.htaccess firewall

[galaxyAbstractor]

This is a small .htaccess firewall to protect your site from hackers:

Code:

RewriteEngine On

Options +FollowSymLinks



ServerSignature Off



RewriteCond %{REQUEST_METHOD}  ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]

RewriteCond %{HTTP_REFERER}    ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]

RewriteCond %{REQUEST_URI}     ^/(,|;|<|>|/{2,999}).* [NC,OR]



RewriteCond %{HTTP_USER_AGENT} ^$ [OR]

RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(libwww|curl|wget|python|nikto|scan).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]



RewriteCond %{HTTP_COOKIE}     ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]

RewriteCond %{QUERY_STRING}    ^.*(;|'|").*(union|select|insert|declare|drop|update|md5|benchmark).* [NC,OR]

RewriteCond %{QUERY_STRING}    ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]



RewriteCond %{QUERY_STRING}    ^.*\.[A-Za-z0-9].* [NC,OR] # prevents shell injection

RewriteCond %{QUERY_STRING}    ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]



RewriteRule ^(.*)$ index.php # better yet: send them to a fail-safe page, like error.php

Source:
http://www.0x000000.com/?i=558

http://jagf.net/blog/programming/website-firewall/

[bigjoe4]

I am interrested in this, can I just replace my existing htaccess with this or will that mess stuff up? have you tried it yourself?

[galaxyAbstractor]

I am interrested in this, can I just replace my existing htaccess with this or will that mess stuff up? have you tried it yourself?

Put it in the end of your .htaccess. No I haven't had time to try it

[LHVWB]

Maybe you should put this into the tutorials section? It would probably make a good tutorial. ;)

[TechAsh]

I have tested it on my site. The only problem I've noticed is that it blocks "." in the query string, and this can cause problems with some scripts that use this. I just commented that bit out of the .htaccess file any it still works.

I haven't tried to hack my site with this firewall in place to see how effective it is, and I'm not going to, but I think it will stop some attempts.

[Sohail]

Yeah i'll move this to the tuorials section now... This is a great script, but don't you have to place this in the .htaccess file of everyday directory as I think that if you were to put it in you main directory it would only work for that directory and not any subs?

[TechAsh]

This is a great script, but don't you have to place this in the .htaccess file of everyday directory as I think that if you were to put it in you main directory it would only work for that directory and not any subs?

No. If you place it in the main directory, it will work for all sub-directories as well.

[LHVWB]

Just a question, I haven't done much working with securing websites, so how safe is this method when compared to other methods?

[sunils]

But i tried this. It just showed my pages cannot be displayed. I tried in my local server.

[galaxyAbstractor]

Just a question, I haven't done much working with securing websites, so how safe is this method when compared to other methods?

I don't belive it stops everything but I think it stops the n00b hackers that just learnt how to hack