htaccess mobile redirect - .htaccess

I have a desktop and mobile site - I have the following in my htaccess file which means on a mobile site it gets stuck in a loop trying to redirect back to the main root of the domain and back to the mobile site folder on the domain.
How can I stop this happening?
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.domain.co.uk$ [NC]
RewriteRule ^(.*)$ http://www.domain.co.uk/$1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) /404.php [R=301,L]
RewriteCond %{THE_REQUEST} ^.*/index.php
RewriteRule ^(.*)index.php$ http://www.domain.co.uk/$1 [R=301,L]
ErrorDocument 404 /404.php
ExpiresActive On
ExpiresDefault "access plus 20000 seconds"
Header unset ETag
FileETag None
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /domain-news/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /domain-news/index.php [L]
</IfModule>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
RewriteEngine On
RewriteCond %{QUERY_STRING} ^file=(.+)$
RewriteRule ^(.+)\.aspx$ $1.php?f=%1
RewriteEngine on
RewriteBase /
# Check if this is the noredirect query string
RewriteCond %{QUERY_STRING} (^|&)m=0(&|$)
# Set a cookie, and skip the next rule
RewriteRule ^ - [CO=mredir:0:www.domain.co.uk]
# Check if this looks like a mobile device
# (You could add another [OR] to the second one and add in what you
# had to check, but I believe most mobile devices should send at
# least one of these headers)
RewriteCond %{HTTP:x-wap-profile} !^$ [OR]
RewriteCond %{HTTP:Profile} !^$ [OR]
RewriteCond %{HTTP_USER_AGENT}"acs|alav|alca|amoi|audi|aste|avan|benq|bird|blac|blaz|brew|cell|cldc|cmd-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "dang|doco|eric|hipt|inno|ipaq|java|jigs|kddi|keji|leno|lg-c|lg-d|lg-g|lge-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "maui|maxo|midp|mits|mmef|mobi|mot-|moto|mwbp|nec-|newt|noki|opwv" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "palm|pana|pant|pdxg|phil|play|pluc|port|prox|qtek|qwap|sage|sams|sany" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "sch-|sec-|send|seri|sgh-|shar|sie-|siem|smal|smar|sony|sph-|symb|t-mo" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "teli|tim-|tosh|tsm-|upg1|upsi|vk-v|voda|w3cs|wap-|wapa|wapi" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "wapp|wapr|webc|winw|winw|xda|xda-" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "up.browser|up.link|windowssce|iemobile|mini|mmp" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "symbian|midp|wap|phone|pocket|mobile|pda|psp" [NC]
RewriteCond %{HTTP_USER_AGENT} !macintosh [NC]
# Check if we're not already on the mobile site
RewriteCond %{HTTP_HOST} !^m\.
# Can not read and write cookie in same request, must duplicate condition
RewriteCond %{QUERY_STRING} !(^|&)m=0(&|$)
# Check to make sure we haven't set the cookie before
RewriteCond %{HTTP_COOKIE} !^.*mredir=0.*$ [NC]
# Now redirect to the mobile site
RewriteRule ^ http://www.domain.co.uk/m [R,L]

There may be a better way but i took out the look ups for if the site is a mobile and put
#mobile redirect
RewriteCond %{REQUEST_URI} !^/m/.*$
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera|mobile|palmos|webos|googlebot-mobile" [NC]
RewriteRule ^(.*)$ /m/$1 [R=301,L]
Which has worked nicely.

Related

Remove Double trailing slash - open cart

i have been contiously upgrading my htaccess file. however, there are 2 issues I just cant seem to fix. I have tried several approaches but nothing really worked for me.
my website: https://www.zeroohm.com/
my questions:
How can I remove the extra trailing slash when i go to zeroohm.com
currently, if i go to zeroohm.com, it redirects to https://www.zeroohm.com//
if i go to www.zeroohm.com/robots.txt/ , it stops me from viewing my robots.txt file (an error occured while processing this directive). how can i fix this? this problem happens to sitemap.xml and it is causing problems with webmaster tool too.
