PHP Classes
elePHPant
Icontem

File: .htaccess

Recommend this page to a friend!
  Classes of Saro Carvello  >  PHP Web MVC Framework  >  .htaccess  >  Download  
File: .htaccess
Role: Auxiliary data
Content type: text/plain
Description: Auxiliary data
Class: PHP Web MVC Framework
MVC framework providing autogenerated MySQL models
Author: By
Last change:
Date: 1 year ago
Size: 4,564 bytes
 

Contents

Class file image Download
# .htaccess
# Main Web MVC Framework Rewrite Rules for routing request to index.php and securing website
#
# copyright (c) 2016 Rosario Carvello <rosario.carvello@gmail.com> - All rights reserved.
# see License.txt file
# license BSD Clause 3 License
# license https://opensource.org/licenses/BSD-3-Clause This software is distributed under BSD-3-Clause Public License

# Disables directory listing
# Disabilita il listing delle directory
Options -Indexes

# Set Apache Rewrite Engine to On
# Attiva il Rewrite Engine di Apache
RewriteEngine On

# Ignores errors for not founded directories and apply the RewriteRule
# Ignora l'errore sul posizionamento nell directory che non esistono e applica il RewriteRule
RewriteCond %{REQUEST_FILENAME} !-d

# Ignores errors for not founded files and apply the RewriteRule
# Ignora l'errore del caricamento dei file che non esistono e procedi con il RewriteRule
RewriteCond %{REQUEST_FILENAME} !-f

# Ignores errors for not founded links and apply the RewriteRule
# Ignora l'errore dei link che non esistono e procedi con il RewriteRule
RewriteCond %{REQUEST_FILENAME} !-l

# A simple rule to routes the URL request to index.php with a parameter named url and containing the requested url value.
# Routing di tutte le richieste che non possono essere eseguite a index.php con parametro url contenente l'URL sottomessa.
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]

# File Protection
# Protezione del file .htacess
<Files .htaccess>
    Order Allow,Deny
    Deny from all
</Files>

# Secure website using
# Sicurezza del sito
Options +FollowSymlinks
ServerSignature Off
# Rule #4a - Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Rule #4b - Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Rule #4c - Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
# Rule #4d - Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
# Rule #4e - Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

# Prevent XSS attacks
# Prevenzione attacchi XSS
RewriteCond %{QUERY_STRING} http://([a-zA-Z0-9_\-]*) [NC,OR]
RewriteCond %{QUERY_STRING} http:/([a-zA-Z0-9_\-]*) [NC,OR]
RewriteCond %{QUERY_STRING} cmd= [NC,OR]
RewriteCond %{QUERY_STRING} &cmd [NC,OR]
RewriteCond %{QUERY_STRING} exec [NC,OR]
RewriteCond %{QUERY_STRING} execu [NC,OR]
RewriteCond %{QUERY_STRING} concat [NC]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\|\|%0A|%0D).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT}^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark|print|printf|system|exec|scanf).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|).* [NC]
RewriteRule ^.* - [F]

# Prevent SQL injections
# Prevenzione SQL injections
RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)ALL([%20\ /\*+]*)SELECT [NC,OR]
RewriteCond %{QUERY_STRING} UNION([%20\ /\*+]*)SELECT [NC,OR]
RewriteCond %{QUERY_STRING} /\* [NC,OR]
RewriteCond %{QUERY_STRING} \*/ [NC]
RewriteRule ^.* - [F]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} http:.*\/.*\/ [OR]
RewriteCond %{QUERY_STRING} ..*\/ [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteCond %{QUERY_STRING} [^az](declare|char|set|cast|convert|delete|drop|exec|insert|meta|script|select|truncate|update)[^a-z] [NC]
RewriteRule (.*) - [F]