properly on my server. Since then, I have added and altered considerably for many different reasons and effects.

I want to ask, excluding the vbseo stuff (I dont use it), and excluding the url rewrite (I already spent way too much time making that work for me),... what would you isolate as the most important htaccess addition, or additions, that one should take away from this.

Moh4m4d 09-07-2013 10:12 AM
Quote:
Originally Posted by ForceHSS (Post 2443844)
Vbseo is dead no need for that in there
:) For VB 4 Is a Live !

Nirjonadda 09-07-2013 10:38 AM
This code for vbseo user ? I am not using vbseo so how to use this code?

Moh4m4d 09-07-2013 10:48 AM
Quote:
Originally Posted by Nirjonadda (Post 2443891)
This code for vbseo user ? I am not using vbseo so how to use this code?
Delete This codes and use IT !

Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

DemOnstar 09-07-2013 10:57 AM
I don't use vB seo.

The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted?

Seems you are on to a good idea here..

Rich 09-07-2013 01:27 PM
DemOnstar - trying reading the other posts. smh

Moh4m4d 09-08-2013 03:36 AM
Quote:
Originally Posted by DemOnstar (Post 2443893)
I don't use vB seo.

The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted?

Seems you are on to a good idea here..
if you dont use vbseo , Read Post 6

:D

YOODA230 09-08-2013 04:16 PM
Internal Server Error...

ozzy47 09-08-2013 04:36 PM
Well that helps alot, without the error no one can help you.

crazyboy1661 09-09-2013 04:30 AM
Quote:
Originally Posted by ozzy47 (Post 2444178)
Well that helps alot, without the error no one can help you.
Hi ozzy47, i am using vbseo_sitemap-3-0 PL1 mod. Now can you tell me is it good to update with this code in .htaccess?

Also how much it can help in making my site search engines friendly. Does it effect the said mod?

thanks for your efforts

DemOnstar 09-09-2013 02:55 PM
Quote:
Originally Posted by Rich (Post 2443932)
DemOnstar - trying reading the other posts. smh
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:

ForceHSS 09-09-2013 03:00 PM
Quote:
Originally Posted by DemOnstar (Post 2444407)
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file

DemOnstar 09-09-2013 03:57 PM
Quote:
Originally Posted by ForceHSS (Post 2444409)
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file
A somewhat better explanation ForceHSS. Thank you..

May I ask, are you using this script?

Spangle 09-10-2013 02:41 PM
Doesn't work with 4.2.1, installed on my forum, could only access the home page ( portal) all other links led back to the home page.

TheLastSuperman 09-10-2013 03:49 PM
I've moved this to the articles section, for one it had no files uploaded, two it's not a template edit, and three there are other articles regarding .htaccess here already ;).

TheLastSuperman 09-10-2013 03:50 PM
Quote:
Originally Posted by Spangle (Post 2444658)
Doesn't work with 4.2.1, installed on my forum, could only access the home page ( portal) all other links led back to the home page.
Using vBSEO? If not see post #6.

Spangle 09-10-2013 09:51 PM
Quote:
Originally Posted by TheLastSuperman (Post 2444674)
Using vBSEO? If not see post #6.
Yep I tried that.

crazyboy1661 09-12-2013 12:12 PM
Quote:
Originally Posted by DemOnstar (Post 2444407)
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:
Quote:
Originally Posted by ForceHSS (Post 2444409)
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file
Quote:
Originally Posted by ozzy47 (Post 2444178)
Well that helps alot, without the error no one can help you.
Quote:
Originally Posted by Moh4m4d (Post 2443892)
Delete This codes and use IT !

Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
As I am not aware about all these codings, i have a few questions for you!

There are two codes: one in 1st post and second one in 6th post. Now my doubt is

1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess.

2.) You said! Delete This codes and use IT ! Do you want me to replace the entire existing .htaccess code with the one you had provided in post 6?

3.) In post 6 you wrote if you don't use vbseo, Delete This codes and use IT ! I am using vbseo_sitemap-3-0 PL1 mod.Do you want me to continue the vbseo_sitemap-3-0 PL1 mod or remove it before or after altered the .htaccess? So what will be your suggestion for me?

4.) Does my site be Google friendly?

5.) Yet any simple explanation for the users like me?

thanks in advance

Moh4m4d 09-13-2013 07:10 AM
there aren't any problems with this code
this code is for the latest version of vb and it's 100% compatible with the latest version . :)

--------------- Added [DATE]1379059930[/DATE] at [TIME]1379059930[/TIME] ---------------

Quote:
1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess.
Delete This codes :

Code:
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

ForceHSS 09-13-2013 01:27 PM
Quote:
Originally Posted by DemOnstar (Post 2444430)
A somewhat better explanation ForceHSS. Thank you..

May I ask, are you using this script?
No have my own custom one

crazyboy1661 09-14-2013 03:35 AM
Quote:
Originally Posted by Moh4m4d (Post 2445287)
there aren't any problems with this code
this code is for the latest version of vb and it's 100% compatible with the latest version . :)

--------------- Added [DATE]1379059930[/DATE] at [TIME]1379059930[/TIME] ---------------



Delete This codes :

Code:
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
thanks Moh4m4d, received your PM too. cleared my doubt.

blackberry 10-06-2013 03:59 PM
doesnt work for me :-s

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.


:(

ozzy47 10-06-2013 07:41 PM
That won't help anybody figure out what is wrong, you need to get the error from your server error logs. If you don't know where to get them, ask your host.

blackberry 10-11-2013 07:09 PM
Quote:
Originally Posted by ozzy47 (Post 2450503)
That won't help anybody figure out what is wrong, you need to get the error from your server error logs. If you don't know where to get them, ask your host.
Well all my hosting says is " the htaccess is improperly coded for server configuration". :(

ozzy47 10-11-2013 07:21 PM
Well I see they are not much help either. Why not post your htaccess, maybe someone can spot the issue.

blackberry 10-11-2013 07:31 PM
My current working htaccess

Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forum/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.sachiidosti\.com
#RewriteRule (.*) http://www.sachiidosti.com/forum/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !^(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]

#Deny attempts to view the Htaccess file.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
# BEGIN Browser Caching/Headers
<IfModule mod_mime.c>
    AddType text/css .css
    AddType application/x-javascript .js
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType text/richtext A3600
    ExpiresByType image/svg+xml A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType application/x-msdownload A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType application/vnd.ms-access A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType application/vnd.ms-project A31536000
    ExpiresByType application/vnd.oasis.opendocument.database A31536000
    ExpiresByType application/vnd.oasis.opendocument.chart A31536000
    ExpiresByType application/vnd.oasis.opendocument.formula A31536000
    ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
    ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
    ExpiresByType application/vnd.oasis.opendocument.text A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType application/vnd.ms-powerpoint A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/vnd.ms-write A31536000
    ExpiresByType application/vnd.ms-excel A31536000
    ExpiresByType application/zip A31536000
</IfModule>
<IfModule mod_deflate.c>
    <IfModule mod_setenvif.c>
        BrowserMatch ^Mozilla/4 gzip-only-text/html
        BrowserMatch ^Mozilla/4\.0[678] no-gzip
        BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
    </IfModule>
    <IfModule mod_headers.c>
        Header append Vary User-Agent env=!dont-vary
    </IfModule>
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE text/css application/x-javascript text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon
    </IfModule>
</IfModule>
<FilesMatch "\.(css|js|CSS|JS)$">
    <IfModule mod_headers.c>
        Header set Pragma "public"
        Header append Cache-Control "public, must-revalidate, proxy-revalidate"
    </IfModule>
    FileETag MTime Size
    <IfModule mod_headers.c>
        Header set X-Powered-By "Step by Step guide to speed up your VB4 (forum only)"
    </IfModule>
</FilesMatch>
<FilesMatch "\.(rtf|rtx|svg|svgz|txt|xsd|xsl|RTF|RTX|SVG|SVGZ|TXT|XSD|XSL|)$">
    <IfModule mod_headers.c>
        Header set Pragma "public"
        Header append Cache-Control "public, must-revalidate, proxy-revalidate"
    </IfModule>
    FileETag MTime Size
    <IfModule mod_headers.c>
        Header set X-Powered-By "Step by Step guide to speed up your VB4 (forum only)"
    </IfModule>
</FilesMatch>
<FilesMatch "\.(asf|asx|wax|wmv|wmx|avi|bmp|class|css|divx|doc|docx|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|swf|tar|tif|tiff|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip|ASF|ASX|WAX|WMV|WMX|AVI|BMP|CLASS|DIVX|DOC|DOCX|EXE|GIF|GZ|GZIP|ICO|JPG|JPEG|JPE|MDB|MID|MIDI|MOV|QT|MP3|M4A|MP4|M4V|MPEG|MPG|MPE|MPP|ODB|ODC|ODF|ODG|ODP|ODS|ODT|OGG|PDF|PNG|POT|PPS|PPT|PPTX|RA|RAM|SWF|TAR|TIF|TIFF|WAV|WMA|WRI|XLA|XLS|XLSX|XLT|XLW|ZIP)$">
    <IfModule mod_headers.c>
        Header set Pragma "public"
        Header append Cache-Control "public, must-revalidate, proxy-revalidate"
    </IfModule>
    FileETag MTime Size
    <IfModule mod_headers.c>
        Header set X-Powered-By "Step by Step guide to speed up your VB4 (forum only)"
    </IfModule>
</FilesMatch>
# End Browser Caching/Headers

Achelos 10-14-2013 07:52 PM
Just a question, how can I properly add the "7z" archive filetype and how could I implement this into the .htaccess that BlackBerry posted? These are a collection of bots/spiders I'd like to deny access.

