1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:19 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Condensing htaccess file

         

kmonroe

3:46 pm on Jul 22, 2010 (gmt 0)

10+ Year Member



How can I condense this htaccess file? 

Order Allow,Deny
##-##
Allow from all

Redirect 301 /music/canakkale.mp3 http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.8/scripts/setup.php http://www.domain101.com/
Redirect 301 /PMA/scripts/setup.php http://www.domain101.com/
Redirect 301 /PMA2005/scripts/setup.php http://www.domain101.com/
Redirect 301 /admin/mysql/scripts/setup.php http://www.domain101.com/
Redirect 301 /admin/phpmyadmin/scripts/setup.php http://www.domain101.com/
Redirect 301 /noxdir/nosuichfile.php http://www.domain101.com/
Redirect 301 /nosuichfile.php http://www.domain101.com/
Redirect 301 /admin/scripts/setup.php http://www.domain101.com/
Redirect 301 /mysqlmanager/scripts/setup.php http://www.domain101.com/
Redirect 301 /p/m/a/scripts/setup.php http://www.domain101.com/
Redirect 301 /myadmin/scripts/setup.php http://www.domain101.com/
Redirect 301 /dbadmin/scripts/setup.php http://www.domain101.com/
Redirect 301 /mysql/scripts/setup.php http://www.domain101.com/
Redirect 301 /db/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.10.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /admin/pma/scripts/setup.php http://www.domain101.com/
Redirect 301 /mysqladmin/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyA/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.5/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.6/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /php-my-admin/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /php-myadmin/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.2.6/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.8/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.7/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.9/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.5/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.7/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.6/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.8/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.4.9/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.5-pl1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.3-pl1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.4-pl3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.3-rc1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.4-pl2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.4-pl1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.4-pl4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.7/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.0-beta1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.0-pl1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.5/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.6/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.4-rc1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.9/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.5/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.0-pl2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.6/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.7/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.0-rc1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0-rc2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0.2/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.8/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0-rc1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0.1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.7.9/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0-beta1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /webadmin/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpmyad-sys/scripts/setup.php http://www.domain101.com/
Redirect 301 /mysql-admin/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmi/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.10/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.6/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.7/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.9/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.11.8/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.2.3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.3.5/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.5-rc1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.0-beta/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.5.7/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.0-alpha/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.0-rc3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.6.2-beta1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8./scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.0/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.5/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.9./scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-2.8.4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAds/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-4/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-3/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin-/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpMyAdmin1/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpm/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpmanager/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpmy-admin/scripts/setup.php http://www.domain101.com/
Redirect 301 /phpmyad/scripts/setup.php http://www.domain101.com/

<Files .htaccess>
order allow,deny
deny from all
</Files>

<Files .htpasswd>
order allow,deny
deny from all
</Files>

ErrorDocument 400 /errorpage.php
ErrorDocument 401 /errorpage.php
ErrorDocument 403 /errorpage.php
ErrorDocument 404 /errorpage.php
ErrorDocument 500 /errorpage.php


Options +FollowSymLinks
RewriteEngine on
RewriteBase /


# index.php to /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.php\ HTTP/
RewriteRule ^(.*)index\.php$ /$1 [R=301,L]




RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|compal|elaine|fennec|hiptop|ip(hone|od)|iris|kindle|lge\ |maemo|midp|mmp|mobile|o2|opera\ mini|palm(\ os)?|plucker|pocket|pre\/|psp|smartphone|symbian|treo|up\.(browser|link)|vodafone|wap|windows\ ce;\ (iemobile|ppc)|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a\ wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r\ |s\ )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1\ u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp(\ i|ip)|hs\-c|ht(c(\-|\ |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac(\ |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt(\ |\/)|klon|kpt\ |kwc\-|kyo(c|k)|le(no|xi)|lg(\ g|\/(k|l|u)|50|54|e\-|e\/|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(di|rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-|\ |o|v)|zz)|mt(50|p1|v\ )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v\ )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-|\ )|webc|whit|wi(g\ |nc|nw)|wmlb|wonu|x700|xda(\-|2|g)|yas\-|your|zeto|zte\-) [NC]
RewriteRule ^$ http://www.domain101.com/mobile [R,L]

# this ruleset is to "stop" stupid attempts to use MS IIS expolits on us
# NIMDA
RewriteCond %{REQUEST_URI} /(cmd¦root¦shell)\.exe$[NC,OR]
RewriteCond %{REQUEST_URI} /(admin¦httpodbc)\.dll$[NC]
RewriteRule .* /cgi-bin/nonimda.cmd [L,E=HTTP_USER_AGENT:NIMDA_EXPLOIT,T=application/x-httpd-cgi]

# CODERED
RewriteCond %{REQUEST_URI} /default\.(ida¦idq)$[NC,OR]
RewriteCond %{REQUEST_URI} /.*\.printer$[NC]
RewriteRule .* /cgi-bin/nocode-r.cmd [L,E=HTTP_USER_AGENT:CODERED_EXPLOIT,T=application/x-httpd-cgi]

# this ruleset is for formmail script abusers...
RewriteCond %{REQUEST_URI} formmail\.(pl¦cgi)$[NC,OR]
RewriteCond %{REQUEST_URI} mailto\.(exe¦cgi)$[NC]
RewriteRule .* /cgi-bin/nofrmml.cmd [L,E=HTTP_USER_AGENT:FORMMAIL_EXPLOIT,T=application/x-httpd-cgi]

# Cyveillance is a spybot that scours the web for copyright violations and “damaging information” on
# behalf of clients such as the RIAA and MPAA. Their robot spoofs its User-Agent to look like Internet
# Explorer, and it completely ignores robots.txt. I have
# banned it by IP address.
RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]¦[3-4][0-9]¦5[0-5])$"
RewriteRule .* - [F]

# There is another email harvester which always claims to be referred from http://www.iaea.org/.
# You may have seen this in your own referrer pages.
# I have banned it by referrer.
RewriteCond %{HTTP_REFERER} iaea\.org[NC]
RewriteRule .* - [F]

# NameProtect peddles their “online brand monitoring” to unsuspecting and gullible companies
# looking for people to sue. Despite the claims on their robot information page, they do not
# respect robots.txt; in fact, they spoof their User-Agent in multiple ways to avoid detection.
# I have banned them by User-Agent and IP address.
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]¦1[3-9][0-9]¦2[0-4][0-9]¦25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]¦2[0-4][0-9]¦25[0-5])$ [OR]
RewriteCond %{HTTP_USER_AGENT} NPBot[NC]
RewriteRule .* - [F]

# this ruleset is for unwanted useragents... possibly email harvesters

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] 
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] 
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] 
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] 
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] 
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] 
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus 
RewriteRule ^.* - [F,L]
RewriteCond %{HTTP_USER_AGENT} ^[A-Z]+$[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.Browse\s[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.Eval[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.Surf [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*Harvest [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*LWP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*prospector[NC,OR]
RewriteCond %{HTTP_USER_AGENT} AsiaNetBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ASSORT [NC,OR]
RewriteCond %{HTTP_USER_AGENT} attache [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ATHENS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} autohttp [NC,OR]
RewriteCond %{HTTP_USER_AGENT} bew [NC,OR]
RewriteCond %{HTTP_USER_AGENT} BlackWidow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Bot\ mailto:craftbot@yahoo.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Bullseye [NC,OR]
RewriteCond %{HTTP_USER_AGENT} CherryPicker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ChinaClaw[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Crescent [NC,OR]
RewriteCond %{HTTP_USER_AGENT} curl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} devsoft's\ http\ component [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Deweb[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Digimarc [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Digger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} digout4uagent[NC,OR]
RewriteCond %{HTTP_USER_AGENT} DIIbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} DISCo[NC,OR]
RewriteCond %{HTTP_USER_AGENT} dloader(NaverRobot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Download\ Demon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} eCatch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ecollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Educate\ Search [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EirGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EmailCollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EmailSiphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EmailWolf[NC,OR]
RewriteCond %{HTTP_USER_AGENT} EO\ Browse [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Express\ WebPictures[NC,OR]
RewriteCond %{HTTP_USER_AGENT} ExtractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EyeNetIE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} fastlwspider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} FEZhead[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Fetch[NC,OR]
RewriteCond %{HTTP_USER_AGENT} FlashGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Franklin\ Locator[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Full\ Web\ Bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Getleft [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GetRight [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GetURL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GetWebPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Go!Zilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Gozilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} go-ahead-got-it [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GrabNet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Grafula [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HMView [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HTML\ Works [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
RewriteCond %{HTTP_USER_AGENT} IBM_Planetwide [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Image\ Stripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Image\ Sucker[NC,OR]
RewriteCond %{HTTP_USER_AGENT} IncyWincy[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Industry\ Program[NC,OR]
RewriteCond %{HTTP_USER_AGENT} InterGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Internet\ Explore\ 5\.x [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Internet\ Ninja [NC,OR]
RewriteCond %{HTTP_USER_AGENT} InternetSeer.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Irvine [NC,OR]
RewriteCond %{HTTP_USER_AGENT} JetCar [NC,OR]
RewriteCond %{HTTP_USER_AGENT} JOC\ Web\ Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} KWebGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} larbin [NC,OR]
RewriteCond %{HTTP_USER_AGENT} leech[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mass\ Downloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MCspider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Microsoft\ URL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MIDown\ tool [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mirror [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Missauga\ Locator[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Missigua\ Locator[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mister\ PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Monster [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla.*NEWT[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla\/3\.0\.\+Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla\/3.Mozilla\/2\.01 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla\/4\.0$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Mozzilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MSIECrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Navroad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NearSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetAnts [NC,OR]
RewriteCond %{HTTP_USER_AGENT} netattache [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetCarta [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetSpider[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Net\ Vampire [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NetZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} NICErsPRO[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Octopus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Offline\ Explorer[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Offline\ Navigator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} OpaL [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Openfind [NC,OR]
RewriteCond %{HTTP_USER_AGENT} OpenTextSiteCrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PackRat [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PageGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Papa\ Foto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} pavuk[NC,OR]
RewriteCond %{HTTP_USER_AGENT} pcBrowser[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Plucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Production\ Bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Program\ Shareware [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PushSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} RealDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ReGet[NC,OR]
RewriteCond %{HTTP_USER_AGENT} RepoMonkey [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Rover[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Rsync[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Siphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ScoutAbout [NC,OR]
RewriteCond %{HTTP_USER_AGENT} searchterms\.it [NC,OR]
RewriteCond %{HTTP_USER_AGENT} semanticdiscovery[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Shai [NC,OR]
RewriteCond %{HTTP_USER_AGENT} sitecheck[NC,OR]
RewriteCond %{HTTP_USER_AGENT} SiteSnagger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SmartDownload[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Spegla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SpiderBot[NC,OR]
RewriteCond %{HTTP_USER_AGENT} SuperBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SuperHTTP[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Surfbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SurfWalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} tAkeOut [NC,OR]
RewriteCond %{HTTP_USER_AGENT} tarspider[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Teleport\ Pro[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Telesoft [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Templeton[NC,OR]
RewriteCond %{HTTP_USER_AGENT} UtilMind [NC,OR]
RewriteCond %{HTTP_USER_AGENT} VoidEYE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} w3mir[NC,OR]
RewriteCond %{HTTP_USER_AGENT} web.by.mail [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebBandit[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCopier[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCopy [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebEMailExtrac [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Web\ Image\ Collector[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Web\ Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebAuto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCopier[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebFetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebMiner [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebReaper[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebSauger[NC,OR]
RewriteCond %{HTTP_USER_AGENT} Website\ eXtractor [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Website\ Quester [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebSnake [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebStripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webvac [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webwalk [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebWhacker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WhosTalking [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Widow[NC,OR]
RewriteCond %{HTTP_USER_AGENT} WUMPUS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} www\.pl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Xaldon\ WebSpider[NC,OR]
RewriteCond %{HTTP_USER_AGENT} XGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Yandex [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Zeus.*Webster[NC]
#RewriteCond %{HTTP_USER_AGENT} test[NC]
RewriteCond %{REQUEST_URI}!^/badUA\.html [NC]
RewriteRule .* /badUA.html [L,E=HTTP_USER_AGENT:BAD_USER_AGENT]
RewriteCond %{HTTP_REFERER} ^-?$
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* /cgi-bin/noagent.cmd [L,T=application/x-httpd-cgi]

kmonroe

6:25 pm on Jul 22, 2010 (gmt 0)

10+ Year Member



Well I did find that I could do this 
RewriteRule ^(.*)setup\.php$ http://www.domain101.com/ [NC]

but I still wonder if I could make it smaller still.

g1smd

7:40 pm on Jul 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



If you use RewriteRule for any of your rules you should use it for all of your rules. Convert all of the Redirect code to use RewriteRule instead.

When doing that, large numbers of rules can be combined. For example the "phpMyAdmin" digits can be detected with a simple pattern allowing "any digits and periods".

I haven't got hours of time to do the work for you.

jdMorgan

7:43 am on Jul 23, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I need to 'warn' that redirecting all of those "hack attempt" URLs to your home page is a bad idea...

Use the mod_rewrite method, but either return a 410-Gone or a 403-Forbidden. Do not redirect those requests to your home page! 

# 410-Gone
RewriteRule setup\.php$ - [G]
#
# 403-Forbidden
RewriteRule setup\.php$ - [F]


And as for the long and slow-to-process list of bad-bots and undesireable user-agents, be aware that most of those are obsolete. How many of them actually show up in your stats or logs? I suggest blocking only enough of them to get rid of 90% of the abusive requests... Probably ten or less of them actually need to be in your file.

Also, since that list was compiled, the bad-guys have moved on. Today, you'll find that fake Googlebots are a bigger problem than most of the user-agent strings on your list...

"If Googlebot AND NOT Googlebot-IP-address, THEN return 403-Forbidden..."

Jim

tangor

8:02 am on Jul 23, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I'll suggest something a bit more simple. White list your robots.txt. Many of those undesired will disappear after getting robots.txt (make sure your .htaccess allows that) and then go away. Nuke only those which do not abide... and determine that from your logs. As for the .php in URI just kill those outright (403), unless you are a PHP system (I don't php, thus kill those requests routinely, sleep well at night). jdMorgan is 100% as to returns. Avoid redirects of malformed requests!

kmonroe

2:07 pm on Jul 23, 2010 (gmt 0)

10+ Year Member



I have compressed and cleaned my .htaccess file to less than 50 lines of code.
g1smd I have converted all of the Redirect codes to RewriteRules.
I haven't got hours of time to do the work for you

I just asked for help, I do not mind to do the work...(Which I did)

Thank you for the heads up and help jdMorgan..

Tangor I have white listed my robots.txt thank you I didn't realize I had to white list

jdMorgan

4:55 pm on Jul 23, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Feel free to post the cleaned-up code for further comments -- You'll likely get more interest with a much shorter (and therefore more-comprehensible) file... :)

Another thing to look into is the 'anchoring' of your remaining bad-user-agent strings: In many cases, the anchoring you find in forum posts is incorrect, because those copying/pasting/modifying the code don't understand regular-expressions pattern-anchoring, and think "Oh, I guess every pattern has to start with a "^". Since that means that the user-agent must *start* with the specified string, and since that is not always the case, this often renders the directive useless, since the user-agent won't match that anchored pattern.

Note also that the character "|" which appears in several of your rules has been changed by the old version of our WebmasterWorld software to a broken pipe character "". This won't work as intended, and the broken pipe needs to be replaced with the solid pipe character, which is a "local OR" operator in regular expressions.

Jim

kmonroe

6:55 pm on Jul 23, 2010 (gmt 0)

10+ Year Member 



<Limit GET POST PUT>
Order Allow,Deny
##-##
Allow from all
</Limit>

ErrorDocument 400 /errorpage.php
ErrorDocument 401 /errorpage.php
ErrorDocument 403 /errorpage.php
ErrorDocument 404 /errorpage.php
ErrorDocument 410 /errorpage.php
ErrorDocument 500 /errorpage.php

Options +FollowSymLinks
RewriteEngine on
RewriteBase /

# MAINTENANCE-PAGE REDIRECT
#RewriteCond %{REMOTE_ADDR} !^192\.168\.10\.171
#RewriteCond %{REQUEST_URI} !/sitedown.php$ [NC]
#RewriteRule .* /sitedown.php [R=302,L]

RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
SetEnvIfNoCase User-Agent "shell_exec" keep_out
SetEnvIfNoCase User-Agent "passthru" keep_out
SetEnvIfNoCase User-Agent "function" keep_out

RewriteCond %{REMOTE_ADDR} "^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$" [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^64\.140\.49\.6([6-9])$ [OR]
RewriteCond %{HTTP_REFERER} iaea\.org [OR]
RewriteCond %{HTTP_USER_AGENT} vayala [OR]
RewriteCond %{HTTP_USER_AGENT} zeus [NC]
RewriteRule .* - [F,L]

# 403-Forbidden
RewriteRule setup$ - [F]
RewriteRule setup\.php$ - [F]
RewriteRule canakkale\.mp3$ - [F]
RewriteRule nosuichfile\.php$ - [F]
RewriteRule function.session-start$ - [F]

# block referrer spam
RewriteCond %{HTTP_REFERER} (proxyfire) [NC,OR]
RewriteCond %{HTTP_REFERER} (wantsfly) [NC]
RewriteRule .* - [F]

# index.php to /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*index\.php\ HTTP/
RewriteRule ^(.*)index\.php$ /$1 [R=301,L]

# send to mobile site 
RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|kindle|psp|smartphone|symbian|treo|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|oran|zte\-) [NC]
RewriteRule ^$ http://www.domain101.com/mobile [R,L]

#block bad user agents
RewriteCond %{HTTP_USER_AGENT} ^$|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW.Mechanize|www.ranks.nl|wwwster|zmao|Zyborg [NC]
RewriteRule ^(.*)$ - [F,L]

# FILTER REQUEST METHODS
 RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
 RewriteRule ^(.*)$ - [F,L]

# QUERY STRING EXPLOITS
 RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
 RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>|'|"|;|\?|\*).* [NC,OR]
 RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3E|%5C|%7B|%7C).* [NC,OR]
 RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F|127\.0).* [NC]
 RewriteRule ^(.*)$ - [F,L]

SevenCubed

9:14 pm on Jul 23, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



@kmonroe

...and of course all you very good people who provide the feedback and tremendous help...thank you for this post -- it contains a solution to a problem I've been monitoring but didn't know how or where to solve! A while ago I did a search in Bing and SERP #1 brought me right back home...here. I couldn't believe even the fresh date of this page -- perfect timing.

jdMorgan

4:04 pm on Jul 24, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This could still do with some optimization and re-ordering of rules for proper operation... 

ErrorDocument 400 /errorpage.php
ErrorDocument 401 /errorpage.php
ErrorDocument 403 /errorpage.php
ErrorDocument 404 /errorpage.php
ErrorDocument 410 /errorpage.php
ErrorDocument 500 /errorpage.php
#
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
#
# make these guys go away by making 404 handling look "broken"
# (internally rewrite the request to a very small file and return a 200-OK status)
RewriteRule nosui?chfile|thisfile(must|does)notexist /a-one-byte-file [NC,L]
#
# block unwelcome HTTP request methods (Note that I don't usually allow "PUT" myself... )
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PUT)$ [OR]
# block by requested URL-path
RewriteCond %{REQUEST_URI} /(setup(\.php)?|canakkale\.mp3|function.session-start)$ [NC,OR]
# block query string exploits
RewriteCond %{QUERY_STRING} \.\.\/ [OR]
RewriteCond %{QUERY_STRING} [()<>[\]";?*] [OR]
RewriteCond %{QUERY_STRING} \%(0[A-F]|2[27]|3[CE]|5C|7[BC]) [NC,OR]
RewriteCond %{QUERY_STRING} 127\.0\.[0-9]+\.[0-9]+ [OR]
# block unwelcome IP addresses
RewriteCond %{REMOTE_ADDR} ^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^64\.140\.49\.6([6-9])$ [OR]
# block referrer spam
RewriteCond %{HTTP_REFERER} iaea\.org|proxyfire|wantsfly [NC,OR]
# block bad user agents
RewriteCond %{HTTP_USER_AGENT} ^-?$|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW.Mechanize|www.ranks.nl|wwwster|zmao [NC,OR]
RewriteCond %{HTTP_USER_AGENT} function|passthru|shell_exec|vayala|zeus [NC]
RewriteRule ^ - [F]
#
# externally redirect all requests to maintenance page (un-comment this rule during maintenance)
#RewriteCond %{REMOTE_ADDR} !=192.168.10.171
#RewriteRule !^sitedown\.php$ http://www.example.com/sitedown.php [R=302,L]
#
# externally redirect mobile user-agent requests for the main home page to mobile site
RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|kindle|psp|smartphone|symbian|treo|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|oran|zte\-) [NC]
RewriteRule ^(index\.php)?$ http://www.example.com/mobile/ [R=303,L]
#
# externally redirect direct client requests for "index.php" to "/", preserving requested directory level
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]*/)*index\.php([?#][^\ ]*)?\ HTTP/
RewriteRule ^(([^/]*/)*)index\.php$ http://www.example.com/$1 [R=301,L]
#
# externally redirect requests for non-blank non-canonical hostnames to canonical hostname
RewriteCond %{HTTP_HOST} !^(www\.example.com)?$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]
#
# -end-

I also added the hostname canonicalization rule at the end. Note that it assumes that you do not have or intend to have any subdomains other than "www".

The IP address could easily be done using mod_access "deny from" code, but since you had both mod_access and mod_rewrite code, I just moved everything into mod_rewrite for the time being.

Further optimization is still possible, for example, combining all RewriteConds that look at the same server variable in each rule. But I left some of these in the interest of code readability. Everyone is free to make this efficiency/readability trade-off as they see fit.

Note the change in the method for handling "nosuchfile" requests -- I recommend this method to minimize the number of requests related to these exploits. Just make a very small text file and rewrite all these exploit-realted requests to it. Do NOT include any useful information or "taunting challenges" in this file! I return a one-byte file containing just a "~" in most cases...

There may be a few typos in this tweaked code -- I often type too fast. :)

Jim

[edited by: jdMorgan at 2:23 pm (utc) on Jul 26, 2010]

SevenCubed

4:43 pm on Jul 25, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Wow, artwork this is :)

Quick question from the uninitiated. I use php on my server, my pages are scripted in php, and the underlying system makes use of it extensively through Plesk...if I apply...

RewriteRule setup\.php$ - [F]

...would that cause problems server side for legitimate calls to the file, such as maybe software updates controlled by Plesk or Ubuntu? Or, would it simply prohibit illegitimate requests from the WWW side of the veil?

g1smd

4:56 pm on Jul 25, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Things in the .htaccess file control access to those resources when it is a HTTP request asking for them.

They don't affect internal server side "includes" and similar.

jdMorgan

5:03 pm on Jul 25, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



> ...calls to the file...

No, because 'including' or invoking a file from within a script is an operation taking place entirely within the server's filesystem, and does not use the HTTP protocol -- and HTaccess only applies to HTTP requests.

*All* of your internal-use-only scripts should be made inaccessible via HTTP using a rule or rules such as the above.

Don't confuse URLs (which are what RewriteRule examines) with files inside the server. Totally different things, and totally unrelated -- except by the action of the server itself (and mod_rewrite, it the Webmaster chooses to use it).

A URL exists the moment it appears as a link or an object-include on a published Web page. This is true whether or not it resolves to an existing server and/or an existing 'file' on that server. It is the primary function of HTTP servers to 'associate' URLs to the files (static files or dynamic scripts) in their filespace, and there is no relationship whatsoever between these two 'addressing methods' without the server's action to establish one.

This extremely-common misunderstanding leads to more server configuration errors than just above anything else, so sorry if I'm beating the subject to death... :)

In addition, you'll find many badly-written scripts which use a URL to 'include' other scripts on the same server. This results in the server having to initiate an HTTP request to itself and wait for the response before that included script can run... This is potentially hundreds of times slower than simply doing a disk access to read in the file, and subject to many more failure modes.

URLs are used only 'out there on the Web', and files are used only 'here inside the server.' Mod_rewrite acts on incoming URL requests, and (among other functions) can modify the URL-to-filename translation to access files different from those which would be accessed by default.

Jim

SevenCubed

5:28 pm on Jul 25, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Thanks so much guys. I'm catching on :)

Essentially Apache is the "traffic cop" at the major intersection directing the flow of traffic based on where the traffic thinks is it going to go compared to where the chief knows it cannot? If the traffic makes gets unruly, the Apache warrior pulls an arrow out of his quiver and 403's them?

Cool, beginning to understand this, it's ok to beat the subject to death becuase some of us have thick coconuts :)

charles99

2:59 am on Jul 26, 2010 (gmt 0)

10+ Year Member



K

Do you have a final version of your Htacess File that you can post? Tryign to apply the same settings to my own htacess file. Got hacked and need to find a way to stop an number of requests that coming in before I put anything up again...

kmonroe

4:27 am on Jul 26, 2010 (gmt 0)

10+ Year Member



this is my robot.txt 
User-agent: *
Disallow: /desktop
Disallow: /ftp
Disallow: /scripts
Disallow: /meters
Disallow: /fax
Disallow: /test
Disallow: /facebook
Disallow: /old
Disallow: /phpnav
Disallow: /joomal
Disallow: /twitter
Disallow: /drivers
Disallow: /images
Disallow: /stylesheets
Disallow: /fonts
Disallow: /blackhole
Allow: /mobile
Allow: /

----------------------------------
this is my errorpage.php 

<?php
$ip = getenv("REMOTE_ADDR");
$hn = getenv("REMOTE_HOST");
$httprefi = getenv ("HTTP_REFERER");
$httpagenti = getenv ("HTTP_USER_AGENT");
$file = "./address-badrecords/$ip.txt";
$fp = fopen($file, 'w');

fwrite($fp,$ip);
fwrite($fp,',');
fwrite($fp,$hn);
fwrite($fp,',');
fwrite($fp,$httprefi);
fwrite($fp,',');
fwrite($fp,$httpagenti);
fclose($fp);


// Setup
$email = 'webmaster@domain101.com'; //Change to your e-mail address

// Get Variables
$error = $_SERVER['REDIRECT_STATUS'];
$referring_url = $_SERVER['HTTP_REFERER'];
$requested_url = $_SERVER['REQUEST_URI'];
$referring_ip = $_SERVER['REMOTE_ADDR'];
$server_name = $_SERVER['SERVER_NAME'];
$subject2 = "IP ONLY";

// Different error messages to display
switch ($error) {

# Error 400 - Bad Request
case 400:
$errorname = 'Error 400 - Bad Request';
$errordesc = '<h1>Bad Request</h1>
 <h2>Error Type: 400</h2>
 <p>
 The URL that you requested &#8212; http://'.$server_name.$requested_url.' &#8212; does not exist on this server. You might want to re-check the spelling and the path.</p>
 <p>
 An e-mail has been sent to me regarding the problem. I apologize for any inconvenience caused and will do all I can to fix the error as soon as possible.</p>
 <p>You can use the menu at the top of the page or at the right to navigate to another section.</p>';
break;

# Error 401 - Authorization Required
case 401:
$errorname = 'Error 401 - Authorization Required';
$errordesc = '<h1>Authorization Required</h1>
 <h2>Error Type: 401</h2>
 <p>
 The URL that you requested requires pre-authorization to access.</p>
 <p>
 An e-mail has been sent to me regarding the situation and, if it is an error, I will do all I can to fix it as soon as possible.</p>';
break;

# Error 403 - Access Forbidden
case 403:
$errorname = 'Error 403 - Access Forbidden';
$errordesc = '<h1>Access Forbidden</h1>
 <h2>Error Type: 403</h2>
 <p>
 Access to the URL that you requested is forbidden.</p>
 <p>
 An e-mail has been sent to me regarding the situation and, if it is an error, I will do all I can to fix it as soon as possible.</p>';
break;

# Error 404 - Page Not Found
case 404:
$errorname = 'Error 404 - Page Not Found';
$errordesc = '<h1>File Not Found</h1>
 <h2>Error Type: 404</h2>
 <p>
 Ooops! The page you are looking for &#8212; http://'.$server_name.$requested_url.' &#8212; cannot be found. This may be because:</p>
 <ul>
 <li>the path to the page was entered wrong;</li>
 <li>the page no longer exists; or</li>
 <li>there has been an error on the Web site.</li>
 </ul>
 <p>
 An e-mail has been sent to me regarding the problem. If you feel the URL you entered is correct, you can contact me by sending an e-mail to <a href="mailto:'."$email".'">'."$email".'</a>, mentioning the error message received and the page you were trying to reach. I apologize for any inconvenience caused and I will do all I can to fix the error as soon as possible.</p>
 <p>You can use the menu at the top of the page or at the right to navigate to another section.</p>';
break;

# Error 410 - Page Gone
case 410:
$errorname = 'Error 410 - Gone';
$errordesc = '<h1>File gone</h1>
 <h2>Error Type: 410</h2>
 <p>
 Ooops! The page you are looking for &#8212; http://'.$server_name.$requested_url.' &#8212; is gone. This may be because:</p>
 <ul>
 <li>the path to the page was entered wrong;</li>
 <li>the page no longer exists; or</li>
 <li>there has been an error on the Web site.</li>
 </ul>
 <p>
 An e-mail has been sent to me regarding the problem. If you feel the URL you entered is correct, you can contact me by sending an e-mail to <a href="mailto:'."$email".'">'."$email".'</a>, mentioning the error message received and the page you were trying to reach. I apologize for any inconvenience caused and I will do all I can to fix the error as soon as possible.</p>
 <p>You can use the menu at the top of the page or at the right to navigate to another section.</p>';
break;

# Error 500 - Server Configuration Error
case 500:
$errorname = 'Error 500 - Server Configuration Error';
$errordesc = '<h1>Server Configuration Error</h1>
 <h2>Error Type: 500</h2>
 <p>
 The URL that you requested &#8212; <a href="http://'.$server_name.$requested_url.'">http://'.$server_name.$requested_url.'</a> &#8212; resulted in a server configuration error. It is possible that the condition causing the problem will be gone by the time you finish reading this.</p>
 <p>
 An e-mail has been sent to me regarding the problem. If this problem persists please report it to me by sending an e-mail to <a href="mailto:'."$email".'">'."$email".'</a>, mentioning the error message received and the page you were trying to reach. I apologize for any inconvenience caused and I will do all I can to fix the error as soon as possible.</p>';
break;

# Unknown error
default:
$errorname = 'Unknown Error';
$errordesc = '<h2>Unknown Error</h2>
 <p>The URL that you requested &#8212; <a href="http://'.$server_name.$requested_url.'">http://'.$server_name.$requested_url.'</a> &#8212; resulted in an unknown error. It is possible that the condition causing the problem will be gone by the time you finish reading this. </p>
 <p>
 An e-mail has been sent to me regarding the problem. If this problem persists please report it to me by sending an e-mail to <a href="mailto:'."$email".'">'."$email".'</a>, mentioning the error message received and the page you were trying to reach. I apologize for any inconvenience caused and I will do all I can to fix the error as soon as possible.</p>';

}

// Display selected error message
echo($errordesc);
if (!$referring_url == '') {
echo '<p><a href="'.$referring_url.'"><< Go back to previous page.</a></p>';
} else {
echo '<p><a href="javascript:history.go(-1)"><< Go back to previous page.</a></p>';

// E-mail section. Delete if you do not want to be sent e-mail notifications of errors.
$datetime = date("l, F d, Y - h:i:s A T");
$message .= '<i>The following error was received on '.$datetime.'</i>';
$message .= '<br><br><b><i>'.$errorname.'</i></b>';
$message .= '<br><i>Requested URL:</i> <a href="http://'.$server_name.$requested_url.'">http://'.$server_name.$requested_url.'</a>';
$message .= '<br><i>Referring URL:</i> <a href="http://'.$referring_url.'">http://'.$referring_url.'</a>';
$message .= '<br><br><i>IP Address:</i> '.$referring_ip;
$to = "$email";
$subject = "$errorname";
$headers = "From: $email\r\n";
$headers .= "Content-type: text/html\r\n";
mail($to,$subject,$message,$headers);
// mail($to,"$subject2 -- $errorname",$referring_ip,$headers);
}
// End of e-mail section.

?>


I also used a blackhole for unruley robots:

Title: Perishable Press Blackhole for Bad Bots
Description: Automatically trap and block bots that don't obey robots.txt rules
Project URL: [perishablepress.com...]
Author: Jeff Starr, aka perishable
Release: July 13th, 2010
Version: 1.1

Credits: The Blackhole includes customized/modified versions of these fine scripts:
- Network Query Tool @ [drunkwerks.com...]
- Kloth.net Bot Trap @ [kloth.net...]

I am still changing my htaccess file to use jdMorgan's cleaner code

charles99

1:13 pm on Jul 26, 2010 (gmt 0)

10+ Year Member



K

This is what we had piece together after we was hacked... And we downlaod Perishable Press Blackhole Zip file also... With that we just put the statement on the index.php right? And JD what is the Cleaner Code? Is that a program or JS... We are trying to figure all this out on the go... So I must ask everyone to bear with us, as we try to build a hell of a htaccess file with your help... Hey we are even blocking our own I.P. address and going in through our hosting company cp. Man I wish I could get just a finger on the knuckleheads who hacked into our system...


Here our basic Joomla htaccess file:

RewriteEngine on
##
# @version $Id: htaccess.txt 14401 2010-01-26 14:10:00Z louis $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license [gnu.org...] GNU/GPL
# Joomla! is Free Software
##

#####################################################
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks All -Indexes

#
# mod_rewrite in use

Order Deny,Allow
Deny from all
Allow from (My I.P. Address)


<Files .htaccess>
order allow,deny
deny from all
</Files>


<FilesMatch "configuration.php">
Order allow,deny
Deny from all
</FilesMatch>



########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
<Files ~ "\.xml$">
Order allow,deny
Deny from all
Satisfy all
</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits

# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)

# RewriteBase /

########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section

<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 220.181.7.68/30
deny from 220.181.7.72/29
deny from 220.181.7.80/28
deny from 220.181.7.96/30
deny from 220.181.7.100/32
deny from 123.125.66.121/32
deny from 123.125.66.122/31
deny from 123.125.66.124/30
deny from 123.125.66.128/26
deny from 123.125.66.192/29
deny from 123.125.66.200/32
deny from 95.108.157.200/29
deny from 95.108.157.208/28
deny from 95.108.157.224/28
deny from 95.108.157.240/29
deny from 95.108.157.248/30
deny from 95.108.157.251
RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$ [NC]
RewriteRule .*\.(.*)$ - [F,NC]




RewriteRule ^/phpMyAdmin.*$ /index.php


AddHandler application/x-httpd-php52 .php .php3 .php4 .php5 .phtml


deny from 93.158.134.11
deny from 220.181.7.21
deny from 93.158.128.0/18
deny from 80.81.192.251
deny from 194.85.177.90
deny from 193.232.87.42
deny from 87.250.233.229
deny from 194.85.107.57
deny from 193.232.136.33
deny from 193.232.135.33
deny from 193.232.140.33
deny from 194.190.119.10
deny from 77.88.21.69
deny from 87.250.251.69
deny from 93.158.134.69
deny from 213.180.204.69
deny from 77.88.58.175
deny from 93.158.156.15
deny from 213.180.193.24
deny from 77.88.21.11
deny from 87.250.251.11
deny from 213.180.204.11
deny from 213.180.193.1
deny from 213.180.199.34
deny from 93.158.134.89
deny from 213.180.204.89
deny from 77.88.0.0/18
deny from 87.250.224.0/19
deny from 213.180.204.0/24
deny from 213.180.192.0/19
deny from 65.254.36.102
deny from 93.158.137.0/24
deny from 93.158.144.0/21
deny from 93.158.144.0/23
deny from 93.158.146.0/23
deny from 61.135.163.94
deny from 220.181.6.81
deny from 220.181.6.184
deny from 202.108.22.220
deny from 61.135.165.235
deny from 220.181.37.10
deny from 220.181.38.10
deny from 61.135.163.61
deny from 61.135.160.0/21
deny from 220.181.0.0/19
deny from 202.108.0.0/18
deny from 220.181.32.0/19
deny from 220.181.6.175
deny from 88.191.117.43
deny from 66.249.71.89
deny from 93.186.192.134

kmonroe

1:21 pm on Jul 26, 2010 (gmt 0)

10+ Year Member



I believe I am going to use JDMorgan's Cleaned file for my htaccess.

JDMorgan Thank you for all of your help in this, when I tested your file I only got 1 error on it
# block query string exploits 

RewriteCond %{QUERY_STRING} ([()<>[\]";?*] [OR]
 ==>
RewriteCond %{QUERY_STRING} ([()<>[\]";?*]) [OR]

:) one typo... :) No other tweaking needed for this wonderful file.

I would also like to thank every one else that helped.

jdMorgan

2:22 pm on Jul 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



There's too much code there for me to make sense of with a quick read, but two major improvements are certainly possible:

First, you can combine "Deny from" directives to shorten that section. You could combine all of them into one line, but you may choose instead to keep some organization in order to ease maintenance. So, for example: 

deny from 193.232.87.42
deny from 193.232.136.33
deny from 193.232.135.33
deny from 193.232.140.33

becomes 

Deny from 193.232.87.42 193.232.136.33 193.232.135.33 193.232.140.33

Also, consider that blocking single IP addresses is likely not the best use of your time or the server's time. If an IP address range is problematic, look into it and see if it's worth blocking a bigger chunk based on the ratio of good versus bad traffic from that range. If it's worth blocking a bigger range, then do so. And if not, consider whether blocking the single address is really worth it. Remember that the "Deny froms" are going to get processed for every single request to your server...

Secondly, the Joomla code as provided out-of-the box is pretty bad, efficiency-wise. I believe you'll see an improvement in your server's performance with a few simple changes: 

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
RewriteCond %{REQUEST_URI} !^/index\.php$
RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC] 
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]

The RewriteCond re-ordering prevents the CPU-intensive and slow 'file-exists' checks from executing unless really necessary, and may result in *noticeable* improvement to your site's responsiveness. The Joomla code is "logically OK," but fails to take into consideration the fact that -f and -d checks invoke a call to the operating system's file manager, and this in turn can invoke physical disk reads if the cached filesystem-state is marked 'dirty' or 'stale'. This is very slow, and increases wear-and-tear on the hard drives...

Other minor rule-order and pattern tweaks are for efficiency, mostly getting rid of redundant subpatterns.

[added] I corrected the code I posted previously to prevent further propagation of my typo. Thanks for noting that error! [/added]

Jim

charles99

4:18 pm on Jul 26, 2010 (gmt 0)

10+ Year Member



I we make the deny changes in a few minutes... man this piecing together a htaccess is tough! K, you said you are going to use JD clean htaccess file, can you let me get a copy.

Now I have been been bouncing from site to site trying to get the right rewrite settings and would like to know will the following help me slow the requests? Especially the setup ones... Here is what I piece together and will make the changes as you guys advises...

I also took the bottom part of what JD posted and added to the bottom part of my htaccess file need to know where to make the changes guys...

Current Settings...trying to piece together something good..

Starts Here:

Options +FollowSymLinks All -Indexes
RewriteEngine on


Ordereny,Allow
Deny from all
Allow from (my I.P Address)


<Files .htaccess>
order allow,deny
Deny from all
</Files>


<FilesMatch "configuration.php">
Order allow,deny
Deny from all
</FilesMatch>


<Files ~ "\.xml$">
Order allow,deny
Deny from all
Satisfy all
</Files>


## End ofeny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]

RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
RewriteCond %{REQUEST_URI} !^/index\.php$
RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]

<Files 403.shtml>
order allow,deny
allow from all
</Files>


RewriteCond %{HTTP_REFERER} !^http://mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://mysite.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.mysite.com$ [NC]
RewriteRule .*\.(.*)$ - [F,NC]



RewriteBase /
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC]
RewriteRule \.(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]


SetEnvIfNoCase X-Forwarded-For .+ proxy=yes
SetEnvIfNoCase X-moz prefetch no_access=yes

# block pre-fetch requests with X-moz headers
RewriteCond %{ENV:no_access} yes
RewriteRule .* - [F,L]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?adult(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?poker(-|.).*$ [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://(www\.)?.*(-|.)?drugs(-|.).*$ [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
ServerSignature Off
Options +FollowSymLinks
RewriteCond %{REQUEST_METHOD} ^(delete|head|trace|track) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

RewriteCond %{THE_REQUEST} ^GET\ /.*\;.*\ HTTP/
RewriteCond %{QUERY_STRING} !^$
RewriteRule .* [mysite.com%{REQUEST_URI}?...] [R=301,L]

RewriteBase /
RewriteCond %{THE_REQUEST} ^.+$ [NC]
RewriteRule .* - [F,L]

RewriteBase /
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+)/.*\ HTTP [NC]
RewriteRule .* - [F,L]

RewriteBase /
# If the hour is 24 (12 PM) Theneny all access
RewriteCond %{TIME_HOUR} ^16$
RewriteRule ^.*$ - [F,L]

RewriteRule ^(.*)\.html$ $1.php [R=301,L]


RewriteRule ^/phpMyAdmin.*$ /index.php


AddHandler application/x-httpd-php52 .php .php3 .php4 .php5 .phtml

# make these guys go away by making 404 handling look "broken"
# (internally rewrite the request to a very small file and return a 200-OK status)
RewriteRule nosui?chfile|thisfile(must|does)notexist /a-one-byte-file [NC,L]

# externally redirect all requests to maintenance page (un-comment this rule during maintenance)
RewriteCond %{REMOTE_ADDR} !=192.168.10.171
RewriteRule !^sitedown\.php$ http://www.example.com/sitedown.php [R=302,L]
#
# externally redirect mobile user-agent requests for the main home page to mobile site
RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|kindle|psp|smartphone|symbian|treo|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|oran|zte\-) [NC]
RewriteRule ^(index\.php)?$ http://www.example.com/mobile/ [R=303,L]
#
# externally redirect direct client requests for "index.php" to "/", preserving requested directory level
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]*/)*index\.php([?#][^\ ]*)?\ HTTP/
RewriteRule ^(([^/]*/)*)index\.php$ http://www.example.com/$1 [R=301,L]
#
# externally redirect requests for non-blank non-canonical hostnames to canonical hostname
RewriteCond %{HTTP_HOST} !^(www\.example.com)?$
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]




#added Perishable Press I.P. Addresses to the list

<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from 208.120.202.98
Deny from 208.64.202.134
Deny from 217.218.166.14
Deny from 173.65.81.35
Deny from 77.21.46.241
Deny from 82.166.163.
Deny from 85.175.209.175
Deny from 212.107.136.66
Deny from 76.70.116.52
Deny from 70.106.192.200
Deny from 213.98.214.17
Deny from 114.58.253.56
Deny from 70.27.145.208
Deny from 208.99.193.10
Deny from 58.243.5.216
Deny from 146.115.72.39
Deny from 219.136.130.241
Deny from 65.208.151.
Deny from 222.73.173.11
Deny from 65.55.106.
Deny from 72.206.102.189
Deny from 99.159.41.74
Deny from 188.40.42.199
Deny from 195.10.218.132
Deny from 69.116.41.121
Deny from 84.220.96.39
Deny from 85.137.90.133
Deny from 85.137.83.160
Deny from 91.144.190.35
Deny from 83.233.165.88
Deny from 86.35.12.14
Deny from 24.182.45.28
Deny from 97.74.24.41
Deny from 24.182.45.26
Deny from 211.206.123.177
Deny from 213.215.116.99
Deny from 188.40.89.203
Deny from 65.55.207.
Deny from 71.95.178.74
Deny from 98.189.159.150
Deny from 174.143.3.188
Deny from 66.96.248.69
Deny from 71.235.77.152
Deny from 67.36.185.44
Deny from 65.242.250.130
Deny from 194.8.75.
Deny from 188.26.51.239
Deny from 118.208.240.173
Deny from 24.43.155.122
Deny from 91.149.157.136
Deny from 88.0.172.95
Deny from 66.82.9.92
Deny from 66.63.167.50
Deny from 208.99
Deny from 64.219.110.207
Deny from 98.189.159.153
Deny from 174.127.132.10
Deny from 67.185.43.239
Deny from 83.246.164.78
Deny from 213.227.252.26
Deny from 91.213.121.24
Deny from 96.243.186.28
Deny from 67.142.164.34
Deny from 173.58.132.100
Deny from 59.160.160.9
Deny from 67.225.242.171
Deny from 71.34.43.102
Deny from 67.205.45.142
Deny from 77.49.61.248
Deny from 79.174.64.184
Deny from 207.241.228.162
Deny from 204.12.192.135
Deny from 218.24.170.133
Deny from 200.90.216.146
Deny from 86.18.88.15
Deny from 212.225.185.11
Deny from 76.115.45.61
Deny from 213.37.57.113
Deny from 192.117.105.105
Deny from 69.45.51.98
Deny from 72.193.217.97
Deny from 115.133.252.31
Deny from 117.196.229.254
Deny from 117.196.234.101
Deny from 117.196.236.41
Deny from 77.49.57.214
Deny from 71.95.178.68
Deny from 92.233.3.91
Deny from 76.25.146.62
Deny from 66.25.140.85
Deny from 79.103.230.53
Deny from 76.65.178.130
Deny from 41.129.5.121
Deny from 84.40.30.37
Deny from 110.45.143.142
Deny from 66.221.63.33
Deny from 121.254.228.146
Deny from 222.236.47.182
Deny from 118.129.170.49
Deny from 88.191.94.188
Deny from 62.141.56.136
Deny from 174.120.219.160
Deny from 67.222.152.66
Deny from 92.240.42.10
Deny from 174.142.75.205
Deny from 91.142.208.158
Deny from 64.22.96.66
Deny from 78.86.185.224
Deny from 91.205.96.19
Deny from 202.70.54.115
Deny from 213.167.96.196
Deny from 195.117.223.98
Deny from 85.17.211.164
Deny from 213.93.38.160
Deny from 93.158.134.11
Deny from 220.181.7.21
Deny from 93.158.128.0/18
Deny from 80.81.192.251
Deny from 194.85.177.90
Deny from 193.232.87.42
Deny from 87.250.233.229
Deny from 194.85.107.57
Deny from 193.232.136.33
Deny from 193.232.135.33
Deny from 193.232.140.33
Deny from 194.190.119.10
Deny from 77.88.21.69
Deny from 87.250.251.69
Deny from 93.158.134.69
Deny from 213.180.204.69
Deny from 77.88.58.175
Deny from 93.158.156.15
Deny from 213.180.193.24
Deny from 77.88.21.11
Deny from 87.250.251.11
Deny from 213.180.204.11
Deny from 213.180.193.1
Deny from 213.180.199.34
Deny from 93.158.134.89
Deny from 213.180.204.89
Deny from 77.88.0.0/18
Deny from 87.250.224.0/19
Deny from 213.180.204.0/24
Deny from 213.180.192.0/19
Deny from 65.254.36.102
Deny from 93.158.137.0/24
Deny from 93.158.144.0/21
Deny from 93.158.144.0/23
Deny from 93.158.146.0/23
Deny from 61.135.163.94
Deny from 220.181.6.81
Deny from 220.181.6.184
Deny from 202.108.22.220
Deny from 61.135.165.235
Deny from 220.181.37.10
Deny from 220.181.38.10
Deny from 61.135.163.61
Deny from 61.135.160.0/21
Deny from 220.181.0.0/19
Deny from 202.108.0.0/18
Deny from 220.181.32.0/19
Deny from 220.181.6.175
Deny from 88.191.117.43
Deny from 66.249.71.89
Deny from 93.186.192.134
Deny from 220.181.7.68/30
Deny from 220.181.7.72/29
Deny from 220.181.7.80/28
Deny from 220.181.7.96/30
Deny from 220.181.7.100/32
Deny from 123.125.66.121/32
Deny from 123.125.66.122/31
Deny from 123.125.66.124/30
Deny from 123.125.66.128/26
Deny from 123.125.66.192/29
Deny from 123.125.66.200/32
Deny from 95.108.157.200/29
Deny from 95.108.157.208/28
Deny from 95.108.157.224/28
Deny from 95.108.157.240/29
Deny from 95.108.157.248/30
Deny from 95.108.157.251
</Limit>

jdMorgan

8:07 pm on Jul 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This file is simply too big to review in a forum setting. Please focus your questions and post smaller code snippets.

However, it needs to be re-organized to put all of the code fragments together based on module for readability and to eliminate redundant 'overhead' such as multiple "Order" and "<IfModule>" lines.

In addition, the mod_rewrite rules are incorrectly ordered. Taking into account all mod_rewrite code in all config and .htaccess files, put all external redirects first, in order from most-specific patterns and conditions (one or only a few requested URLs affected) to least-specific patterns and conditions (more or most URLs affected), followed by all internal rewrites, again in order from most- to least-specific. Access-control rules (if any) should precede the redirects where possible, because there is no use wasting server resources redirecting unwelcome visitors.

Also, take advantage of the power of regular-expressions pattern-matching to get rid of redundant rules and conditions. For example, 

RewriteCond %{HTTP_REFERER} !^http://example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://example.com$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.example.com$ [NC]
RewriteRule .*\.(.*)$ - [F,NC]

can be reduced to 

RewriteCond %{HTTP_REFERER} !^(http://(www\.)?example\.com.*)?$ [NC]
RewriteRule \. - [F]

without any significant change in behaviour.

I see no code to address requests for "setup.php". For example: 
 RewriteRule setup\.php$ - [F]


And finally, do not expect that you can cut and paste code and have it work. It is not that simple. You must understand all effects of each pattern and rule, and the combined effects of all patterns and rules, and how they will affect your site. Otherwise, you are trying to land a jet fighter on an aircraft carrier with no pilot's training whatsoever. Keep in mind that this is server configuration code, and that it can have far-reaching effects on the operation of your server, the listing and ranking of your pages in search, and your revenue...

Jim

charles99

9:19 pm on Jul 26, 2010 (gmt 0)

10+ Year Member



Man this is tougher than I though? Can we use Kmonroe clean Version that you are helping him with? He first post has the same hack attacks that we got... And minor adjustments would we be able to use it? Because I am a bit lost on the structure part of things which setting comes first in the htacess file. All the sites that I have been bouncing from today just states the code but no one is really telling you where to place it.

These are the same requests we got... And still getting, so I believe it should work for us, again with minor adjustments here and there. And let me just take the time to thank you and K, for your help... I am a fish out of water here and K you info for Blackhole will help us in a major way... So J tell me how would we be able to use the clean version of the htacess file you are helping Kmonroe with?

this is from Kmonroe first post and the same requests we are getting....

phpMyAdmin-2.6.8/scripts/setup.php
PMA/scripts/setup.php
PMA2005/scripts/setup.php
admin/mysql/scripts/setup.php
admin/phpmyadmin/scripts/setup.php
noxdir/nosuichfile.php
nosuichfile.php
admin/scripts/setup.php
mysqlmanager/scripts/setup.php
p/m/a/scripts/setup.php
myadmin/scripts/setup.php
dbadmin/scripts/setup.php
mysql/scripts/setup.php
db/scripts/setup.php
phpMyAdmin-2.10.0/scripts/setup.php
phpMyAdmin-2.3.0/scripts/setup.php
phpMyAdmin-2.11.4/scripts/setup.php
phpMyAdmin-2.4.1/scripts/setup.php
phpMyAdmin-2.4.2/scripts/setup.php
phpMyAdmin-2.4.3/scripts/setup.php
phpMyAdmin-2.5.4/scripts/setup.php
admin/pma/scripts/setup.php

Also how would No Indexing help or hurt us... Read on a post that No Indexing was option that we should look at...

And is this another good or bad option to use in the robot file?

# go away
User-agent: *
Disallow: /

Do we need Google and Yahoo to get people to our site... Can't people just type in our website address? Or is all about Google Ranking? We know we can get people to our site , so this is why this is an option for us. But I would to know if its a good option to take...

g1smd

9:51 pm on Jul 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



It depends on the business, but for many people it is indeed "all about Google" and to a lesser extent "Yahoo" and "Bing".

The disallow you propose is suicide. Don't do it.

However, there's a whole retail sector that survives with zero searchengine visibility - because they build their sites entirely with Flash. Think Gucci, Armani, Bulgari, Versace, Vuitton, DKNY, etc. If you're not them, you'll likely need Google. :)

charles99

10:52 pm on Jul 26, 2010 (gmt 0)

10+ Year Member



But Google, Bing and Yahoo and other seems to be a major part of the problem! But it their Cache System and Bots that is giving hackers a gateway into everybody else systems. Once we get our system back up we need to fight hackers standing in front of us, Google allows them to hit you from the front and back... Just want a fair fight...

Even if we go with the Robot option above we will still to deal with the hackers trying to hack into our system... All we need is just a bit of time to fight off these knuckleheads until we can pick up 5 to 10 million users, and hire a tech team...

Changing the world is going to be tougher than we thought...
But hold on to these posts they will be worth millions in time... The days when we couldn't even build a htaccess file! i think people will pay money to see a movie about me and partner earlier days...

I guess its time to get back to trying to build this htaccess file...

tangor

11:27 pm on Jul 26, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Sometimes we can work too hard to achieve 100%... which isn't going to happen as the kiddies keep changing, probing. I'm very happy to void 98-99% with a few lines: 

SetEnvIfNoCase User-Agent "windows 95" ban
SetEnvIfNoCase User-Agent "windows 98" ban
SetEnvIfNoCase Referer "\.cn" ban
SetEnvIfNoCase Referer "\.ro" ban
SetEnvIfNoCase Referer "\.ru" ban
SetEnvIf Request_URI "\.php" ban
SetEnvIf Request_URI "(robots\.txt)$" pass


I reserve IP bans for the most egregious

Whitelist robots.txt: Disallow ALL but THESE...whatever list that might be for you, mine is pretty short: bing, google, teoma and yahoo.

Most everything else that gets by gets a 404, 405 or 500. i use default return pages (no sense is giving the script kiddies any clues).

HOWEVER, what works for me may not work for you! Each website is different. Some needs/requirements desired by one may have no use for another. Some want every hit possible, others aren't that interested and no longer code for older OS or browsers.

What will eat your lunch and give ulcers is having any kind of emotion regarding the persistent attacks. A generally well setup server config goes a long way toward peace of mind, but a server config pushed too hard can create more problems than it solves.

charles99

5:39 am on Aug 2, 2010 (gmt 0)

10+ Year Member



kmonroe

Did you finish making that clean htaccess file? I would like to take a look at it...

Also I found this request in my visitor log today does anyone know how to blocks this?

Its called Mofuse #*$!ing Scanner and this is the request it made:


[refhide.com...]

Thanks

charles99

5:39 am on Aug 2, 2010 (gmt 0)

10+ Year Member



kmonroe

Did you finish making that clean htaccess file? I would like to take a look at it...

Also I found this request in my visitor log today does anyone know how to blocks this?

Its called Mofuse #*$!ing Scanner and this is the request it made:


[refhide.com...]

Thanks

charles99

6:10 am on Aug 2, 2010 (gmt 0)

10+ Year Member



Also will the following handle all of the setup requests


RewriteRule setup\.php$ - [G]
or
RewriteRule setup\.php$ - [F]

So we only have to put it in our htaccess file one time for all requests seeking the setup file for anyone of these files right?

phpMyAdmin-2.6.8/scripts/setup.php
PMA/scripts/setup.php
PMA2005/scripts/setup.php
admin/mysql/scripts/setup.php
admin/phpmyadmin/scripts/setup.php
noxdir/nosuichfile.php
nosuichfile.php

and for this file would we put this:
RewriteRule nosuichfile\.php$ - [F]

come on guys need some help here...

kmonroe

12:16 pm on Aug 2, 2010 (gmt 0)

10+ Year Member



This is what I am using.. I did not really make any changes to the file JDMorgan wrote, I have noticed a 95-98% drop in activity since I did this... PS: Thanks all for the help.. 

ErrorDocument 400 /errorpage.php
ErrorDocument 401 /errorpage.php
ErrorDocument 403 /errorpage.php
ErrorDocument 404 /errorpage.php
ErrorDocument 410 /errorpage.php
ErrorDocument 500 /errorpage.php

#
Options +FollowSymLinks
RewriteEngine on
RewriteBase /

# make these guys go away by making 404 handling look "broken"
# (internally rewrite the request to a very small file and return a 200-OK status)
RewriteRule nosui?chfile|thisfile(must|does)notexist /a-one-byte-file [NC,L]

#
# block unwelcome HTTP request methods (Note that I don't usually allow "PUT" myself... )
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PUT)$ [OR]

# block by requested URL-path
RewriteCond %{REQUEST_URI} /(setup(\.php)?|canakkale\.mp3|prx2.php|function.session-start|function.mail)$ [NC,OR]

# block query string exploits
RewriteCond %{QUERY_STRING} \.\.\/ [OR]
RewriteCond %{QUERY_STRING} ([()<>[\]";?*]) [OR]
RewriteCond %{QUERY_STRING} \%(0[A-F]|2[27]|3[CE]|5C|7[BC]) [NC,OR]
RewriteCond %{QUERY_STRING} 127\.0\.[0-9]+\.[0-9]+ [OR]

# block unwelcome IP addresses
RewriteCond %{REMOTE_ADDR} ^63\.148\.99\.2(2[4-9]|[3-4][0-9]|5[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.196\.(12[8-9]|1[3-9][0-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^12\.148\.209\.(19[2-9]|2[0-4][0-9]|25[0-5])$ [OR]
RewriteCond %{REMOTE_ADDR} ^64\.140\.49\.6([6-9])$ [OR]
RewriteCond %{REMOTE_ADDR} ^222\.221\.12\.104$ [OR]
RewriteCond %{REMOTE_ADDR} ^64\.39\.104\.$[OR]
RewriteCond %{REMOTE_ADDR} ^217\.15\.120\.25$ [OR]
RewriteCond %{REMOTE_ADDR} ^64\.39\.104\.$ [OR]

# block referrer spam
RewriteCond %{HTTP_REFERER} iaea\.org|proxyfire|wantsfly [NC,OR]

# block bad user agents
RewriteCond %{HTTP_USER_AGENT} ^-?$|wish|Wizz|WordP|Works|world|WUMPUS|Wweb|WWWC|WWWOFFLE|WWW\-Collector|WWW.Mechanize|www.ranks.nl|wwwster|zmao [NC,OR]
RewriteCond %{HTTP_USER_AGENT} function|passthru|shell_exec|vayala|zeus [NC]
RewriteRule ^ - [F]

# externally redirect all requests to maintenance page (un-comment this rule during maintenance)
#RewriteCond %{REMOTE_ADDR} !=192.168.10.171
#RewriteRule !^sitedown\.php$ http://www.domain101.com/sitedown.php [R=302,L]

# externally redirect mobile user-agent requests for the main home page to mobile site
RewriteCond %{HTTP_USER_AGENT} android|avantgo|blackberry|blazer|kindle|psp|smartphone|symbian|treo|xiino [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(1207|6310|6590|3gso|oran|zte\-) [NC]
RewriteRule ^(index\.php)?$ http://www.domain101.com/mobile/ [R=303,L]

#
# externally redirect direct client requests for "index.php" to "/", preserving requested directory level
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]*/)*index\.php([?#][^\ ]*)?\ HTTP/
RewriteRule ^(([^/]*/)*)index\.php$ http://www.domain101.com/$1 [R=301,L]

#
# externally redirect requests for non-blank non-canonical hostnames to canonical hostname
RewriteCond %{HTTP_HOST} !^(www\.domain101.com)?$
RewriteRule ^(.*)$ http://www.domain101.com/$1 [R=301,L]
#
# -end-

jdMorgan

2:07 pm on Aug 2, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



All literal periods in regular-expressions patterns should be escaped. That is, 
 RewriteCond %{REQUEST_URI} /(setup(\.php)?|canakkale\.mp3|prx2.php|function.session-start|function.mail)$ [NC,OR]

should be 
 RewriteCond %{REQUEST_URI} /(setup(\.php)?|canakkale\.mp3|prx2\.php|function\.session-start|function\.mail)$ [NC,OR]

and 
 RewriteCond %{HTTP_HOST} !^(www\.domain101.com)?$

should be 
 RewriteCond %{HTTP_HOST} !^(www\.domain101\.com)?$


Jim
This 35 message thread spans 2 pages: 35
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 3:19 am May 2, 2026