The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
Professional Htaccess VB 4
Hi , Professional Htaccess For VBulletin 4 , Advantage : Fix Xss Bug Fix sql Injection Protect From Htaccess Not Run Bug In Forum And ... Code:
# Comment the following line (add '#' at the beginning) # to disable mod_rewrite functions. # Please note: you still need to disable the hack in # the vBSEO control panel to stop url rewrites. RewriteEngine On # Some servers require the Rewritebase directive to be # enabled (remove '#' at the beginning to activate) # Please note: when enabled, you must include the path # to your root vB folder (i.e. RewriteBase /forums/) #RewriteBase / #RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com #RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301] RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php) RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/ RewriteRule ^(.+)$ vbseo.php [L,QSA] RewriteEngine On RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L] <files ".htaccess"> order allow,deny deny from all </files> <FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$"> deny from all </FilesMatch> <FilesMatch "^php5?\.(ini|cgi)$"> Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS </FilesMatch> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] #proc/self/environ? no way! RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR] <?php // LFI Vulnerable Code $redirect = $_GET[redirect]; include($redirect); ?> RewriteEngine On RewriteCond %{QUERY_STRING} act= [OR] RewriteCond %{QUERY_STRING} sw= [OR] RewriteCond %{QUERY_STRING} act [OR] RewriteCond %{QUERY_STRING} sw [OR] RewriteCond %{QUERY_STRING} 0x3a [OR] RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC] RewriteRule .* - [L,F] # Prevent use of specified methods in HTTP Request RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] # Block out use of illegal or unsafe characters in the HTTP Request RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] # Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Block out use of illegal characters in URI or use of malformed URI RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] # Block out use of empty User Agent Strings # NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal RewriteCond %{HTTP_USER_AGENT} ^$ [OR] # Block out use of illegal or unsafe characters in the User Agent variable RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] # Measures to block out SQL injection attacks RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] # Block out reference to localhost/loopback/127.0.0.1 in the Query String RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] # Block out use of illegal or unsafe characters in the Query String variable RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC] |
#13
|
|||
|
|||
Hi ozzy47, i am using vbseo_sitemap-3-0 PL1 mod. Now can you tell me is it good to update with this code in .htaccess?
Also how much it can help in making my site search engines friendly. Does it effect the said mod? thanks for your efforts |
#14
|
||||
|
||||
Yes, very helpful..
I read the post above and it says "Delete This codes and use IT" ! If I delete this code then it is not possible to use it... I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all. But yes contributor, thanks for your advice... Tagged for future use. :erm: |
#15
|
|||
|
|||
Quote:
|
#16
|
||||
|
||||
Quote:
May I ask, are you using this script? |
#18
|
||||
|
||||
I've moved this to the articles section, for one it had no files uploaded, two it's not a template edit, and three there are other articles regarding .htaccess here already .
|
#20
|
|||
|
|||
|
#21
|
|||
|
|||
Quote:
Quote:
Quote:
There are two codes: one in 1st post and second one in 6th post. Now my doubt is 1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess. 2.) You said! Delete This codes and use IT ! Do you want me to replace the entire existing .htaccess code with the one you had provided in post 6? 3.) In post 6 you wrote if you don't use vbseo, Delete This codes and use IT ! I am using vbseo_sitemap-3-0 PL1 mod.Do you want me to continue the vbseo_sitemap-3-0 PL1 mod or remove it before or after altered the .htaccess? So what will be your suggestion for me? 4.) Does my site be Google friendly? 5.) Yet any simple explanation for the users like me? thanks in advance |
Благодарность от: | ||
Moh4m4d |
Thread Tools | |
|
|
X vBulletin 3.8.12 by vBS Debug Information | |
---|---|
|
|
More Information | |
Template Usage:
Phrase Groups Available:
|
Included Files:
Hooks Called:
|