-
Notifications
You must be signed in to change notification settings - Fork 1
/
.htaccess
39 lines (27 loc) · 1.31 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
## Credits due to http://www.queness.com/post/5421/17-useful-htaccess-tricks-and-tips ##
# Block access to these filetypes
<FilesMatch ".(htaccess|htpasswd|ini|db|log|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# 404 = Not Found - Therefore redirect to GitHub page
ErrorDocument 404 http://github.com/jonathanlking/Instagram-Printer-Server
ErrorDocument 403 http://github.com/jonathanlking/Instagram-Printer-Server
# Disable directory browsing
Options All -Indexes
# Prevent basic hacks
RewriteEngine On
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]