###########################################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
###########################################################################
php_flag "allow_url_fopen" "On"
php_flag "allow_url_include" "On"
php_value magic_quotes_gpc "1"
php_value register_globals "0"
######################################################
################################## Errors #################################
#ErrorDocument 301 /error/301-moved_permanently.html
#ErrorDocument 302 /error/302-moved_temporarily.html
#ErrorDocument 303 /error/303-see_other.html
#ErrorDocument 400 /error/400-bad_request.html
ErrorDocument 401 /error/401-authorization_required.html
#ErrorDocument 402 /error/402-payment_required.html
ErrorDocument 403 /error/403-forbidden.html
ErrorDocument 404 /error/404-not_found.html
#ErrorDocument 405 /error/405-method_not_allowed.html
#ErrorDocument 406 /error/406-not_acceptable.html
#ErrorDocument 407 /error/407-proxy_authentication_required.html
ErrorDocument 408 /error/408-request_timed_out.html
#ErrorDocument 409 /error/409-conflicting_request.html
#ErrorDocument 410 /error/410-gone.html
#ErrorDocument 411 /error/411-content_length_required.html
#ErrorDocument 412 /error/412-precondition_failed.html
#ErrorDocument 413 /error/413-request_entity_too_long.html
#ErrorDocument 414 /error/414-request_uri_too_long.html
#ErrorDocument 415 /error/415-unsupported_media_type.html
ErrorDocument 500 /error/500-internal_server_error.html
#ErrorDocument 501 /error/501-not_implemented.html
#ErrorDocument 502 /error/502-bad_gateway.html
ErrorDocument 503 /error/503-service_unavailable.html
#ErrorDocument 504 /error/504-gateway_timeout.html
#ErrorDocument 505 /error/505-http_version_not_supported.html
#############################################################################
############### PROTECTION FORTE HTACCESS####################################
order deny,allow
deny from all
satisfy all
order deny,allow
deny from all
allow from "My IP"
########### PROTECTION FICHIERS PAR EXTENSIONS ##############################
# AJOUTEZ CELLES QUE VOUS SOUHAITEZ SI BESOIN
order deny,allow
deny from all
allow from "My IP"
################# PROTECTION FICHIERS UNIQUE#################################
order deny,allow
deny from all
allow from "My IP"
############## USER AGENTS###################################################
SetEnvIfNoCase User-Agent "libwww" keep_out
SetEnvIfNoCase User-Agent "DotBot" keep_out
SetEnvIfNoCase User-Agent "Nutch" keep_out
SetEnvIfNoCase User-Agent "cr4nk" keep_out
Order Allow,Deny
Allow from all
Deny from env=keep_out
## LIMITE TAILLE UPLOAD POST CONTRE LES ATTAQUES DOS
# PAR DEFAUT A 1MO (1024000 = 1Mo)
# ATTENTION SI ACTIF, PEU GENERER UNE ERREUR 500 SELON VOTRE HEBERGEMENT
#bytes, 0-2147483647(2GB)
#LimitRequestBody 1024000 # 1Mo
#############################################################################
# ESSENTIELS
# mod_rewrite in use
RewriteEngine On
ServerSignature Off
Options All -Indexes
#Can be commented out if causes errors, see notes above######################
Options +FollowSymLinks
# FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
# QUERY STRING EXPLOITS #####################################################
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|'|"|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3D|%3E|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(select|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
# CHARACTER STRINGS #########################################################
# BASIC CHARACTERS
#RedirectMatch 403 \,
#RedirectMatch 403 \:
RedirectMatch 403 \;
RedirectMatch 403 \=
RedirectMatch 403 \@
RedirectMatch 403 \[
RedirectMatch 403 \]
RedirectMatch 403 \^
RedirectMatch 403 \`
RedirectMatch 403 \{
RedirectMatch 403 \}
RedirectMatch 403 \~
RedirectMatch 403 \"
RedirectMatch 403 \$
RedirectMatch 403 \<
RedirectMatch 403 \>
RedirectMatch 403 \|
RedirectMatch 403 \.\.
RedirectMatch 403 \/\/
RedirectMatch 403 \%0
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D
# COMMON PATTERNS
RedirectMatch 404 wp\_
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
#RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
#RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
########## Begin - Rewrite rules to block out some common exploits###########
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a