C. any ideas on improving my re-directs?
my htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} ^zeroohm\.ae$ [OR]
RewriteCond %{HTTP_HOST} ^www\.zeroohm\.ae$
RewriteRule ^/?$ "http\:\/\/www\.zeroohm\.com\/\$1\/" [R=301,L]
# check if url has www or not, add www if not available. if avaiable dont do anything.
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.%{HTTP_HOST}%{REQUEST_URI}/ [R=301,L]
#end
# force incoming traffic coming from HTTP to Https
RewriteCond %{HTTPS} !on$
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#end
#force trainling slash
RewriteBase /
RewriteCond %{REQUEST_URI} !(/$|\.)
RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]
#end of force trailing slash
# 1.To use URL Alias you need to be running apache with mod_rewrite enabled.
# 2. In your opencart directory rename htaccess.txt to .htaccess.
# For any support issues please visit: http://www.opencart.com
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymlinks
Options +SymLinksIfOwnerMatch
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch "\.(tpl|ini|log)">
Order deny,allow
Deny from all
</FilesMatch>
# cache to keep it at client pc
<ifmodule mod_expires.c>
Expiresactive on
# set default
Expiresdefault "access plus 24 hours"
Expiresbytype image/jpg "access plus 1 months"
Expiresbytype image/gif "access plus 1 months"
Expiresbytype image/jpeg "access plus 1 months"
Expiresbytype image/png "access plus 1 months"
Expiresbytype text/css "access plus 1 months"
Expiresbytype text/javascript "access plus 1 months"
Expiresbytype application/javascript "access plus 1 months"
Expiresbytype application/x-shockwave-flash "access plus 1 months"
</ifmodule>
#gzip compression
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
# SEO URL Settings
# If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^download/(.*) /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
#libwww-perl security fix
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule .* ? [F,L]
RewriteCond %{THE_REQUEST} \ /index\.php\?_route_=?([^&\ ]*)
RewriteRule ^ /%1? [R=301,L]
You can keep these rules in your site root .htaccess:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^(?:www\.)?zeroohm\.ae$ [NC]
RewriteRule ^ http://www.zeroohm.com%{REQUEST_URI} [R=301,L,NE]
# check if url has www or not, add www if not available. if avaiable don't do anything.
RewriteCond %{HTTP_HOST} !^www\. [NC,OR]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
#force trailing slash
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !(/$|\.)
RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule [^/]$ %{REQUEST_URI}/ [R=301,L]
#libwww-perl security fix
RewriteCond %{HTTP_USER_AGENT} libwww-perl.*
RewriteRule ^ - [F,L]
RewriteCond %{THE_REQUEST} \ /index\.php\?_route_=?([^&\s]*)
RewriteRule ^ /%1? [R=301,L]
RewriteRule ^sitemap\.xml$ index.php?route=feed/google_sitemap [L,QSA,NC]
RewriteRule ^googlebase\.xml$ index.php?route=feed/google_base [L,QSA,NC]
RewriteRule ^download/ /index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule (.*) index.php?_route_=$0 [L,QSA]
Clear your browser cache before testing this change.

Remove string at end of URL

I can't figure out how to remove the string {jass_domain_name}/jass/jass.js?cb=47 from the end of my URLs using .htaccess. I've looked through a bunch of responses here and tried all of the following - they either crash the site or give me a js error.
RewriteCond %{REQUEST_URI} ^(.*)\{jass_domain_name}​/jass​/jass\.js\?cb=47(.*)$
RewriteRule . %1/%2 [R=301,L]
RewriteCond %{REQUEST_URI} ^(.*)Q\{jass_domain_name}/jass/jass.js?cb=47\E
RewriteRule . %1/%2 [R=301,L]
RewriteCond %{REQUEST_URI} ^/([a-zA-Z0-9_-]+){jass_domain_name}/jass/jass.js?cb=47$
RewriteRule ^(.*) http://www.elearnenglishlanguage.com/blog/%1 [R,L]
RewriteRule ^/(.*)\{(.*) http://www.elearnenglishlanguage.com/blog/$1
Thanks in advance for any advice.
ETA my /blog/.htaccess
RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+(.*?)%7Bjass_domain_name%7D/jass/jass\.js\?cb=47\sHTTP [NC]
RewriteRule ^ /%1? [L,NE,R=302]
#WFIPBLOCKS - Do not remove this line. Disable Web Caching in Wordfence to remove this data.
Order Deny,Allow
Deny from 54.74.250.230
Deny from 54.177.48.98
Deny from 54.177.53.123
Deny from 54.170.232.157
#Do not remove this line. Disable Web Caching in Wordfence to remove this data - WFIPBLOCKS
#WFCACHECODE - Do not remove this line. Disable Web Caching in Wordfence to remove this data.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/html text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/json
<IfModule mod_headers.c>
Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_mime.c>
AddOutputFilter DEFLATE js css htm html xml
</IfModule>
</IfModule>
<IfModule mod_mime.c>
AddType text/html .html_gzip
AddEncoding gzip .html_gzip
AddType text/xml .xml_gzip
AddEncoding gzip .xml_gzip
</IfModule>
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.html_gzip$ no-gzip
SetEnvIfNoCase Request_URI \.xml_gzip$ no-gzip
</IfModule>
<IfModule mod_headers.c>
Header set Vary "Accept-Encoding, Cookie"
</IfModule>
<IfModule mod_rewrite.c>
#Prevents garbled chars in cached files if there is no default charset.
AddDefaultCharset utf-8
#Cache rules:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} on
RewriteRule .* - [E=WRDFNC_HTTPS:_https]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WRDFNC_ENC:_gzip]
RewriteCond %{REQUEST_METHOD} !=POST
RewriteCond %{HTTPS} off
RewriteCond %{QUERY_STRING} ^(?:\d+=\d+)?$
RewriteCond %{REQUEST_URI} (?:\/|\.html)$ [NC]
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher) [NC]
RewriteCond %{REQUEST_URI} \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$
RewriteCond "%{DOCUMENT_ROOT}/blog/wp-content/wfcache/%{HTTP_HOST}_%1/%2~%3~%4~%5~%6_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" -f
RewriteRule \/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)\/*([^\/]*)(.*)$ "/blog/wp-content/wfcache/%{HTTP_HOST}_blog/$1~$2~$3~$4~$5_wfcache%{ENV:WRDFNC_HTTPS}.html%{ENV:WRDFNC_ENC}" [L]
</IfModule>
#Do not remove this line. Disable Web caching in Wordfence to remove this data - WFCACHECODE
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
# END WordPress
# prevent comment posting to requests with no referer
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*elearnenglishlanguage.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://www.elearnenglishlanguage.com/blog/$ [R=301,L]
You can use this rule as very first rule in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+(.*?)%7Bjass_domain_name%7D/jass/jass\.js\?cb=47\sHTTP [NC]
RewriteRule ^ /%1? [L,NE,R=302]

htaccess and GEOIP infinite loop

I wrote this in my htaccess:
GeoIPEnable On
RewriteEngine On
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} PE
RewriteCond %{HTTP_HOST} myweb.com [NC]
RewriteCond %{HTTP_HOST} !es [NC]
RewriteCond %{REQUEST_URI} !^/es/ [NC]
RewriteRule ^(.*)$ /es/$1 [R,L]
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE text/html text/css application/x-javascript
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
I want users from Peru and another countries to be redirected to http://myweb.com/es
But I got an error:
http://myweb.com/es/es/es/es/es/es/es/...s/es/es/es/es/
How can I fix it?
thank you.
Use a negative lookahead regex to avoid redirecting when it is already /es/:
GeoIPEnable On
RewriteEngine On
RewriteCond %{REQUEST_URI} !\.(jpe?g|gif|bmp|png|tiff|css|js)$ [NC]
RewriteCond %{REQUEST_URI} !^/(es/|index\.php) [NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} PE
RewriteCond %{HTTP_HOST} myweb\.com$ [NC]
RewriteCond %{HTTP_HOST} !es [NC]
RewriteRule ^(.*)$ /es/$1 [R,L]

Joomla Sites .htaccess keeps getting hacked

I am running 1.5.25 and somehow a .htaccess file keeps getting created on my root.
ErrorDocument 400 http:// redirected url index.php
ErrorDocument 404 http:// redirected url index.php index.php
ErrorDocument 500 http://redirected url /index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^.*(google|ask|yahoo|baidu|youtube|wikipedia|qq|excite|altavista|msn|netscape|aol|hotbot|goto|infoseek|mamma|alltheweb|lycos|search|metacrawler|bing|dogpile|facebook|twitter|blog|live|myspace|mail|yandex|rambler|ya|aport|linkedin|flickr)\.(.*)
RewriteRule ^(.*)$ http://redirected url index.php [R=301,L]
</IfModule>
I would like to know how to find out who creates this .htaccess file even when deleted. Is there a away to find out which script creates this? Which user creates it?
Anyone who has had this problem before? Is there a way I can create a .htaccess and disable it from being changed. Applying 644 permission setting does not seem to help.
NOTE: I have changed actual redirect URL to redirected url index.php
Erm permissions 644 means the file is writeable - by the owner at least. I don't know how the server is set up and whether the owner is you (the ftp user) or 'nobody' the web server.
Chances are you have either an outdated version of Joomla with a vulnerability or an outdated and vulnerable add-on. Chances are high that someone has used a vulnerability to drop a 'web shell' into your file system. This allows him to connect to the file and provides him with a control panel of options to edit files, upload files, run arbitrary commands.
It could be that another account on the server is compromised and then files within that account reach out and make edits server wide - or at least on any writable files/folders on the server.
You should really get help from a web security expert, but if you wish to try and do the analysis yourself here are a few steps to take.
On the server, you can also search the file system using the 'find' command, to find files changed in the last x days, or last x hours.
You need to take the site offline, contact your host and explain the issue and see what info they can provide. You should download your files and as a first measure run the through a powerful virus scanner (these identify most web shells nowadays).
Search through the files for the following words/patterns - grep or similar are useful for these:
web\s*shell
hacked\s*by
r57
c99
base64_decode
The lines with \s* are regular expressions.
The last one will provide many false positives - examine each file for anything suspicious, files that don't look like Joomla code (obviously requires a bit of familiarity to spot).
Upgrade Joomla and any add-ons that have more up-to-date versions. Start by searching http://exploit-db.com/ for 'joomla' and see if any of your add-ons are listed.
http://www.exploit-db.com/search/?action=search&filter_page=1&filter_exploit_text=joomla&filter_platform=0&filter_type=0&filter_lang_id=0
There are many many other things that can be checked, and probably should be checked - but these are a good starting point - but I do stress that it is best to retain the help of someone who is experienced at this stuff. De-hacking services typically start at £500 and rise to approx £1,000 ($800 - $1600).
When you put the site back live check that
register_globals are off
short open tags are off
Make sure the following functions are disabled via the this disable_functions directive in php.ini
disable_functions=exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source
For a Secured Joomla site you can use below code, just edit your .htaccess file and below ships with full protection for Joomla site. Also It will update your URL using Joomla Core SEF(You have to enable it). Go to Admin panel and update your Mode/ReadWrite of Apache.
You can use below code
RewriteEngine On
DirectoryIndex index.php index.html
IndexIgnore *
Options +FollowSymLinks All -Indexes
FileETag MTime Size
ExpiresActive On
# Default expiration: 1 hour after request
ExpiresDefault "now plus 1 hour"
# CSS and JS expiration: 1 week after request
ExpiresByType text/css "now plus 1 week"
ExpiresByType application/javascript "now plus 1 week"
ExpiresByType application/x-javascript "now plus 1 week"
# Image files expiration: 1 year after request
ExpiresByType image/bmp "now plus 1 year"
ExpiresByType image/gif "now plus 1 year"
ExpiresByType image/jpeg "now plus 1 year"
ExpiresByType image/jp2 "now plus 1 year"
ExpiresByType image/pipeg "now plus 1 year"
ExpiresByType image/png "now plus 1 year"
ExpiresByType image/svg+xml "now plus 1 year"
ExpiresByType image/tiff "now plus 1 year"
ExpiresByType image/vnd.microsoft.icon "now plus 1 year"
ExpiresByType image/x-icon "now plus 1 year"
ExpiresByType image/ico "now plus 1 year"
ExpiresByType image/icon "now plus 1 year"
ExpiresByType text/ico "now plus 1 year"
ExpiresByType application/ico "now plus 1 year"
ExpiresByType image/vnd.wap.wbmp "now plus 1 year"
ExpiresByType application/vnd.wap.wbxml "now plus 1 year"
ExpiresByType application/smil "now plus 1 year"
# Audio files expiration: 1 year after request
ExpiresByType audio/basic "now plus 1 year"
ExpiresByType audio/mid "now plus 1 year"
ExpiresByType audio/midi "now plus 1 year"
ExpiresByType audio/mpeg "now plus 1 year"
ExpiresByType audio/x-aiff "now plus 1 year"
ExpiresByType audio/x-mpegurl "now plus 1 year"
ExpiresByType audio/x-pn-realaudio "now plus 1 year"
ExpiresByType audio/x-wav "now plus 1 year"
# Movie files expiration: 1 year after request
ExpiresByType application/x-shockwave-flash "now plus 1 year"
ExpiresByType x-world/x-vrml "now plus 1 year"
ExpiresByType video/x-msvideo "now plus 1 year"
ExpiresByType video/mpeg "now plus 1 year"
ExpiresByType video/mp4 "now plus 1 year"
ExpiresByType video/quicktime "now plus 1 year"
ExpiresByType video/x-la-asf "now plus 1 year"
ExpiresByType video/x-ms-asf "now plus 1 year"
########## End - Optimal expiration time
########## Begin - block bandwidth hoggers
SetEnvIf user-agent "Indy Library" stayout=1
SetEnvIf user-agent "libwww-perl" stayout=1
SetEnvIf user-agent "Wget" stayout=1
# The following rules are for bandwidth-hogging download tools
SetEnvIf user-agent "Download Demon" stayout=1
SetEnvIf user-agent "GetRight" stayout=1
SetEnvIf user-agent "GetWeb!" stayout=1
SetEnvIf user-agent "Go!Zilla" stayout=1
SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1
SetEnvIf user-agent "GrabNet" stayout=1
SetEnvIf user-agent "TurnitinBot" stayout=1
# This line denies access to all of the above tools
deny from env=stayout
########## End - block bandwidth hoggers
# Compress text, html, javascript, css, xml, kudos to Komra.de
AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript
########## End - Automatic compression of resources
########## Begin - Google Apps redirection, by Sashi
Redirect 301 /mail http://mail.google.com/a/
########## End - Google Apps redirection
########## Begin - Redirect index.php to /
RewriteCond %{THE_REQUEST} ^.*/index\.php$
RewriteRule ^index\.php$ http://www.example.com/ [R,L]
########## End - Redirect index.php to /
########## Begin - Redirect non-www to www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R,L]
########## End - Redirect non-www to www
########## Begin - Redirect www to non-www
## WARNING: Comment out the non-www to www rule if you choose to use this
#RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
#RewriteRule ^(.*)$ http://%1/$1 [R,L]
########## End - Redirect non-www to www
########## Begin - Redirect example.com to www.example.com
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R]
########## End - Redirect example.com to www.example.com
########## Begin - Force HTTPS for certain pages
RewriteCond %{HTTPS} ^off$ [NC]
RewriteRule ^foobar\.html$ https://www.example.com/foobar.html [L,R]
# Add mode rules below this line
########## Block bad user agents
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot#yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
## Note: The final RewriteCond must NOT use the [OR] flag.
## Return 403 Forbidden error.
RewriteRule .* - [F]
ServerSignature Off
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} (\\r|\\n|%0A|%0D) [NC,OR]
RewriteCond %{HTTP_REFERER} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_COOKIE} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999} [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (libwww-perl|curl|wget|python|nikto|scan) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
#Block mySQL injects
RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
# Note: The final RewriteCond must NOT use the [OR] flag.
# Return 403 Forbidden error.
RewriteRule .* index.php [F]
########## Begin - File injection protection
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]\=http:\/\/(.*)
RewriteRule ^(.*)$ - [F,L]
########## End
## Allow UddeIM CAPTCHA
RewriteRule ^(components/com_uddeim/captcha15\.php)$ $1 [L]
## Allow Phil Taylor's Turbo Gears
RewriteRule ^(plugins/system/GoogleGears/gears-manifest\.php) $1 [L]
## Allow JoomlaWorks AllVideos
RewriteRule ^(plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php) $1 [L]
# Add more rules to single PHP files here
## Allow Agora attachments, but not PHP files in that directory!
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} !(\.php)$
RewriteRule ^(components/com_agora/img/members/.*) $1 [L]
# Add more rules for allowing full access (except PHP files) on more directories here
## Uncomment to allow full access to the cache directory (strongly not recommended!)
#RewriteRule ^(cache/.*)$ $1 [L]
## Uncomment to allow full access to the tmp directory (strongly not recommended!)
#RewriteRule ^(tmp/.*)$ $1 [L]
# Add more full access rules here
########## End - Advanced server protection rules exceptions ####
RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{HTTP_REFERER} !^http://www\.example\.com [NC]
RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L]
## Disallow visual fingerprinting of Joomla! sites (module position dump)
RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC]
RewriteRule ^(.*)$ $1 [L]
RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR]
RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR]
RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC]
RewriteRule ^(.*)$ - [F,L]
## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
## your PHP version). See http://www.0php.com/php_easter_egg.php and
## http://osvdb.org/12184 for more information
RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC]
RewriteRule ^(.*)$ - [F,L]
## Back-end protection
## This also blocks fingerprinting attacks browsing for XML and INI files
RewriteRule ^(administrator[/]?)$ administrator/index.php [L]
RewriteRule ^(administrator/index.htm[l]?)$ $1 [L]
RewriteRule ^(administrator/index.php)$ $1 [L]
RewriteRule ^(administrator/index[2,3].php)$ $1 [L]
RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L]
RewriteRule ^administrator/(.*)$ - [F,L]
## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory
RewriteRule ^(xmlrpc/index\.php)$ $1 [L]
RewriteRule ^xmlrpc/(.*)$ - [F,L]
## Disallow front-end access for certain Joomla! system directories
RewriteRule ^(includes/js/.*)$ $1 [L]
RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L]
## Allow limited access for certain Joomla! system directories with client-accessible content
RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L]
RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L]
RewriteRule ^(templates/.*\.php)$ $1 [L]
RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L]
## Disallow access to htaccess.txt and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L]
## SQLi first line of defense
## May cause problems on legitimate requests
RewriteCond %{QUERY_STRING} concat.*\( [NC,OR]
RewriteCond %{QUERY_STRING} union.*select.*\( [NC,OR]
RewriteCond %{QUERY_STRING} union.*all.*select.* [NC]
RewriteRule ^(.*)$ - [F,L]
########## End - Advanced server protection
########## Begin - Basic antispam Filter
## I removed some common words, tweak to your liking
RewriteCond %{query_string} \bviagra\b [NC,OR]
RewriteCond %{query_string} \bambien\b [NC,OR]
RewriteCond %{query_string} \bblue\spill\b [NC,OR]
RewriteCond %{query_string} \bcialis\b [NC,OR]
RewriteCond %{query_string} \bcocaine\b [NC,OR]
RewriteCond %{query_string} \bejaculation\b [NC,OR]
RewriteCond %{query_string} \berectile\b [NC,OR]
RewriteCond %{query_string} \berections\b [NC,OR]
RewriteCond %{query_string} \bhoodia\b [NC,OR]
RewriteCond %{query_string} \bhuronriveracres\b [NC,OR]
RewriteCond %{query_string} \bimpotence\b [NC,OR]
RewriteCond %{query_string} \blevitra\b [NC,OR]
RewriteCond %{query_string} \blibido\b [NC,OR]
RewriteCond %{query_string} \blipitor\b [NC,OR]
RewriteCond %{query_string} \bphentermin\b [NC,OR]
RewriteCond %{query_string} \bprosac\b [NC,OR]
RewriteCond %{query_string} \bsandyauer\b [NC,OR]
RewriteCond %{query_string} \btramadol\b [NC,OR]
RewriteCond %{query_string} \btroyhamby\b [NC,OR]
RewriteCond %{query_string} \bultram\b [NC,OR]
RewriteCond %{query_string} \bunicauca\b [NC,OR]
RewriteCond %{query_string} \bvalium\b [NC,OR]
RewriteCond %{query_string} \bviagra\b [NC,OR]
RewriteCond %{query_string} \bvicodin\b [NC,OR]
RewriteCond %{query_string} \bxanax\b [NC,OR]
RewriteCond %{query_string} \bypxaieo\b [NC]
RewriteRule ^(.*)$ - [F,L]
########## End - Basic antispam Filter
########## Begin - Joomla! core SEF Section
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|\.ini|\.zip|\.json|/[^.]*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*) index.php [L]
#
########## End - Joomla! core SEF Section
You can use below code for your .htaccess file
## Disallow access to htaccess.txt and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L]
Below are few more setting for a secure .htaccess file
########## End - Advanced server protection rules exceptions ####
RewriteRule ^(images/stories/*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{HTTP_REFERER} !^http://www\.xxx\.com [NC]
RewriteRule \.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|ico|htm[l]?)$ - [F,L]
## Disallow visual fingerprinting of Joomla! sites (module position dump)
RewriteCond %{QUERY_STRING} (^|&)tmpl=component [NC]
RewriteRule ^(.*)$ $1 [L]
RewriteCond %{QUERY_STRING} (^|&)tp= [NC,OR]
RewriteCond %{QUERY_STRING} (^|&)template= [NC,OR]
RewriteCond %{QUERY_STRING} (^|&)tmpl= [NC]
RewriteRule ^(.*)$ - [F,L]
## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
## your PHP version). See http://www.0php.com/php_easter_egg.php and
## http://osvdb.org/12184 for more information
RewriteCond %{QUERY_STRING} =PHP[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12} [NC]
RewriteRule ^(.*)$ - [F,L]
## Back-end protection
## This also blocks fingerprinting attacks browsing for XML and INI files
RewriteRule ^(administrator[/]?)$ administrator/index.php [L]
RewriteRule ^(administrator/index.htm[l]?)$ $1 [L]
RewriteRule ^(administrator/index.php)$ $1 [L]
RewriteRule ^(administrator/index[2,3].php)$ $1 [L]
RewriteRule ^(administrator/(components|modules|templates|images|plugins)/.*\.(jpe[g,2]?|jpg|png|gif|bmp|css|js|swf|htm[l]?))$ $1 [L]
RewriteRule ^administrator/(.*)$ - [F,L]
## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory
RewriteRule ^(xmlrpc/index\.php)$ $1 [L]
RewriteRule ^xmlrpc/(.*)$ - [F,L]
## Disallow front-end access for certain Joomla! system directories
RewriteRule ^(includes/js/.*)$ $1 [L]
RewriteRule ^(cache|includes|language|libraries|logs|tmp)/.*$ - [F,L]
## Allow limited access for certain Joomla! system directories with client-accessible content
RewriteRule ^((components|modules|plugins|templates)/.*\.(jp[g,2,eg]?|png|gif|bmp|css|js|swf|ico|htm[l]?))$ $1 [L]
RewriteRule ^((components|modules|plugins|templates)/.*index\.php(.*))$ $1 [L]
RewriteRule ^(templates/.*\.php)$ $1 [L]
RewriteRule ^(components|modules|plugins|templates)/.*$ - [F,L]
## Disallow access to htaccess.txt and configuration.php-dist
RewriteRule ^(htaccess\.txt|configuration\.php-dist)$ - [F,L]
## SQLi first line of defense
## May cause problems on legitimate requests
RewriteCond %{QUERY_STRING} concat.*\( [NC,OR]
RewriteCond %{QUERY_STRING} union.*select.*\( [NC,OR]
RewriteCond %{QUERY_STRING} union.*all.*select.* [NC]
RewriteRule ^(.*)$ - [F,L]
########## End - Advanced server protection
I had a serious problem with someone hacking into my .htaccess file and my only solution was to make the file unhackable. First, I cleaned up the .htaccess file and any PHP files of all hacks. Then I changed the file permissions to 444 (644 still allows access) on the .htaccess file. Then I used the shell access to my account to make the file "immutable", which means it cannot be changed!
When you have shell access to your account on your Linux server,
enter the following: # chattr +i .htaccess
Now, even those with root access cannot change the file!
It you need to undo this, enter: # chattr -i .htaccess
If you do not have shell access to your account, ask your web host about entering this for you to make the file immutable.
For non-Linux accounts, just enter "making file immutable" into Google or Bing for your type of web server. This should give you the information you need.
Maybe a good first check is to see if there are any cronjobs who do this (crontab -l). Some hosting panels have cleanup actions and only allow modification of the .htaccess by using their UI (so it gets stored in a database first).
This might get you underway as well; http://www.infoq.com/articles/inotify-linux-file-system-event-monitoring

modified .htaccess file doesn't block bad user agents with RewriteCond

I found this modified .htaccess settings for extra security, but it doesn't seem to work. Here it is :
# Apache configuration file
# httpd.apache.org/docs/2.2/mod/quickreference.html
# Techniques in here adapted from all over,
# including Kroc Camen: camendesign.com/.htaccess
ServerSignature Off
# you probably want www.example.com to forward to example.com -- shorter URLs are sexier.
# no-www.org/faq.php?q=class_b
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{HTTP_COOKIE} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999}.* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|scan).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.[A-Za-z0-9].* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(<|>|’|%0A|%0D|%27|%3C|%3E|%00).* [NC]
########## Begin – Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
## Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
########### End – Rewrite rules to block out some common exploits
########## Block bad user agents
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot#yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule .* - [F]
# Force the latest IE version, in various cases when it may fall back to IE7 mode
# github.com/rails/rails/commit/123eb25#commitcomment-118920
# Use ChromeFrame if it's installed for a better experience for the poor IE folk
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
</IfModule>
</IfModule>
# hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
# Disabled. Uncomment to serve cross-domain ajax requests
#<IfModule mod_headers.c>
# Header set Access-Control-Allow-Origin "*"
#</IfModule>
# allow access from all domains for webfonts
# alternatively you could only whitelist
# your subdomains like "sub.domain.com"
<FilesMatch "\.(ttf|otf|eot|woff|font.css)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>
# video
AddType video/ogg ogg ogv
AddType video/mp4 mp4
AddType video/webm webm
# Proper svg serving. Required for svg webfonts on iPad
# twitter.com/FontSquirrel/status/14855840545
AddType image/svg+xml svg svgz
# webfonts
AddType application/vnd.ms-fontobject eot
AddType font/ttf ttf
AddType font/otf otf
AddType font/x-woff woff
AddType text/cache-manifest manifest
# allow concatenation from within specific js and css files
# e.g. Inside of script.combined.js you could have
# <!--#include file="jquery-1.4.2.js" -->
# <!--#include file="jquery.idletimer.js" -->
# and they would be included into this single file
# this is not in use in the boilerplate as it stands. you may
# choose to name your files in this way for this advantage
# or concatenate and minify them manually.
# Disabled by default.
# <FilesMatch "\.combined\.(js|css)$">
# Options +IncludesNOEXEC
# SetOutputFilter INCLUDES
# </FilesMatch>
# gzip compression.
<IfModule mod_deflate.c>
# html, xml, css, and js:
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/x-javascript text/javascript application/javascript application/json
# webfonts and svg:
<FilesMatch "\.(ttf|otf|eot|svg)$" >
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
# these are pretty far-future expires headers
# they assume you control versioning with cachebusting query params like
# <script src="application.js?20100608">
# additionally, consider that outdated proxies may miscache
# www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
# if you don't use filenames to version, lower the css and js to something like
# "access plus 1 week" or so
<IfModule mod_expires.c>
Header set cache-control: public
ExpiresActive on
# Perhaps better to whitelist expires rules? Perhaps.
ExpiresDefault "access plus 1 month"
# cache.manifest needs re-reqeusts in FF 3.6 (thx Remy ~Introducing HTML5)
ExpiresByType text/cache-manifest "access plus 0 seconds"
# your document html
ExpiresByType text/html "access"
# rss feed
ExpiresByType application/rss+xml "access plus 1 hour"
# favicon (cannot be renamed)
ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
# media: images, video, audio
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType video/ogg "access plus 1 month"
ExpiresByType audio/ogg "access plus 1 month"
ExpiresByType video/mp4 "access plus 1 month"
# webfonts
ExpiresByType font/ttf "access plus 1 month"
ExpiresByType font/woff "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
# css and javascript
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
</IfModule>
# Since we're sending far-future expires, we don't need ETags for
# static content.
# developer.yahoo.com/performance/rules.html#etags
FileETag None
# Allow cookies to be set from iframes (for IE only)
# If needed, uncomment and specify a path or regex in the Location directive
# <IfModule mod_headers.c>
# <Location />
# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\""
# </Location>
# </IfModule>
# without -MultiViews, Apache will give a 404 for a rewrite if a folder of the same name does not exist (e.g. “/blog/hello”)
# webmasterworld.com/apache/3808792.htm
Options -MultiViews
# -Indexes will have Apache block users from browsing folders without a default document
Options -Indexes
# custom 404 page
ErrorDocument 404 /intro.php
# use utf-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8
# force utf-8 for a number of file formats
AddCharset utf-8 .html .css .js .xml .json .rss .php
I used
echo $_SERVER['HTTP_USER_AGENT'];
And switched my user agent so it displays ChinaClaw, a bad user agent. I thought I would get a error messages and not be able to display the page?
Check the way you combine the conditions in RewriteCond. Implicitly consecutive conditions are combined with logical AND and the OR flag turns that combination into a logical OR combination.

Resources