Code:
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} ^msnbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Slurp [OR]
RewriteCond %{HTTP_USER_AGENT} ^Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Googlebot [OR]
RewriteCond %{HTTP_USER_AGENT} ^AltaVista
RewriteRule ^.*$ "http\:\/\/thegoldsieve\.com" [R=301,L]
Nevermind, figured it out.

None the less, interesting add to your suggestions, maybe?

tanzeelniazi 11-10-2013 08:09 PM
I really dont know how to use but i really need to protected my admin panel and Cpanel.
Also i am not using VBSEO
Also i dont need rewrite my previus urls
simple protection i need and run faster my vbulletin tell me please how i upload

My .htaccess file

Code:
<IfModule mod_suphp.c>
  suPHP_ConfigPath /home/My Site/public_html
  <Files php.ini>
  order allow,deny
  deny from all
  </Files>
 </IfModule>


<IfModule mod_rewrite.c>
  RewriteEngine on

  # If vbulletin is in a subdirectory, add it here
  RewriteBase /

  # Retrieve gamedata requests and send to new dbtech locations
  RewriteRule ^arcade/gamedata/(.*) dbtech/vbarcade/media/$1 [L]

  # Retrieve crossdomain requests and send to new dbtech location
  RewriteRule ^crossdomain\.xml dbtech/vbarcade/crossdomain.xml [L]

  # Send hardcoded pnf+ipa scores to arcade instead
  RewriteCond %{QUERY_STRING} func=storeScore [OR]
  RewriteCond %{QUERY_STRING} autocom=arcade [OR]
  RewriteCond %{QUERY_STRING} act=Arcade
  RewriteRule .* arcade.php [L,QSA]

  # Reroute v3arcade liveinstaller
  RewriteCond %{QUERY_STRING} do=liveinstall
  RewriteCond %{REQUEST_URI} v3arcade_admin\.php

  # If you renamed your admincp directory, change it here
  RewriteRule .* %{DOCUMENT_ROOT}/********/arcade_admin.php?%{QUERY_STRING}&do=review&import=browse&system=v3a [L,R=301]
</IfModule>
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********

final kaoss 11-12-2013 12:18 PM
Here, I have revised your current htaccess for better security & to give your forum more speed and no rewrites as you said. But for protecting the admincp & cpanel this should help with most of that unless someone RAT's you or tries to Brute Force Crack your password.

Code:
<IfModule mod_suphp.c>
  suPHP_ConfigPath /home/My Site/public_html
  <Files php.ini>
  order allow,deny
  deny from all
  </Files>
 </IfModule>


<IfModule mod_rewrite.c>
  RewriteEngine on

  # If vbulletin is in a subdirectory, add it here
  RewriteBase /

  # Retrieve gamedata requests and send to new dbtech locations
  RewriteRule ^arcade/gamedata/(.*) dbtech/vbarcade/media/$1 [L]

  # Retrieve crossdomain requests and send to new dbtech location
  RewriteRule ^crossdomain\.xml dbtech/vbarcade/crossdomain.xml [L]

  # Send hardcoded pnf+ipa scores to arcade instead
  RewriteCond %{QUERY_STRING} func=storeScore [OR]
  RewriteCond %{QUERY_STRING} autocom=arcade [OR]
  RewriteCond %{QUERY_STRING} act=Arcade
  RewriteRule .* arcade.php [L,QSA]

  # Reroute v3arcade liveinstaller
  RewriteCond %{QUERY_STRING} do=liveinstall
  RewriteCond %{REQUEST_URI} v3arcade_admin\.php

  # If you renamed your admincp directory, change it here
  RewriteRule .* %{DOCUMENT_ROOT}/********/arcade_admin.php?%{QUERY_STRING}&do=review&import=browse&system=v3a [L,R=301]
</IfModule>
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********
deny from 203.*********

#Deny attempts to view the Htaccess file and other files.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>

<Files 403.shtml>
order allow,deny
Deny from all
</Files>


# BEGIN W3TC Browser Cache
<IfModule mod_mime.c>
    AddType text/css .css
    AddType application/javascript .js
    AddType application/x-javascript .js
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType text/html A3600
    ExpiresByType text/richtext A3600
    ExpiresByType image/svg+xml A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType text/xml A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType application/x-msdownload A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType application/vnd.ms-access A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType application/vnd.ms-project A31536000
    ExpiresByType application/vnd.oasis.opendocument.database A31536000
    ExpiresByType application/vnd.oasis.opendocument.chart A31536000
    ExpiresByType application/vnd.oasis.opendocument.formula A31536000
    ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
    ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
    ExpiresByType application/vnd.oasis.opendocument.text A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType application/vnd.ms-powerpoint A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/vnd.ms-write A31536000
    ExpiresByType application/vnd.ms-excel A31536000
    ExpiresByType application/zip A31536000
</IfModule>


# BEGIN Compress text files
<ifModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
  AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
  AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
  AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
  AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
  AddOutputFilterByType DEFLATE font/truetype font/opentype


  BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</ifModule>
# END Compress text files
 
 
# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "private, must-revalidate"
  </filesMatch>
</ifModule>
# END Cache-Control Headers
 
# BEGIN Turn ETags Off
FileETag None
# END Turn ETags Off




# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
Here's how to for beginners. Thank siteground.

Establish FTP connection
We will start with the FTP connection establishment.

Open your FileZilla installation and enter the following details:

Hostname - enter your domain name or the name of the hosting server where your account resides;

Username - enter the FTP username (you can use your cPanel username or the one of a new FTP account);

Password - enter the corresponding FTP password;

Port - enter the FTP port (by default it is 21);


Click on the Quickconnect button the establish the FTP connection.

Once the FTP connection is opened you will see the listing of the remote server's files and folders.

Manage Files Using FileZilla
If you have a web site created on your local computer, you will want to make it live by uploading its files on your web server. The cPanel software is installed on all the SiteGround servers. The root folder for the web site content is public_html. Select the web site files in the Local site area. Drag and drop them in the public_html folder under the Remote site area. In this way they will be accessible through your domain name.


Sometimes you need to edit a file's code and update the web site functionality. Right-click on the chosen file and pick the View/Edit option.


The file will be opened in the default text editor. Edit it and then save the changes. The FTP client will recognize the file modifications. It will prompt you whether to upload the modified file back on the server and delete the local copy from your computer.


The other actions which you can perform on the files and folders are:

Download - this option allows you to download files and folders from the remote server to your local computer;

Add files to queue - allows to schedule a later transfer of the files;

Create Directory - allows you to create a new folder under your current location;

Delete - using it you can delete files and folders;

Rename - you can rename files and folders;

File Permissions - allows you to change the file permissions of files and folders; You can alter the owner, the group and the public permissions. You can define whether the files are readable, writable and executable. You can find more details about the file permissions in our cPanel tutorial.

tanzeelniazi 11-12-2013 01:52 PM
@Final kaoss
You are great man :)
Just 1 question
I am using only VBSEO hack https://vborg.vbsupport.ru/showthread.php?t=253516
not a complete software if i use this code i am secure 100% ? i mean upper you give.
i am not using filezilla i use only direct upload :)

MylesM 02-08-2014 10:05 AM
Will any of this work with vBulletin 3.8.x ?

Moh4m4d 02-08-2014 01:13 PM
Quote:
Originally Posted by tanzeelniazi (Post 2460136)
@Final kaoss
You are great man :)
Just 1 question
I am using only VBSEO hack https://vborg.vbsupport.ru/showthread.php?t=253516
not a complete software if i use this code i am secure 100% ? i mean upper you give.
i am not using filezilla i use only direct upload :)
Secure will never ever 100% :)
But with this code , you can be secure more and your forum won't hack soon and easy ;)

ceroalreves 02-08-2014 06:26 PM
Hi, how is this works? i just have to upload it?

Moh4m4d 02-12-2014 08:43 AM
Quote:
Originally Posted by ceroalreves (Post 2479846)
Hi, how is this works? i just have to upload it?
Yes it works , Just upload it in to your root forum

RichieBoy67 02-12-2014 06:13 PM
Quote:
Originally Posted by Moh4m4d (Post 2480553)
Yes it works , Just upload it in to your root forum
Well it depends what he has there currently. If he uploads this and overwrites his existing he could have issues.

Great work though. I really hate working with htaccess but have learned alot from guys like you. Thanks for posting this.

friendlymela 07-21-2015 03:47 PM
nice one but i am not useing vbseo what should i do then?


All times are GMT. The time now is 12:03 PM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01441 seconds
  • Memory Usage 1,961KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (9)bbcode_code_printable
  • (20)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (38)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete