Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 4 Articles
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Step by Step guide to speed up your VB4 OR VB3
final kaoss
Join Date: Apr 2006
Posts: 1,314

 

Show Printable Version Email this Page Subscription
final kaoss final kaoss is offline 07-27-2011, 10:00 PM

There are several steps to improve your page loading speed. I will go over a few steps that will improve your site's loading time.

Step 1: Tweak your htaccess.
Open the htaccess file in your forum root and add the following below any url rewrite rules you may have from:
Vbulletin 3 or 4 with VBSEO installed
VB4 Forum Classic
VB4 Suite
VB3 by itself

This covers the following Pagespeed Rules.

Leverage browser caching
Specify a cache validator
Enable gzip compression

Make the following changes in your admincp

Code:
Mod Rewrite Friendly URLs

From: Settings > Options > Friendly Urls: Select Mod Rewrite Friendly Urls
This helps to cache nearly any file type that you may add in your attachment options (if you allow people to upload music files, zip files, rar files etc.. see the list lol)

*some people report login problems, I have posted below what works for me. Be sure to do this step as well to avoid problems!!
https://vborg.vbsupport.ru/showthread.php?t=267588#3

Browse to the bottom of this first post for the .htaccess code.

Step 2: Optimize images
There is no more need to do this for vb4 packages unless you wish to do this on other images such as avatars, custom buttons, attachments, gallery uploads etc.

This covers the following PageSpeed Rules:

Optimize Images

If you have access to Visual Studio 2010 (grab the trial edition here which should be compatible with the addon), you can complete this step in just a few clicks using this addon
http://visualstudiogallery.msdn.micr...77c3?SRC=VSIDE

You can also use pnggauntlet which will compress images as well.

This is great to use on new skins/themes and also non animated gifs for Smileys, Signatures, Photo Album & Group Images and Avatars that your forum stores on your server!

Please note that both of these methods produce lossless images, meaning that even though it uses various methods to decrease file size there is absolutely no visual loss in quality of the image.

For non-windows users, I suggest Imageoptim & Trimage

If you have alot of jpeg images, you can compress 10 per day with this jpegmini. Your other options with this tool are to upload jpegs to a jpegmini album which will compress the images for free which you can download soon after! Your other option is to buy the tool for $20, which will enable you to compress a unlimited amount of jpegs, although it won't compress images above 28 MegaPixels.



Optional Step 3: Add CSS Sprites.
Not compatible with VB3

This covers the following PageSpeed Rules:

Combine images using CSS sprites

Code:
Install the addon United-Forum CSS Sprites and follow all of the instructions.  Can be found in the sprite_0.6.3a.zip file.
Optional Step 4: Use a CDN
Below are 3 free CDN's. I can vouch for cloudflare but have yet to try incapsula.

1) Incapsula
2) Cloudflare *Disable the Rocketloader feature to avoid potential issues.
New article on how to setup your forum for HTTPS with cloudflare

(Optional) Step 5: Make a free Server Optimization request

Now that you've done all of the steps above, there is one final thing left to do if you are using a vps or dedi, tweak the Server! You can go here to request a free tuneup:
http://www.vbulletin.com/forum/forum...-configuration

Here's one additional trick to help improve your seo btw:
[SEO Enhancement] Replace "reload this page" to the thread title [v1.00]

Enjoy!

Optional (Recommended) Step 7: Lazy load images.

Lazy Load will delay the loading of images outside of viewpoint to make the page load faster. That is, images in the visible part of the web page are only loaded and remaining images are loaded when visitor scrolls down the page, at some times it can even helps to save bandwidth.

Consider linking to us at http://video-game-chat.com/forum to help show your appreciation, since you'll be saving bandwith, reducing the loading time and thus keeping more visitors who visit your site. And impoving seo as google is now factoring in loading times into it's algorithms.

Test your page speed & yslow score's
If you would like to test your website and see what changes need to be made while you follow any part of this guide you can do so at several sites:

GTMetrix
Webpage Test
Pingdom

Here's a new htaccess that I've been testing, it's pretty solid so far. Simply throw in your url rewrite rules (for friendly urls).... this part may confuse people... they are usually located near the top of an existing htaccess file. Example of what rewrite rules look like...

Code:
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d

RewriteRule ^.*$ - [NC,L]

# Forum
RewriteRule ^threads/.* showthread.php [QSA]
RewriteRule ^forums/.* forumdisplay.php [QSA]
RewriteRule ^members/.* member.php [QSA]
Throw that in between the #add your friendly url rewrite rules below. lines and your set! Another identifier is to look to see if the threads, forums, members etc are being affected by any rules in the old .htaccess... if so.. throw that in and you should have no problems.

Code:
# Author: Final Kaoss (aka: Extreme-Gaming)
# Version 3.2
# Special Thanks Goes to W3Total Cache for much of the htaccess rules
RewriteEngine on

# This file is only needed if you have set the Forum Component URL in your admincp and you are
# using the mod_rewrite option for friendly urls.  If this is the case, copy this file
# to your forum component stub directory.

# If you are having problems or are using VirtualDocumentRoot, uncomment this line and set it to your forum component directory.  
#If your site is located at site.com/forum, then go down one line uncomment (remove the #) and replace /vbtest/ with /forum/
# RewriteBase /vbtest/

# If you are having problems with the rewrite from content/ to content.php, uncomment this line to turn MultiViews off.
 Options -MultiViews
#add your friendly url rewrite rules below.

#stop adding your friendly url rewrite rules here.


#Deny attempts to view the Htaccess file.
<Files .htaccess>
Order allow,deny
Deny from all
</Files>


# BEGIN W3TC Browser Cache
<IfModule mod_mime.c>
    AddType text/css .css
    AddType application/javascript .js
    AddType application/x-javascript .js
    AddType text/html .html .htm
    AddType text/richtext .rtf .rtx
    AddType image/svg+xml .svg .svgz
    AddType text/plain .txt
    AddType text/xsd .xsd
    AddType text/xsl .xsl
    AddType text/xml .xml
    AddType video/asf .asf .asx .wax .wmv .wmx
    AddType video/avi .avi
    AddType image/bmp .bmp
    AddType application/java .class
    AddType video/divx .divx
    AddType application/msword .doc .docx
    AddType application/x-msdownload .exe
    AddType image/gif .gif
    AddType application/x-gzip .gz .gzip
    AddType image/x-icon .ico
    AddType image/jpeg .jpg .jpeg .jpe
    AddType application/vnd.ms-access .mdb
    AddType audio/midi .mid .midi
    AddType video/quicktime .mov .qt
    AddType audio/mpeg .mp3 .m4a
    AddType video/mp4 .mp4 .m4v
    AddType video/mpeg .mpeg .mpg .mpe
    AddType application/vnd.ms-project .mpp
    AddType application/vnd.oasis.opendocument.database .odb
    AddType application/vnd.oasis.opendocument.chart .odc
    AddType application/vnd.oasis.opendocument.formula .odf
    AddType application/vnd.oasis.opendocument.graphics .odg
    AddType application/vnd.oasis.opendocument.presentation .odp
    AddType application/vnd.oasis.opendocument.spreadsheet .ods
    AddType application/vnd.oasis.opendocument.text .odt
    AddType audio/ogg .ogg
    AddType application/pdf .pdf
    AddType image/png .png
    AddType application/vnd.ms-powerpoint .pot .pps .ppt .pptx
    AddType audio/x-realaudio .ra .ram
    AddType application/x-shockwave-flash .swf
    AddType application/x-tar .tar
    AddType image/tiff .tif .tiff
    AddType audio/wav .wav
    AddType audio/wma .wma
    AddType application/vnd.ms-write .wri
    AddType application/vnd.ms-excel .xla .xls .xlsx .xlt .xlw
    AddType application/zip .zip
</IfModule>
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType text/css A31536000
    ExpiresByType application/x-javascript A31536000
    ExpiresByType text/html A3600
    ExpiresByType text/richtext A3600
    ExpiresByType image/svg+xml A3600
    ExpiresByType text/plain A3600
    ExpiresByType text/xsd A3600
    ExpiresByType text/xsl A3600
    ExpiresByType text/xml A3600
    ExpiresByType video/asf A31536000
    ExpiresByType video/avi A31536000
    ExpiresByType image/bmp A31536000
    ExpiresByType application/java A31536000
    ExpiresByType video/divx A31536000
    ExpiresByType application/msword A31536000
    ExpiresByType application/x-msdownload A31536000
    ExpiresByType image/gif A31536000
    ExpiresByType application/x-gzip A31536000
    ExpiresByType image/x-icon A31536000
    ExpiresByType image/jpeg A31536000
    ExpiresByType application/vnd.ms-access A31536000
    ExpiresByType audio/midi A31536000
    ExpiresByType video/quicktime A31536000
    ExpiresByType audio/mpeg A31536000
    ExpiresByType video/mp4 A31536000
    ExpiresByType video/mpeg A31536000
    ExpiresByType application/vnd.ms-project A31536000
    ExpiresByType application/vnd.oasis.opendocument.database A31536000
    ExpiresByType application/vnd.oasis.opendocument.chart A31536000
    ExpiresByType application/vnd.oasis.opendocument.formula A31536000
    ExpiresByType application/vnd.oasis.opendocument.graphics A31536000
    ExpiresByType application/vnd.oasis.opendocument.presentation A31536000
    ExpiresByType application/vnd.oasis.opendocument.spreadsheet A31536000
    ExpiresByType application/vnd.oasis.opendocument.text A31536000
    ExpiresByType audio/ogg A31536000
    ExpiresByType application/pdf A31536000
    ExpiresByType image/png A31536000
    ExpiresByType application/vnd.ms-powerpoint A31536000
    ExpiresByType audio/x-realaudio A31536000
    ExpiresByType application/x-shockwave-flash A31536000
    ExpiresByType application/x-tar A31536000
    ExpiresByType image/tiff A31536000
    ExpiresByType audio/wav A31536000
    ExpiresByType audio/wma A31536000
    ExpiresByType application/vnd.ms-write A31536000
    ExpiresByType application/vnd.ms-excel A31536000
    ExpiresByType application/zip A31536000
</IfModule>


# BEGIN Compress text files
<ifModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/xml text/css text/plain
  AddOutputFilterByType DEFLATE image/svg+xml application/xhtml+xml application/xml
  AddOutputFilterByType DEFLATE application/rdf+xml application/rss+xml application/atom+xml
  AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript application/json
  AddOutputFilterByType DEFLATE application/x-font-ttf application/x-font-otf
  AddOutputFilterByType DEFLATE font/truetype font/opentype


  BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</ifModule>
# END Compress text files
 
 
# BEGIN Cache-Control Headers
<ifModule mod_headers.c>
Header set Connection keep-alive 
  <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(css)$">
    Header set Cache-Control "public"
  </filesMatch>
  <filesMatch "\.(js)$">
    Header set Cache-Control "private"
  </filesMatch>
  <filesMatch "\.(x?html?|php)$">
    Header set Cache-Control "private, must-revalidate"
  </filesMatch>
</ifModule>
# END Cache-Control Headers
 
# BEGIN Turn ETags Off
FileETag None
# END Turn ETags Off




# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})

##
##&nbsp; Commented version of Rewrite rules attributed to Ronald van den Heetkamp
##&nbsp; Comments by http://bodvoc.com
#
# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
# Block out use of illegal or unsafe characters in the HTTP Request
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal characters in URI or use of malformed URI
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
# Block out  use of empty User Agent Strings
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
# Block out  use of User Agent Strings beginning with java, curl or wget
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
# Block out  use of User Agent Strings containing specific robot (crawler) identifiers
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
# Block out  use of User Agent Strings containing references to specific crawler libraries
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
# Block out  use of illegal or unsafe characters in the User Agent variable
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Measures to block out  SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
# Block out  reference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
# Block out  use of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
#
## End of commented Rewrite directives
#
Reply With Quote
  #192  
Old 03-09-2014, 11:46 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Here is my latest results for my site, pretty frigging good for vB4, http://www.webpagetest.org/result/140309_D0_RWZ/
Reply With Quote
  #193  
Old 03-10-2014, 01:25 AM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Now if only vb.org did some of the changes
http://www.webpagetest.org/result/140310_RR_1G9/
Reply With Quote
  #194  
Old 03-10-2014, 01:26 AM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Yeah it could use some tweaking, but it is vB3, so it loads quickly.
Reply With Quote
  #195  
Old 03-10-2014, 02:47 AM
Max Taxable's Avatar
Max Taxable Max Taxable is offline
 
Join Date: Feb 2011
Posts: 3,134
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by final kaoss View Post
Now if only vb.org did some of the changes
http://www.webpagetest.org/result/140310_RR_1G9/
They have some images that need to be optimized, and some they really can't control because they are avatars.

But when we test their home page, we see result without avatars and the images they need to optimize are listed: http://www.webpagetest.org/result/14...ompress_images

But it only winds up being a savings of 4.8kb, hardly seems worth the effort just to get a A grade on that..

However they're not caching static assets very well.
HTML Code:
Leverage browser caching of static assets: 3/100

FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/redstyle.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/whitestyle.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/greenstyle.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/bluestyle.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/purplestyle.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/misc/stats.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/misc/birthday.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/misc/menu_open.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/header.jpg
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/tcat.jpg
FAILED - (No max-age or expires) - http://www.vbulletin.org/favicon.ico
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/bottomshade.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/headbg.jpg
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/vheader.jpg
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/button2.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/misc/whos_online.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/buttons/collapse_thead.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/clientscript/vbulletin_menu.js?v=3612
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/vblogo.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/clientscript/vborg_miscactions.js?v=3612
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/clientscript/blue.css
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/clientscript/vbulletin_global.js?v=3612
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/clientscript/vbulletin_md5.js?v=3612
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/bodybkgd950px.jpg
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/buttons/lastpost.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/clientscript/vbulletin_read_marker.js?v=3612
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/statusicon/subforum_old.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/statusicon/forum_old.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/misc/navbits_start.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru/images/cstyle/blue/buttons/collapse_tcat.gif
FAILED - (No max-age or expires) - https://vborg.vbsupport.ru
And that's a very easy .htaccess fix.

But with only 90 total KB loaded and only 34 requests, it's not nearly as bad as the grades might seem to make it look.

It's about 15 minutes work to fix everything here and get straight A grades.
Reply With Quote
  #196  
Old 03-10-2014, 11:54 AM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

It wouldn't even take 15 minutes to apply the caching. Maybe 1-3 at most depending on who's modifying it but yeah that is one of the big issues is not having their static elements being cached.
Reply With Quote
  #197  
Old 03-22-2014, 06:05 AM
bzcomputers's Avatar
bzcomputers bzcomputers is offline
 
Join Date: Apr 2012
Location: TX
Posts: 503
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I noticed a couple issues at the bottom of the last two sections in the suggested .htaccess file:

Code:
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
*** ADD RULE HERE***
##
##&nbsp; Commented version of Rewrite rules attributed to Ronald van den Heetkamp
##&nbsp; Comments by http://bodvoc.com
#
# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
# Block out use of illegal or unsafe characters in the HTTP Request
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal characters in URI or use of malformed URI
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
# Block out  use of empty User Agent Strings
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
# Block out  use of User Agent Strings beginning with java, curl or wget
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
# Block out  use of User Agent Strings containing specific robot (crawler) identifiers
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
# Block out  use of User Agent Strings containing references to specific crawler libraries
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
# Block out  use of illegal or unsafe characters in the User Agent variable
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Measures to block out  SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
# Block out  reference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
# Block out  use of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
*** ADD RULE HERE***
#
## End of commented Rewrite directives
#
The problem with this is you have all these rewrite conditions then at the end you don't have a rewrite rule. You need to add something like this:

Code:
# Send all blocked requests to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
In the two spots where I placed *** ADD RULE HERE*** in the code block above.

-------------------------------------------------------------------------------------------

...also suggest a slight change to this line:
Code:
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
to this:
Code:
# Block out any script trying to base64_encode or base64_decode data via URL
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
Reply With Quote
Благодарность от:
Krusty1231
  #198  
Old 03-22-2014, 09:57 AM
Disco_Dave's Avatar
Disco_Dave Disco_Dave is offline
 
Join Date: May 2011
Location: Belfast
Posts: 586
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by bzcomputers View Post
I noticed a couple issues at the bottom of the last two sections in the suggested .htaccess file:

Code:
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
*** ADD RULE HERE***
##
##&nbsp; Commented version of Rewrite rules attributed to Ronald van den Heetkamp
##&nbsp; Comments by http://bodvoc.com
#
# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
# Block out use of illegal or unsafe characters in the HTTP Request
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal characters in URI or use of malformed URI
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
# Block out  use of empty User Agent Strings
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
# Block out  use of User Agent Strings beginning with java, curl or wget
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
# Block out  use of User Agent Strings containing specific robot (crawler) identifiers
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
# Block out  use of User Agent Strings containing references to specific crawler libraries
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
# Block out  use of illegal or unsafe characters in the User Agent variable
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Measures to block out  SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
# Block out  reference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
# Block out  use of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
*** ADD RULE HERE***
#
## End of commented Rewrite directives
#
The problem with this is you have all these rewrite conditions then at the end you don't have a rewrite rule. You need to add something like this:

Code:
# Send all blocked requests to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
In the two spots where I placed *** ADD RULE HERE*** in the code block above.

-------------------------------------------------------------------------------------------

...also suggest a slight change to this line:
Code:
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
to this:
Code:
# Block out any script trying to base64_encode or base64_decode data via URL
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]

I use this one also, I wonder if there's something in mine that stops my dbseocp panel taking me back to the ACP.....I need one you guys to may be run your eyes over mine
Reply With Quote
  #199  
Old 03-22-2014, 04:39 PM
bzcomputers's Avatar
bzcomputers bzcomputers is offline
 
Join Date: Apr 2012
Location: TX
Posts: 503
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Disco_Dave View Post
I use this one also, I wonder if there's something in mine that stops my dbseocp panel taking me back to the ACP.....I need one you guys to may be run your eyes over mine
PM me a copy and I'll look at it.
Reply With Quote
Благодарность от:
Disco_Dave
  #200  
Old 03-31-2014, 07:00 PM
tpearl5's Avatar
tpearl5 tpearl5 is offline
 
Join Date: Nov 2001
Location: PA
Posts: 1,014
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

remember, you really have no reason to use mod_deflate if your server is already set to use gzip.
Reply With Quote
Благодарность от:
Max Taxable
  #201  
Old 03-31-2014, 08:27 PM
final kaoss final kaoss is offline
 
Join Date: Apr 2006
Posts: 1,314
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You'll be just fine using mod_deflate. Just turn off vbulletin's gzip function otherwise, you'll be increasing load for no reason plus I don't believe vbulletins gzip feature covers everything.

Quote:
The mod_deflate module is similar to mod_gzip, but usable only with Apache v2. Early versions of mod_deflate provided lesser amount of compression than mod_gzip.[2] Starting with Apache 2.0.45, the compression level of mod_deflate is configurable using the DeflateCompressionLevel directive, so this difference disappeared.
A mod_gz module was independently developed by Ian Holsman. This module implements a gzip compression filter for Apache 2.0, providing similar functionality to mod_gzip. One important difference between the two modules is that mod_gzip includes its own gzip implementation, whereas mod_gz relies on an external zlib library.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 05:38 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.05100 seconds
  • Memory Usage 2,401KB
  • Queries Executed 26 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (12)bbcode_code
  • (1)bbcode_html
  • (4)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (4)pagenav_pagelink
  • (1)pagenav_pagelinkrel
  • (11)post_thanks_box
  • (23)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (4)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete