The text below is selected, press Ctrl+C to copy to your clipboard. (⌘+C on Mac) No line numbers will be copied.
Guest
Cpanel Hosting How-to: htaccess example - redirecting www to non-www, https, firewall rules
By Guest on 27th October 2022 11:43:59 PM | Syntax: TEXT | Views: 198


New Paste New paste | Download Paste Download | Toggle Line Numbers Show/Hide line no. | Copy Paste Copy text to clipboard
  1. #Warning: Always backup your .htaccess file prior to making changes, and test it thoroughly.
  2. RewriteEngine on
  3. RewriteBase /
  4.  
  5. #Force https
  6. RewriteCond %{HTTPS} off
  7. RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  8.  
  9. #Force www to non-www with 301 permanent redirect - works on any domain
  10. RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
  11. RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
  12.  
  13. #redirect /index.php or index.html to / (avoid duplicates)
  14. RewriteRule ^(.*)index\.(php|html?)$ /$1 [R=301,NC,L]
  15.  
  16. # block directory browsing
  17. Options All -Indexes
  18.  
  19. #404's
  20. RedirectMatch 404 /\.git
  21. Redirect 404 /cgi-sys/suspendedpage.cgi
  22. Redirect 404 /cgi-bin/
  23.  
  24. #Block xmlrpc.php requests
  25. <Files xmlrpc.php>
  26. order deny, allow
  27. deny from all
  28. </Files>
  29.  
  30. # otherwise forward it to index.php
  31. RewriteCond %{REQUEST_FILENAME} !-f
  32. RewriteCond %{REQUEST_FILENAME} !-d
  33. RewriteRule . index.php
  34.  
  35. #Protect Your .Htaccess File From Hackers Trying To Write New Rules
  36. <files ~ "^.*\.([Hh][Tt][Aa])">
  37. order allow,deny
  38. deny from all
  39. satisfy all
  40. </files>
  41.  
  42. #Limit the file size of uploads - about 1MB
  43. LimitRequestBody 1240000
  44.  
  45. #Prohibit access to /wp-includes
  46. RewriteRule ^wp-admin/includes/ - [F,L]
  47. <IfModule mod_rewrite.c>
  48. RewriteEngine On
  49. RewriteBase /
  50. RewriteRule ^wp-admin/includes/ - [F,L]
  51. RewriteRule !^wp-includes/ - [S=3]
  52. RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
  53. RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
  54. RewriteRule ^wp-includes/theme-compat/ - [F,L]
  55. </IfModule>
  56.  
  57. # 6G FIREWALL/BLACKLIST
  58. # @ https://perishablepress.com/6g/
  59.  
  60. # 6G:[QUERY STRING]
  61. <IfModule mod_rewrite.c>
  62.         RewriteEngine On
  63.         RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
  64.         RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
  65.         RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
  66.         RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
  67.         RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
  68.         RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[) [NC,OR]
  69.         RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
  70.         RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
  71.         RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
  72.         RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
  73.         RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
  74.         RewriteRule .* - [F]
  75. </IfModule>
  76.  
  77. # 6G:[REQUEST METHOD]
  78. <IfModule mod_rewrite.c>
  79.         RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
  80.         RewriteRule .* - [F]
  81. </IfModule>
  82.  
  83. # 6G:[REFERRER]
  84. <IfModule mod_rewrite.c>
  85.         RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
  86.         RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
  87.         RewriteRule .* - [F]
  88. </IfModule>
  89.  
  90. # 6G:[USER AGENT]
  91. <IfModule mod_setenvif.c>
  92.         SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
  93.         SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
  94.        
  95.         # Apache < 2.3
  96.         <IfModule !mod_authz_core.c>
  97.                 Order Allow,Deny
  98.                 Allow from all
  99.                 Deny from env=bad_bot
  100.         </IfModule>
  101.  
  102.         # Apache >= 2.3
  103.         <IfModule mod_authz_core.c>
  104.                 <RequireAll>
  105.                         Require all Granted
  106.                         Require not env bad_bot
  107.                 </RequireAll>
  108.         </IfModule>
  109. </IfModule>
  110.  
  111. # 6G:[REQUEST STRING]
  112. <IfModule mod_alias.c>
  113.         RedirectMatch 403 (?i)([a-z0-9]{2000,})
  114.         RedirectMatch 403 (?i)(https?|ftp|php):/
  115.         RedirectMatch 403 (?i)(base64_encode)(.*)(\()
  116.         RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
  117.         ###RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$
  118.         RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
  119.         RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\{|\}|\[|\]|\|)
  120.         RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|muieblack)
  121.         RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
  122.         RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
  123.         RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
  124. </IfModule>