The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Professional Htaccess VB 4
Hi , Professional Htaccess For VBulletin 4 , Advantage : Fix Xss Bug Fix sql Injection Protect From Htaccess Not Run Bug In Forum And ... Code:
# Comment the following line (add '#' at the beginning) # to disable mod_rewrite functions. # Please note: you still need to disable the hack in # the vBSEO control panel to stop url rewrites. RewriteEngine On # Some servers require the Rewritebase directive to be # enabled (remove '#' at the beginning to activate) # Please note: when enabled, you must include the path # to your root vB folder (i.e. RewriteBase /forums/) #RewriteBase / #RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com #RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301] RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php) RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/ RewriteRule ^(.+)$ vbseo.php [L,QSA] RewriteEngine On RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] <files ".htaccess"> order allow,deny deny from all </files> <FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$"> deny from all </FilesMatch> <FilesMatch "^php5?\.(ini|cgi)$"> Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS </FilesMatch> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] #proc/self/environ? no way! RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR] <?php // LFI Vulnerable Code $redirect = $_GET[redirect]; include($redirect); ?> RewriteEngine On RewriteCond %{QUERY_STRING} act= [OR] RewriteCond %{QUERY_STRING} sw= [OR] RewriteCond %{QUERY_STRING} act [OR] RewriteCond %{QUERY_STRING} sw [OR] RewriteCond %{QUERY_STRING} 0x3a [OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC] RewriteRule .* - [L,F] # Prevent use of specified methods in HTTP Request RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] # Block out use of illegal or unsafe characters in the HTTP Request RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] # Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Block out use of illegal characters in URI or use of malformed URI RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] # Block out use of empty User Agent Strings # NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal RewriteCond %{HTTP_USER_AGENT} ^$ [OR] # Block out use of illegal or unsafe characters in the User Agent variable RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Measures to block out SQL injection attacks RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] # Block out reference to localhost/loopback/127.0.0.1 in the Query String RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] # Block out use of illegal or unsafe characters in the Query String variable RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC] |
#2
|
|||
|
|||
Vbseo is dead no need for that in there
|
2 благодарности(ей) от: | ||
Moh4m4d, RichieBoy67 |
#3
|
|||
|
|||
Like what you have here, good job!
Havent really seen anything like it till now. That said, we all know vB left alot to be desired in the oem htaccess offering. I myself had to come up with a completely custom htaccess to just make the url rewrites work properly on my server. Since then, I have added and altered considerably for many different reasons and effects. I want to ask, excluding the vbseo stuff (I dont use it), and excluding the url rewrite (I already spent way too much time making that work for me),... what would you isolate as the most important htaccess addition, or additions, that one should take away from this. |
2 благодарности(ей) от: | ||
Max Taxable, Moh4m4d |
#4
|
|||
|
|||
|
#6
|
|||
|
|||
Quote:
Code:
# Comment the following line (add '#' at the beginning) # to disable mod_rewrite functions. # Please note: you still need to disable the hack in # the vBSEO control panel to stop url rewrites. RewriteEngine On # Some servers require the Rewritebase directive to be # enabled (remove '#' at the beginning to activate) # Please note: when enabled, you must include the path # to your root vB folder (i.e. RewriteBase /forums/) #RewriteBase / #RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com #RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301] RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php) RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/ RewriteRule ^(.+)$ vbseo.php [L,QSA] RewriteEngine On RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] |
#7
|
||||
|
||||
I don't use vB seo.
The question is do I leave all the vbseo related stuff out of the code? Any line with vbseo written should be deleted? Seems you are on to a good idea here.. |
Благодарность от: | ||
Moh4m4d |
#9
|
|||
|
|||
Quote:
|
#10
|
|||
|
|||
Internal Server Error...
|
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|