Go Back   vb.org Archive > vBulletin Article Depository > Read An Article > vBulletin 4 Articles
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools
Professional Htaccess VB 4
Moh4m4d
Join Date: Feb 2010
Posts: 17

Fatal Error !

Ramsar
Show Printable Version Email this Page Subscription
Moh4m4d Moh4m4d is offline 09-06-2013, 10:00 PM

Hi ,

Professional Htaccess For VBulletin 4 ,

Advantage :

Fix Xss Bug

Fix sql Injection

Protect From Htaccess

Not Run Bug In Forum

And ...

Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

<files ".htaccess"> order allow,deny deny from all </files>
<FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$">     deny from all </FilesMatch>

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow 
Deny from All 
Allow from env=REDIRECT_STATUS 
</FilesMatch>

RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

#proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]

<?php
// LFI Vulnerable Code
$redirect = $_GET[redirect];
include($redirect);
?>

RewriteEngine On


RewriteCond %{QUERY_STRING} act= [OR]
RewriteCond %{QUERY_STRING} sw= [OR]
RewriteCond %{QUERY_STRING} act [OR]
RewriteCond %{QUERY_STRING} sw [OR]
RewriteCond %{QUERY_STRING} 0x3a [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC]
RewriteRule .* - [L,F]

# Prevent use of specified methods in HTTP Request 
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] 
# Block out use of illegal or unsafe characters in the HTTP Request 
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] 
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request 
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request 
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
# Block out use of illegal characters in URI or use of malformed URI 
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] 
# Block out  use of empty User Agent Strings
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 
# Block out  use of illegal or unsafe characters in the User Agent variable 
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
# Measures to block out  SQL injection attacks 
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] 
# Block out  reference to localhost/loopback/127.0.0.1 in the Query String 
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] 
# Block out  use of illegal or unsafe characters in the Query String variable 
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
Reply With Quote
  #12  
Old 09-08-2013, 04:36 PM
ozzy47's Avatar
ozzy47 ozzy47 is offline
 
Join Date: Jul 2009
Location: USA
Posts: 10,929
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Well that helps alot, without the error no one can help you.
Reply With Quote
Благодарность от:
synseal
  #13  
Old 09-09-2013, 04:30 AM
crazyboy1661 crazyboy1661 is offline
 
Join Date: Jan 2011
Location: India
Posts: 135
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ozzy47 View Post
Well that helps alot, without the error no one can help you.
Hi ozzy47, i am using vbseo_sitemap-3-0 PL1 mod. Now can you tell me is it good to update with this code in .htaccess?

Also how much it can help in making my site search engines friendly. Does it effect the said mod?

thanks for your efforts
Reply With Quote
  #14  
Old 09-09-2013, 02:55 PM
DemOnstar's Avatar
DemOnstar DemOnstar is offline
 
Join Date: Dec 2012
Posts: 859
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Rich View Post
DemOnstar - trying reading the other posts. smh
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:
Reply With Quote
  #15  
Old 09-09-2013, 03:00 PM
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
Posts: 6,357
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DemOnstar View Post
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file
Reply With Quote
2 благодарности(ей) от:
DemOnstar, Moh4m4d
  #16  
Old 09-09-2013, 03:57 PM
DemOnstar's Avatar
DemOnstar DemOnstar is offline
 
Join Date: Dec 2012
Posts: 859
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by ForceHSS View Post
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file
A somewhat better explanation ForceHSS. Thank you..

May I ask, are you using this script?
Reply With Quote
  #17  
Old 09-10-2013, 02:41 PM
Spangle Spangle is offline
 
Join Date: Jun 2011
Posts: 520
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Doesn't work with 4.2.1, installed on my forum, could only access the home page ( portal) all other links led back to the home page.
Reply With Quote
Благодарность от:
Moh4m4d
  #18  
Old 09-10-2013, 03:49 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

I've moved this to the articles section, for one it had no files uploaded, two it's not a template edit, and three there are other articles regarding .htaccess here already .
Reply With Quote
  #19  
Old 09-10-2013, 03:50 PM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by Spangle View Post
Doesn't work with 4.2.1, installed on my forum, could only access the home page ( portal) all other links led back to the home page.
Using vBSEO? If not see post #6.
Reply With Quote
Благодарность от:
Moh4m4d
  #20  
Old 09-10-2013, 09:51 PM
Spangle Spangle is offline
 
Join Date: Jun 2011
Posts: 520
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by TheLastSuperman View Post
Using vBSEO? If not see post #6.
Yep I tried that.
Reply With Quote
  #21  
Old 09-12-2013, 12:12 PM
crazyboy1661 crazyboy1661 is offline
 
Join Date: Jan 2011
Location: India
Posts: 135
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by DemOnstar View Post
Yes, very helpful..

I read the post above and it says "Delete This codes and use IT" !

If I delete this code then it is not possible to use it...

I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all.

But yes contributor, thanks for your advice...

Tagged for future use. :erm:
Quote:
Originally Posted by ForceHSS View Post
Post 6 means delete all that code from the op posted htaccess file then use the one you just edited. Use notepad ++ to edit the file
Quote:
Originally Posted by ozzy47 View Post
Well that helps alot, without the error no one can help you.
Quote:
Originally Posted by Moh4m4d View Post
Delete This codes and use IT !

Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On

# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /

#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]

RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]

RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
As I am not aware about all these codings, i have a few questions for you!

There are two codes: one in 1st post and second one in 6th post. Now my doubt is

1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess.

2.) You said! Delete This codes and use IT ! Do you want me to replace the entire existing .htaccess code with the one you had provided in post 6?

3.) In post 6 you wrote if you don't use vbseo, Delete This codes and use IT ! I am using vbseo_sitemap-3-0 PL1 mod.Do you want me to continue the vbseo_sitemap-3-0 PL1 mod or remove it before or after altered the .htaccess? So what will be your suggestion for me?

4.) Does my site be Google friendly?

5.) Yet any simple explanation for the users like me?

thanks in advance
Reply With Quote
Благодарность от:
Moh4m4d
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 12:34 AM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.06604 seconds
  • Memory Usage 2,334KB
  • Queries Executed 27 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (2)bbcode_code
  • (10)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)modsystem_article
  • (1)navbar
  • (4)navbar_link
  • (120)option
  • (1)pagenav
  • (1)pagenav_curpage
  • (3)pagenav_pagelink
  • (11)post_thanks_box
  • (12)post_thanks_box_bit
  • (11)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (6)post_thanks_postbit
  • (11)post_thanks_postbit_info
  • (10)postbit
  • (11)postbit_onlinestatus
  • (11)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • fetch_musername
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • post_thanks_function_fetch_thanks_bit_start
  • post_thanks_function_show_thanks_date_start
  • post_thanks_function_show_thanks_date_end
  • post_thanks_function_fetch_thanks_bit_end
  • post_thanks_function_fetch_post_thanks_template_start
  • post_thanks_function_fetch_post_thanks_template_end
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • pagenav_page
  • pagenav_complete
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete