Block the most common type of exploit `attempts` to Joomla and redirect some pages | BOT24

Block the most common type of exploit `attempts` to Joomla and redirect some pages


##
# @package      Joomla
# @copyright    Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license      GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## Can be commented out if causes errors, see notes above. Options +FollowSymLinks

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*([^)]*) [OR]
# Block out any script that includes a <script> tag in URL. RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL. RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL. RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.

## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#

# rewrite rule to redirect when going from /index.php/ to using a htaccess file
# so example.com/index.php/something goes to example.com/something
# you must replace http://www.example.com by your own web site root url
# if in a subdirectory, adjust as needed. For instance,
# replace http://www.example.com with http://www.myownsite.com/joomla RewriteRule ^index.php/(.*)$ http://www.domain.dk/$1 [R=301,L]

RewriteCond %{THE_REQUEST} !^POST RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /([^/]+/)*index.php/([^ ]*) HTTP/ RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ RewriteRule ^(([^/]+/)*)index.php/(.*)$ http%2://www.domain.dk/$1$2 [R=301,L]

########## Begin - 301 Redirect
# RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /([^/]+/)*(index|home).html? HTTP/ RewriteRule ^(([^/]+/)*)(index|home).html?$ http://www.domain.dk/$1 [R=301,L]
# RewriteCond %{THE_REQUEST} !^POST RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /([^/]+/)*index.php HTTP/ RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ RewriteRule ^(([^/]+/)*)index.php$ http%2://www.domain.dk/$1 [R=301,L]
# RewriteCond %{HTTP_HOST} !^(www.domain.dk)?$ RewriteRule (.*) http://www.domain.dk/$1 [R=301,L]
#

########## End - 301 Redirect



########## redirection ###########


# rewrite rule to redirect when going from /index.php?/ to using a htaccess file
# so example.com/index.php?/something goes to example.com/something
# you must replace http://www.example.com by your own web site root url
# if in a subdirectory, adjust as needed. For instance,
# replace http://www.example.com with http://www.myownsite.com/joomla

### RewriteCond %{QUERY_STRING} /(.*)
### RewriteRule .* - [E=SH404SEF_REDIRECT_TARGET:%1]

### RewriteCond %{ENV:SH404SEF_REDIRECT_TARGET} !^$
### RewriteCond %{ENV:SH404SEF_REDIRECT_TARGET} ![?]
### RewriteRule .* http://www.domain.dk/%{ENV:SH404SEF_REDIRECT_TARGET}? [R=301,L,NE]

### RewriteCond %{ENV:SH404SEF_REDIRECT_TARGET} !^$
### RewriteCond %{ENV:SH404SEF_REDIRECT_TARGET} [?]
### RewriteRule .* http://www.domain.dk/%{ENV:SH404SEF_REDIRECT_TARGET} [R=301,L,NE]

########## redirection End #######


RewriteEngine On

RewriteCond %{QUERY_STRING} ^pop.*$  RewriteRule ^(.*)$   http://www.domain.dk/$1? [R=301,L]

RewriteCond %{QUERY_STRING} ^format=html.*$  RewriteRule ^(.*)$   http://www.domain.dk/$1? [R=301,L]

RewriteCond %{QUERY_STRING} ^id=2.*$  RewriteRule ^(.*)$   http://www.domain.dk/$1? [R=301,L]

##RewriteCond %{QUERY_STRING} ^option=com_redshop&view=product&pid=914&cid=246&Itemid=2.*$
##RewriteRule ^(.*)$   http://www.domain.dk/udsalgsskilte/sale/sale-rund-flap-gul-hvid/$1? [R=301,L]




## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

# RewriteBase /

## Begin - Joomla! core SEF Section.
# RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script RewriteCond %{REQUEST_URI} !^/index.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions RewriteCond %{REQUEST_URI} /component/|(/[^.]*|.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.



ErrorDocument 404 /templates/yoo_balance/error.php

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule .*  http://www.print.dk/index.php?%{QUERY_STRING} [L]
</IfModule>




//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information
Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment