mirror of
https://github.com/e107inc/e107.git
synced 2025-07-31 20:00:37 +02:00
A few more security-related entries added.
This commit is contained in:
@@ -7,38 +7,49 @@
|
||||
ErrorDocument 500 /error.php?500
|
||||
</FilesMatch>
|
||||
|
||||
### Performance
|
||||
AddDefaultCharset utf-8
|
||||
|
||||
### Security
|
||||
ServerSignature Off
|
||||
|
||||
# secure htaccess file
|
||||
<Files .htaccess>
|
||||
order allow,deny
|
||||
deny from all
|
||||
order allow,deny
|
||||
deny from all
|
||||
</Files>
|
||||
|
||||
# protect e107_config.php
|
||||
<Files e107_config.php>
|
||||
order allow,deny
|
||||
deny from all
|
||||
order allow,deny
|
||||
deny from all
|
||||
</Files>
|
||||
|
||||
# Block Bad Bots
|
||||
# SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
|
||||
# SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
|
||||
# Deny from env=HTTP_SAFE_BADBOT
|
||||
|
||||
### Block Bad Bots
|
||||
SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
|
||||
SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
|
||||
Deny from env=HTTP_SAFE_BADBOT
|
||||
|
||||
# Disable directory browsing
|
||||
Options All -Indexes
|
||||
### Disable directory listing
|
||||
Options All -Indexes
|
||||
|
||||
# limit file uploads to 10mb
|
||||
# LimitRequestBody 10240000
|
||||
### limit file uploads to 10mb
|
||||
### LimitRequestBody 10240000
|
||||
|
||||
<IfModule mod_rewrite.c>
|
||||
### enable rewrites
|
||||
Options +FollowSymLinks
|
||||
RewriteEngine On
|
||||
|
||||
|
||||
### Set this to your e107 site root, path relative to web root
|
||||
### Uncomment it in case your server isn't able to rewrite proper
|
||||
#RewriteBase /
|
||||
|
||||
### Allow only GET and POST methods
|
||||
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)
|
||||
RewriteRule .* - [F]
|
||||
|
||||
### send 404 on missing files in these folders
|
||||
RewriteCond %{REQUEST_URI} !^/(e107_images|e107_files)/
|
||||
|
Reference in New Issue
Block a user