The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
Professional Htaccess VB 4
Moh4m4d
Join Date: Feb 2010
Posts: 17
Fatal Error ! Ramsar
09-06-2013, 10:00 PM
Hi , Professional Htaccess For VBulletin 4 , Advantage : Fix Xss Bug Fix sql Injection Protect From Htaccess Not Run Bug In Forum And ... Code:
# Comment the following line (add '#' at the beginning)
# to disable mod_rewrite functions.
# Please note: you still need to disable the hack in
# the vBSEO control panel to stop url rewrites.
RewriteEngine On
# Some servers require the Rewritebase directive to be
# enabled (remove '#' at the beginning to activate)
# Please note: when enabled, you must include the path
# to your root vB folder (i.e. RewriteBase /forums/)
#RewriteBase /
#RewriteCond %{HTTP_HOST} !^www\.yourdomain\.com
#RewriteRule (.*) http://www.yourdomain.com/forums/$1 [L,R=301]
RewriteRule ^((urllist|sitemap_).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
RewriteCond %{REQUEST_URI} !(admincp/|modcp/|cron|vbseo_sitemap|api\.php)
RewriteRule ^((archive/)?(.*\.php(/.*)?))$ vbseo.php [L,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/(admincp|modcp|clientscript|cpstyles|images)/
RewriteRule ^(.+)$ vbseo.php [L,QSA]
RewriteEngine On
RewriteRule ^((urllist|sitemap).*\.(xml|txt)(\.gz)?)$ vbseo_sitemap/vbseo_getsitemap.php?sitemap=$1 [L]
<files ".htaccess"> order allow,deny deny from all </files>
<FilesMatch "\.(gif|jpg|png|swf|html|css|js|fla)$"> deny from all </FilesMatch>
<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc\/self\/environ [NC,OR]
<?php
// LFI Vulnerable Code
$redirect = $_GET[redirect];
include($redirect);
?>
RewriteEngine On
RewriteCond %{QUERY_STRING} act= [OR]
RewriteCond %{QUERY_STRING} sw= [OR]
RewriteCond %{QUERY_STRING} act [OR]
RewriteCond %{QUERY_STRING} sw [OR]
RewriteCond %{QUERY_STRING} 0x3a [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|�|�|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|concat).* [NC]
RewriteRule .* - [L,F]
# Prevent use of specified methods in HTTP Request
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
# Block out use of illegal or unsafe characters in the HTTP Request
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Block out use of illegal characters in URI or use of malformed URI
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
# Block out use of empty User Agent Strings
# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
# Block out use of illegal or unsafe characters in the User Agent variable
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
# Measures to block out SQL injection attacks
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
# Block out reference to localhost/loopback/127.0.0.1 in the Query String
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
# Block out use of illegal or unsafe characters in the Query String variable
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
|
|
#13
09-09-2013, 04:30 AM
|
|||
|
|||
Quote:
Also how much it can help in making my site search engines friendly. Does it effect the said mod? thanks for your efforts
|
|
#14
09-09-2013, 02:55 PM
|
||||
|
||||
|
Quote:
I read the post above and it says "Delete This codes and use IT" ! If I delete this code then it is not possible to use it... I think that most contributors and developers assume that others know as much about the ins and outs of code input and manipulation... From a newbie stand point, we, I have no idea whatsoever about ht.access at all. But yes contributor, thanks for your advice... Tagged for future use. :erm:
|
|
#15
09-09-2013, 03:00 PM
|
|||
|
|||
|
Quote:
|
|
#16
09-09-2013, 03:57 PM
|
||||
|
||||
|
Quote:
May I ask, are you using this script?
|
|
#18
09-10-2013, 03:49 PM
|
||||
|
||||
|
I've moved this to the articles section, for one it had no files uploaded, two it's not a template edit, and three there are other articles regarding .htaccess here already
 .
|
|
#19
09-10-2013, 03:50 PM
|
||||
|
||||
|
Quote:
|
| Благодарность от: | ||
| Moh4m4d | ||
|
#21
09-12-2013, 12:12 PM
|
||||
|
||||
|
Quote:
Quote:
Quote:
Quote:
There are two codes: one in 1st post and second one in 6th post. Now my doubt is 1.) I am not using vbseo but using vbseo_sitemap-3-0 PL1 mod. So there were little changes in .htaccess. 2.) You said! Delete This codes and use IT ! Do you want me to replace the entire existing .htaccess code with the one you had provided in post 6? 3.) In post 6 you wrote if you don't use vbseo, Delete This codes and use IT ! I am using vbseo_sitemap-3-0 PL1 mod.Do you want me to continue the vbseo_sitemap-3-0 PL1 mod or remove it before or after altered the .htaccess? So what will be your suggestion for me? 4.) Does my site be Google friendly? 5.) Yet any simple explanation for the users like me? thanks in advance
|
| Благодарность от: | ||
| Moh4m4d | ||
 |
«
Previous Thread
|
Next Thread
»
|
|
All times are GMT. The time now is 09:39 AM.