Lê Hoài Thương
Tích Cực
.htaccess là file quan trọng trong web server sử dụng Apache hoặc Litespeed . File này được máy chủ chấp nhận như là một thành phần và cho phép chúng ta thực hiện điều hướng và bật các tính năng một cách linh hoạt hoặc bảo vệ một phần nào đó của website.
Cấu hình chuẩn .htaccess giúp website của bạn được bảo mật hơn và giúp website bạn tăng tốc hơn.
.htaccess thường nằm ở thư mục gốc public_html , tuy nhiên một số panel web sẽ ẩn file .htaccess bạn nên bật chúng lên để có thể xem và chỉnh sửa được file .htaccess
Đây là bài viết tổng hợp các đoạn code để tối ưu website cũng như nâng cao bảo mật với file .htaccess khi bạn sử dụng mã nguồn mở WordPress
Bạn có xem sau đó mở file .htaccess lên và dán code vào sau đó tùy chỉnh lại url nếu có và save để áp dụng cho website của mình.
Đây là .htaccess mặc định của WordPress , nếu website bạn bị sự cố thì nên xóa hết toàn bộ nội dung bên trong file .htaccess và để lại đoạn code mặc định của WordPress và bắt đầu tìm nguyên nhân.
# BEGIN WordPress RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
Chuyển hướng sang 1 domain cố định giúp tối ưu SEO , tránh trùng lặp nội dung giữa non-www và www
# 301 www to non-www for SEO RewriteEngine On RewriteCond %{HTTP_HOST} ^www.vutruso\.com [NC] RewriteRule ^(.*)$ https://vutruso.com/$1 [L,R=301]
Chuyển hướng sang 1 domain cố định giúp tối ưu SEO , tránh trùng lặp nội dung giữa non-www và www – Bạn nên xác định website của mình sử dụng www hay non-www để tránh xảy ra sự cố.
RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301,NC]
Luôn sử dụng https để đảm bảo an toàn cho website , đoạn code phía dưới giúp chuyển hướng tự động http sang https
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Bạn có thể chặn bất cứ IP nào bạn thấy độc hại thông qua file .htaccess
Deny from 94.66.58.135
Bạn phải tạo file .htaccess trong /wp-includes/ và /wp-content/uploads/
<Files *.php>deny from all</Files>
Không có Referer thì chặn, không cho gửi bình luận
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC] RewriteCond %{HTTP_REFERER} ^-?$ RewriteRule .? - [F,NS,L]
Không có UserAgent thì chặn không cho đăng bất cứ nội dung gì trên site.
RewriteCond %{REQUEST_METHOD} =POST RewriteCond %{HTTP_USER_AGENT} ^-?$ RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] RewriteRule .? - [F,NS,L]
Chỉ cho phép các phương thức GET|HEAD|POST|PROPFIND|OPTIONS|PUT
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC] RewriteRule .? - [F,NS,L]
Các truy cập ẩn danh qua proxy đều được phép nhưng không được phép đăng nhập vào website.
RewriteCond %{REQUEST_METHOD} =POST RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP
ROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$ RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] RewriteRule .? - [F,NS,L]
Khi bạn đang code hoặc phát triển thêm tính năng cho website thì nên tắt cache để việc code , debug được chính xác hơn.
