mirror/php-monstra
1
0
Fork 0
mirror of https://github.com/monstra-cms/monstra.git synced 2025-08-13 08:34:36 +02:00
Code Issues Releases Wiki Activity

Improve Monstra Security #369

Browse Source
This commit is contained in:
Awilum
2015-11-07 01:41:57 +03:00
parent 5b41adfd28
commit e5241f6a5f
1 changed files with 40 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
.htaccess
View File

@@ -1,13 +1,15 @@
#
# Monstra :: php & apache settings
# This file is part of the Monstra.
#
# (c) Romanenko Sergey / Awilum <awilum@msn.com>
#
# For the full copyright and license information, please view the LICENSE
# file that was distributed with this source code.
#
# Set default charset utf-8
AddDefaultCharset UTF-8
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
@@ -15,20 +17,47 @@ Options -Indexes
php_flag register_globals off
</IfModule>
# Setting rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Update code bellow for SEO improvements
# RewriteCond %{HTTP_HOST} ^www.example.org [NC]
# RewriteRule ^(.*)$ http://example.org/$1 [R=301,L]
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Monstra
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Rewrite rules for Monstra
RewriteBase /%siteurlhere%/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
## End - Rewrite rules for Monstra
## Begin - Rewrite rules for SEO improvements.
# RewriteCond %{HTTP_HOST} ^www.example.org [NC]
# RewriteRule ^(.*)$ http://example.org/$1 [R=301,L]
# Redirect 301 /index http://example.org/
## End - Rewrite rules for SEO improvements.
# Update code bellow for SEO improvements
# Redirect 301 /home http://example.org/
</IfModule>
# Prevent visitors from viewing files directly.
<FilesMatch "(^#.*#|\.(md|txt|html|tpl|yml|yaml)|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes