.htaccess firewall

galaxyAbstractor · May 3, 2008

This is a small .htaccess firewall to protect your site from hackers:

Code:

RewriteEngine On

Options +FollowSymLinks



ServerSignature Off



RewriteCond %{REQUEST_METHOD}  ^(HEAD|TRACE|DELETE|TRACK) [NC,OR]

RewriteCond %{HTTP_REFERER}    ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]

RewriteCond %{REQUEST_URI}     ^/(,|;|<|>|/{2,999}).* [NC,OR]



RewriteCond %{HTTP_USER_AGENT} ^$ [OR]

RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(libwww|curl|wget|python|nikto|scan).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]



RewriteCond %{HTTP_COOKIE}     ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]

RewriteCond %{QUERY_STRING}    ^.*(;|'|").*(union|select|insert|declare|drop|update|md5|benchmark).* [NC,OR]

RewriteCond %{QUERY_STRING}    ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR]



RewriteCond %{QUERY_STRING}    ^.*\.[A-Za-z0-9].* [NC,OR] # prevents shell injection

RewriteCond %{QUERY_STRING}    ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]



RewriteRule ^(.*)$ index.php # better yet: send them to a fail-safe page, like error.php

Source:
http://www.0x000000.com/?i=558

http://jagf.net/blog/programming/website-firewall/

bigjoe4 · May 26, 2008

I am interrested in this, can I just replace my existing htaccess with this or will that mess stuff up? have you tried it yourself?

galaxyAbstractor · May 26, 2008

bigjoe4 said:
I am interrested in this, can I just replace my existing htaccess with this or will that mess stuff up? have you tried it yourself?

Put it in the end of your .htaccess. No I haven't had time to try it

LHVWB · May 28, 2008

Maybe you should put this into the tutorials section? It would probably make a good tutorial.

TechAsh · May 28, 2008

I have tested it on my site. The only problem I've noticed is that it blocks "." in the query string, and this can cause problems with some scripts that use this. I just commented that bit out of the .htaccess file any it still works.

I haven't tried to hack my site with this firewall in place to see how effective it is, and I'm not going to, but I think it will stop some attempts.

Sohail · May 28, 2008

Yeah i'll move this to the tuorials section now... This is a great script, but don't you have to place this in the .htaccess file of everyday directory as I think that if you were to put it in you main directory it would only work for that directory and not any subs?

TechAsh · May 28, 2008

This is a great script, but don't you have to place this in the .htaccess file of everyday directory as I think that if you were to put it in you main directory it would only work for that directory and not any subs?

No. If you place it in the main directory, it will work for all sub-directories as well.

LHVWB · May 28, 2008

Just a question, I haven't done much working with securing websites, so how safe is this method when compared to other methods?

sunils · May 28, 2008

But i tried this. It just showed my pages cannot be displayed. I tried in my local server.

galaxyAbstractor · May 28, 2008

verbsite said:
Just a question, I haven't done much working with securing websites, so how safe is this method when compared to other methods?

I don't belive it stops everything but I think it stops the n00b hackers that just learnt how to hack

bigjoe4 · May 28, 2008

vigge_sWe said:
I don't belive it stops everything but I think it stops the n00b hackers that just learnt how to hack

lol

.htaccess firewall

galaxyAbstractor

Community Advocate

bigjoe4

New Member

galaxyAbstractor

Community Advocate

LHVWB

New Member

TechAsh

Retired

Sohail

Active Member

TechAsh

Retired

LHVWB

New Member

sunils

New Member

galaxyAbstractor

Community Advocate

bigjoe4

New Member

Free Web Hosting

Our Community

Legal