# disable file-caching during site maintenance (temporary) <FilesMatch "\.(css|flv|gif|htm|html|ico|jpe|jpeg|jpg|js|png|pdf|swf|txt)$"> <IfModule mod_expires.c> ExpiresActive Off </IfModule> <IfModule mod_headers.c> FileETag None Header unset ETag Header unset Pragma Header unset Cache-Control Header unset Last-Modified Header set Pragma "no-cache" Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Expires "Mon, 10 Apr 1972 00:00:00 GMT" </IfModule> </FilesMatch>
Không cache cho các file tĩnh
# disable caching for scripts and dynamic files <FilesMatch "\.(cgi|fcgi|php|pl|scgi|spl)$"> <IfModule mod_expires.c> ExpiresActive Off </IfModule> <IfModule mod_headers.c> FileETag None Header unset ETag Header unset Pragma Header unset Cache-Control Header unset Last-Modified Header set Pragma "no-cache" Header set Cache-Control "private, \ no-cache, no-store, proxy-revalidate, no-transform" </IfModule> </FilesMatch>
Cleaning up malicious links trên Google search với query
<IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} (apples|oranges|bananas) [NC] RewriteRule .* http://example.com/$1? [R=301,L] </IfModule>
Nén tối ưu và đặt thời gian hết hạn cho các tệp tin để tăng tốc website và pass qua công cụ check điểm số Google pagespeed
# Serve resources with far-future expires headers. # # (!) If you don't control versioning with filename-based # cache busting, you should consider lowering the cache times # to something like one week. # # https://httpd.apache.org/docs/current/mod/mod_expires.html <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 month" # CSS ExpiresByType text/css "access plus 1 year" # Data interchange ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/ld+json "access plus 0 seconds" ExpiresByType application/schema+json "access plus 0 seconds" ExpiresByType application/vnd.geo+json "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" # Favicon ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML ExpiresByType text/html "access plus 0 seconds" # JavaScript ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" # Manifest files ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" # Media files ExpiresByType audio/ogg "access plus 1 year" ExpiresByType image/bmp "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType video/mp4 "access plus 1 year" ExpiresByType video/ogg "access plus 1 year" ExpiresByType video/webm "access plus 1 year" # Web fonts # Embedded OpenType (EOT) ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType font/eot "access plus 1 year" # OpenType ExpiresByType font/opentype "access plus 1 year" # TrueType ExpiresByType application/x-font-ttf "access plus 1 year" # Web Open Font Format (WOFF) 1.0 ExpiresByType application/font-woff "access plus 1 year" ExpiresByType application/x-font-woff "access plus 1 year" ExpiresByType font/woff "access plus 1 year" # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 year" # Other ExpiresByType text/x-cross-domain-policy "access plus 1 week" </IfModule> <IfModule mod_deflate.c> # Insert filters / compress text, html, javascript, css, xml: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/vtt AddOutputFilterByType DEFLATE text/x-component AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/js AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php AddOutputFilterByType DEFLATE application/x-httpd-fastphp AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/ld+json AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/font-woff2 AddOutputFilterByType DEFLATE application/x-font-woff AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff AddOutputFilterByType DEFLATE font/woff AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon # Exception: Images SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary # Drop problematic browsers BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </IfModule> #Alternative caching using Apache's "mod_headers", if it's installed. #Caching of common files - ENABLED <IfModule mod_headers.c> <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$"> Header set Cache-Control "max-age=31536000, public" </FilesMatch> </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary Accept-Encoding </FilesMatch> </IfModule> # Set Keep Alive Header <IfModule mod_headers.c> Header set Connection keep-alive </IfModule> # If your server don't support ETags deactivate with "None" (and remove header) <IfModule mod_expires.c> <IfModule mod_headers.c> Header unset ETag </IfModule> FileETag None </IfModule> <IfModule mod_headers.c> <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule>
Tường lửa 7G do perishablepress phát triển
# 7G FIREWALL v1.4 20210821 # @ 7G Firewall | Perishable Press # 7G:[CORE] ServerSignature Off Options -Indexes RewriteEngine On RewriteBase / # 7G:[QUERY STRING] <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)|%3a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} (order(\s|%20)by(\s|%20)1--) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{QUERY_STRING} (ckfinder|fck|fckeditor|fullclick) [NC,OR] RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR] RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR] RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR] RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR] RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR] RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|\[|%[0-9A-Z]{0,2}) [NC,OR] RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|\[|%[0-9A-Z]{2,}) [NC,OR] RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)|%3a)(.*)(;|%3b|\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update) [NC,OR] RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR] RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3] </IfModule> # 7G:[REQUEST URI] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR] RewriteCond %{REQUEST_URI} (\^|`|<|>|%|\\|\{|\}|\|) [NC,OR] RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR] RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (/)(ckfinder|fck|fckeditor|fullclick) [NC,OR] RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR] RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR] RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR] RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR] RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR] RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/):[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR] RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR] RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR] RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-my-admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(7z|ab4|ace|afm|ashx|aspx?|bash|ba?k?|bin|bz2|cfg|cfml?|cgi|conf\b|config|ctl|dat|db|dist|dll|eml|engine|env|et2|exe|fec|fla|git|gz|hg|inc|ini|inv|jsp|log|lqd|make|mbf|mdb|mmw|mny|module|old|one|orig|out|passwd|pdb|phtml|pl|profile|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|save|sdb|sql|sh|soa|svn|swf|swl|swo|swp|stx|tar|tax|tgz|theme|tls|tmd|wow|xtmpl|ya?ml|zlib)$ [NC,OR] RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3index|3xp|70bex?|admin_events|bkht|(php|web)?shell|c99|config(\.)?bak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|libsoft|marg|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3] </IfModule> # 7G:[USER AGENT] <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1] </IfModule> # 7G:[REMOTE HOST] <IfModule mod_rewrite.c> RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1] </IfModule> # 7G:[HTTP REFERRER] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR] RewriteCond %{HTTP_REFERER} (order(\s|%20)by(\s|%20)1--) [NC,OR] RewriteCond %{HTTP_REFERER} (blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1] </IfModule> # 7G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1] </IfModule>
Nếu bạn cần hỗ trợ về các vấn đề website như tăng tốc website , bảo mật website , thiết kế website vui lòng liên hệ với chúng tôi theo thông tin.
Xem tiếp...
Cấu hình chuẩn .htaccess giúp website của bạn được bảo mật hơn và giúp website bạn tăng tốc hơn.
.htaccess thường nằm ở thư mục gốc public_html , tuy nhiên một số panel web sẽ ẩn file .htaccess bạn nên bật chúng lên để có thể xem và chỉnh sửa được file .htaccess
Đây là bài viết tổng hợp các đoạn code để tối ưu website cũng như nâng cao bảo mật với file .htaccess khi bạn sử dụng mã nguồn mở WordPress
Bạn có xem sau đó mở file .htaccess lên và dán code vào sau đó tùy chỉnh lại url nếu có và save để áp dụng cho website của mình.
.htaccess mặc định của WordPress
Đây là .htaccess mặc định của WordPress , nếu website bạn bị sự cố thì nên xóa hết toàn bộ nội dung bên trong file .htaccess và để lại đoạn code mặc định của WordPress và bắt đầu tìm nguyên nhân.
# BEGIN WordPress RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] # END WordPress
Chuyển hướng www sang non-www
Chuyển hướng sang 1 domain cố định giúp tối ưu SEO , tránh trùng lặp nội dung giữa non-www và www
# 301 www to non-www for SEO RewriteEngine On RewriteCond %{HTTP_HOST} ^www.vutruso\.com [NC] RewriteRule ^(.*)$ https://vutruso.com/$1 [L,R=301]
Chuyển hướng non-www sang www
Chuyển hướng sang 1 domain cố định giúp tối ưu SEO , tránh trùng lặp nội dung giữa non-www và www – Bạn nên xác định website của mình sử dụng www hay non-www để tránh xảy ra sự cố.
RewriteEngine on RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301,NC]
Bắt buộc sử dụng https
Luôn sử dụng https để đảm bảo an toàn cho website , đoạn code phía dưới giúp chuyển hướng tự động http sang https
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Block địa chỉ IP
Bạn có thể chặn bất cứ IP nào bạn thấy độc hại thông qua file .htaccess
Deny from 94.66.58.135
Bảo vệ Plugin và Theme
RewriteCond %{REQUEST_URI} !^/wp-content/plugins/file/to/exclude\.php RewriteCond %{REQUEST_URI} !^/wp-content/plugins/directory/to/exclude/ RewriteRule wp-content/plugins/(.*\.php)$ - [R=404,L] RewriteCond %{REQUEST_URI} !^/wp-content/themes/file/to/exclude\.php RewriteCond %{REQUEST_URI} !^/wp-content/themes/directory/to/exclude/ RewriteRule wp-content/themes/(.*\.php)$ - [R=404,L]Bảo vệ wp-content và 1 số file quan trọng
# No access to the install.php <files install.php> Order allow,deny Deny from all </files> # No access to the wp-config.php <files wp-config.php> Order allow,deny Deny from all </files> # No access to the readme.html <files readme.html> Order Allow,Deny Deny from all Satisfy all </Files> # No access to the .html <Files liesmich.html> Order Allow,Deny Deny from all Satisfy all </Files> # No error log access <files error_log> Order allow,deny Deny from all </files> #No access to the .htaccess or .htpasswd <FilesMatch "(\.htaccess|\.htpasswd)"> Order deny,allow Deny from all </FilesMatch> # Block access to includes folder <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule>Bảo vệ WP Core
<IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ - [F,L] RewriteRule !^wp-includes/ - [S=3] RewriteRule ^wp-includes/[^/]+\.php$ - [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L] RewriteRule ^wp-includes/theme-compat/ - [F,L] </IfModule>HTTP-Security-Header
### @see https://scotthelme.co.uk/hardening-your-http-response-headers ## X-FRAME-OPTIONS-Header <IfModule mod_headers.c> Header set X-Frame-Options "sameorigin" </IfModule> ## Strict Origin when cross origin Header #@see https://scotthelme.co.uk/a-new-security-header-referrer-policy/ <IfModule mod_headers.c> Header set Referrer-Policy "strict-origin-when-cross-origin" </IfModule> ## X-XSS-PROTECTION-Header <IfModule mod_headers.c> Header set X-XSS-Protection "1; mode=block" </IfModule> ## X-Content-Type-Options-Header <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" </IfModule> ## Strict-Transport-Security-Header - HTTPS <IfModule mod_headers.c> Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" </IfModule>Chặn php thực thi trong /wp-includes/ và /wp-content/uploads/
Bạn phải tạo file .htaccess trong /wp-includes/ và /wp-content/uploads/
<Files *.php>deny from all</Files>
Tắt Tắt duyệt thư mục trên trình duyệt (Disable Directory Browsing)
Options All -Indexes
Customize Error Messages
ErrorDocument 403 /forbidden.html ErrorDocument 404 /notfound.html ErrorDocument 500 /servererror.htmlTắt chữ ký Server
ServerSignature OffChuyển hướng 301 bài viết A sang bài viết B
Redirect 301 /bai-viet-a/ https://vutruso.com/bai-viet-b/Chuyển hướng 301 toàn bộ đường dẫn sang link X
RedirectMatch 301 /blog(.*) https://vutruso.com/$1Bảo vệ file php.cgi
<FilesMatch "^php5?\.(ini|cgi)$"> Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS </FilesMatch>Không có Referer thì chặn, không cho gửi bình luận
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*/wp-comments-post\.php.*\ HTTP/ [NC] RewriteCond %{HTTP_REFERER} ^-?$ RewriteRule .? - [F,NS,L]
No UserAgent, Not POST
Không có UserAgent thì chặn không cho đăng bất cứ nội dung gì trên site.
RewriteCond %{REQUEST_METHOD} =POST RewriteCond %{HTTP_USER_AGENT} ^-?$ RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] RewriteRule .? - [F,NS,L]
Safe Request Methods
Chỉ cho phép các phương thức GET|HEAD|POST|PROPFIND|OPTIONS|PUT
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC] RewriteRule .? - [F,NS,L]
Chặn proxy đăng nhập (Đọc bài được)
Các truy cập ẩn danh qua proxy đều được phép nhưng không được phép đăng nhập vào website.
RewriteCond %{REQUEST_METHOD} =POST RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP
ROXY_CONNECTION} !^$ [OR] RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$ RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] RewriteRule .? - [F,NS,L]Stop Hotlinking
RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC] RewriteCond %{HTTP_REFERER} !^https://www.vutruso.com.*$ [NC] RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L]Tắt cache khi đang code hoặc phát triển site
Khi bạn đang code hoặc phát triển thêm tính năng cho website thì nên tắt cache để việc code , debug được chính xác hơn.
# disable file-caching during site maintenance (temporary) <FilesMatch "\.(css|flv|gif|htm|html|ico|jpe|jpeg|jpg|js|png|pdf|swf|txt)$"> <IfModule mod_expires.c> ExpiresActive Off </IfModule> <IfModule mod_headers.c> FileETag None Header unset ETag Header unset Pragma Header unset Cache-Control Header unset Last-Modified Header set Pragma "no-cache" Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Expires "Mon, 10 Apr 1972 00:00:00 GMT" </IfModule> </FilesMatch>
Disable caching for scripts and other dynamic files
Không cache cho các file tĩnh
# disable caching for scripts and dynamic files <FilesMatch "\.(cgi|fcgi|php|pl|scgi|spl)$"> <IfModule mod_expires.c> ExpiresActive Off </IfModule> <IfModule mod_headers.c> FileETag None Header unset ETag Header unset Pragma Header unset Cache-Control Header unset Last-Modified Header set Pragma "no-cache" Header set Cache-Control "private, \ no-cache, no-store, proxy-revalidate, no-transform" </IfModule> </FilesMatch>
Additional file-types for mod_expires
ExpiresByType image/x-ico "access plus 1 month" ExpiresByType image/x-icon "access plus 1 month" ExpiresByType image/gif "access plus 1 month" ExpiresByType image/png "access plus 1 month" ExpiresByType image/jpe "access plus 1 month" ExpiresByType image/jpg "access plus 1 month" ExpiresByType image/jpeg "access plus 1 month" ExpiresByType video/ogg "access plus 1 month" ExpiresByType audio/ogg "access plus 1 month" ExpiresByType video/mp4 "access plus 1 month" ExpiresByType video/webm "access plus 1 month" ExpiresByType font/truetype "access plus 1 month" ExpiresByType font/opentype "access plus 1 month" ExpiresByType application/x-font-woff "access plus 1 month" ExpiresByType image/svg+xml "access plus 1 month" ExpiresByType application/pdf "access plus 1 month" ExpiresByType application/vnd.ms-fontobject "access plus 1 month"Cleaning up malicious links trên Google search với query
<IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} (apples|oranges|bananas) [NC] RewriteRule .* http://example.com/$1? [R=301,L] </IfModule>
Nén và tối ưu expires headers
Nén tối ưu và đặt thời gian hết hạn cho các tệp tin để tăng tốc website và pass qua công cụ check điểm số Google pagespeed
# Serve resources with far-future expires headers. # # (!) If you don't control versioning with filename-based # cache busting, you should consider lowering the cache times # to something like one week. # # https://httpd.apache.org/docs/current/mod/mod_expires.html <IfModule mod_expires.c> ExpiresActive on ExpiresDefault "access plus 1 month" # CSS ExpiresByType text/css "access plus 1 year" # Data interchange ExpiresByType application/atom+xml "access plus 1 hour" ExpiresByType application/rdf+xml "access plus 1 hour" ExpiresByType application/rss+xml "access plus 1 hour" ExpiresByType application/json "access plus 0 seconds" ExpiresByType application/ld+json "access plus 0 seconds" ExpiresByType application/schema+json "access plus 0 seconds" ExpiresByType application/vnd.geo+json "access plus 0 seconds" ExpiresByType application/xml "access plus 0 seconds" ExpiresByType text/xml "access plus 0 seconds" # Favicon ExpiresByType image/vnd.microsoft.icon "access plus 1 week" ExpiresByType image/x-icon "access plus 1 week" # HTML ExpiresByType text/html "access plus 0 seconds" # JavaScript ExpiresByType application/javascript "access plus 1 year" ExpiresByType application/x-javascript "access plus 1 year" ExpiresByType text/javascript "access plus 1 year" # Manifest files ExpiresByType application/manifest+json "access plus 1 week" ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" ExpiresByType text/cache-manifest "access plus 0 seconds" # Media files ExpiresByType audio/ogg "access plus 1 year" ExpiresByType image/bmp "access plus 1 year" ExpiresByType image/gif "access plus 1 year" ExpiresByType image/jpeg "access plus 1 year" ExpiresByType image/png "access plus 1 year" ExpiresByType image/svg+xml "access plus 1 year" ExpiresByType image/webp "access plus 1 year" ExpiresByType video/mp4 "access plus 1 year" ExpiresByType video/ogg "access plus 1 year" ExpiresByType video/webm "access plus 1 year" # Web fonts # Embedded OpenType (EOT) ExpiresByType application/vnd.ms-fontobject "access plus 1 year" ExpiresByType font/eot "access plus 1 year" # OpenType ExpiresByType font/opentype "access plus 1 year" # TrueType ExpiresByType application/x-font-ttf "access plus 1 year" # Web Open Font Format (WOFF) 1.0 ExpiresByType application/font-woff "access plus 1 year" ExpiresByType application/x-font-woff "access plus 1 year" ExpiresByType font/woff "access plus 1 year" # Web Open Font Format (WOFF) 2.0 ExpiresByType application/font-woff2 "access plus 1 year" # Other ExpiresByType text/x-cross-domain-policy "access plus 1 week" </IfModule> <IfModule mod_deflate.c> # Insert filters / compress text, html, javascript, css, xml: AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/vtt AddOutputFilterByType DEFLATE text/x-component AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/js AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript AddOutputFilterByType DEFLATE application/x-httpd-php AddOutputFilterByType DEFLATE application/x-httpd-fastphp AddOutputFilterByType DEFLATE application/atom+xml AddOutputFilterByType DEFLATE application/json AddOutputFilterByType DEFLATE application/ld+json AddOutputFilterByType DEFLATE application/vnd.ms-fontobject AddOutputFilterByType DEFLATE application/x-font-ttf AddOutputFilterByType DEFLATE application/font-woff2 AddOutputFilterByType DEFLATE application/x-font-woff AddOutputFilterByType DEFLATE application/x-web-app-manifest+json font/woff AddOutputFilterByType DEFLATE font/woff AddOutputFilterByType DEFLATE font/opentype AddOutputFilterByType DEFLATE image/svg+xml AddOutputFilterByType DEFLATE image/x-icon # Exception: Images SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip dont-vary # Drop problematic browsers BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html # Make sure proxies don't deliver the wrong content Header append Vary User-Agent env=!dont-vary </IfModule> #Alternative caching using Apache's "mod_headers", if it's installed. #Caching of common files - ENABLED <IfModule mod_headers.c> <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt|woff2|woff)$"> Header set Cache-Control "max-age=31536000, public" </FilesMatch> </IfModule> <IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary Accept-Encoding </FilesMatch> </IfModule> # Set Keep Alive Header <IfModule mod_headers.c> Header set Connection keep-alive </IfModule> # If your server don't support ETags deactivate with "None" (and remove header) <IfModule mod_expires.c> <IfModule mod_headers.c> Header unset ETag </IfModule> FileETag None </IfModule> <IfModule mod_headers.c> <FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule>
7G FIREWALL by perishablepress
Tường lửa 7G do perishablepress phát triển
# 7G FIREWALL v1.4 20210821 # @ 7G Firewall | Perishable Press # 7G:[CORE] ServerSignature Off Options -Indexes RewriteEngine On RewriteBase / # 7G:[QUERY STRING] <IfModule mod_rewrite.c> RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)
|%3a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} (order(\s|%20)by(\s|%20)1--) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR] RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{QUERY_STRING} (ckfinder|fck|fckeditor|fullclick) [NC,OR] RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR] RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR] RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR] RewriteCond %{QUERY_STRING} (localhost|loopback|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR] RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR] RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR] RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR] RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR] RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR] RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|\[|%[0-9A-Z]{0,2}) [NC,OR] RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|\[|%[0-9A-Z]{2,}) [NC,OR] RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)|%3a)(.