Code Snippet > Apache

Using htaccess to Prevent Hacking

If you want to increase the security level of your website, you can chuck these few lines of codes to prevent some common hacking techniques by detecting malicious URL patterns.

Apache

RewriteEngine On
 
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
 
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
 
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
 
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
 
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
 
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
 
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

Source: http://forum.joomla.org/viewtopic.php?p=2193205

AdvertisementYou can get our complete HP0-Y30 dumps exam pass resources including our latest JK0-016 and 640-816 training courses. 70-685 and testking 642-262 are also playing vital role in IT world.