*)(;|%3b|\)|%29) [NC,OR] RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curl(_exec|test)|disable_functions?|document_root|elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|null|open_basedir|outfile|passthru|phpinfo|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|user_func_array|wget|xertive) [NC,OR] RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|request|script|select|set|union|update) [NC,OR] RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR] RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR] RewriteCond %{QUERY_STRING} (concat)(.*)(\(|%28) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_QUERY_STRING:%1___%2___%3] </IfModule> # 7G:[REQUEST URI] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR] RewriteCond %{REQUEST_URI} (\^|`|<|>|%|\\|\{|\}|\|) [NC,OR] RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR] RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (/)(ckfinder|fck|fckeditor|fullclick) [NC,OR] RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR] RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR] RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(\.php) [NC,OR] RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR] RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR] RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR] RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR] RewriteCond %{REQUEST_URI} (/):[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR] RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cAsT\(0x|echo(.*)kae|etc/passwd|eval\(|self/environ|\+union\+all\+select) [NC,OR] RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR] RewriteCond %{REQUEST_URI} (/)((php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|\() [NC,OR] RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-my-admin(.*)|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR] RewriteCond %{REQUEST_URI} (\.)(7z|ab4|ace|afm|ashx|aspx?|bash|ba?k?|bin|bz2|cfg|cfml?|cgi|conf\b|config|ctl|dat|db|dist|dll|eml|engine|env|et2|exe|fec|fla|git|gz|hg|inc|ini|inv|jsp|log|lqd|make|mbf|mdb|mmw|mny|module|old|one|orig|out|passwd|pdb|phtml|pl|profile|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|save|sdb|sql|sh|soa|svn|swf|swl|swo|swp|stx|tar|tax|tgz|theme|tls|tmd|wow|xtmpl|ya?ml|zlib)$ [NC,OR] RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\()(.*)(\)) [NC,OR] RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3index|3xp|70bex?|admin_events|bkht|(php|web)?shell|c99|config(\.)?bak|curltest|db|dompdf|filenetworks|hmei7|index\.php/index\.php/index|jahat|kcrew|keywordspy|libsoft|marg|mobiquo|mysql|nessus|php-?info|racrew|sql|vuln|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(\.php) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_URI:%1___%2___%3] </IfModule> # 7G:[USER AGENT] <IfModule mod_rewrite.c> RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (ahrefs|alexibot|majestic|mj12bot|rogerbot) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (econtext|eolasbot|eventures|liebaofast|nominet|oppo\sa33) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\\\x22) [NC,OR] RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|masscan|miner|mechanize|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|scooter|seekerspider|semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_USER_AGENT:%1] </IfModule> # 7G:[REMOTE HOST] <IfModule mod_rewrite.c> RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REMOTE_HOST:%1] </IfModule> # 7G:[HTTP REFERRER] <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR] RewriteCond %{HTTP_REFERER} (order(\s|%20)by(\s|%20)1--) [NC,OR] RewriteCond %{HTTP_REFERER} (blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_HTTP_REFERRER:%1] </IfModule> # 7G:[REQUEST METHOD] <IfModule mod_rewrite.c> RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC] RewriteRule .* - [F,L] # RewriteRule .* /7G_log.php?log [END,NE,E=7G_REQUEST_METHOD:%1] </IfModule> Nếu bạn cần hỗ trợ về các vấn đề website như tăng tốc website , bảo mật website , thiết kế website vui lòng liên hệ với chúng tôi theo thông tin.
Xem tiếp...