Защита сайта от нежелательных запросов и ботов при помощи htaccess

Опубликован в блоги: .htaccess, Защита сайта, Веб-мастеру
Данный код необходимо вставить в файл htaccess.

<IfModule mod_rewrite.c>
#Block UserAgents and requests
  RewriteEngine on  
  RewriteCond %{HTTP_REFERER} ^-?$ [NC]
  RewriteCond %{HTTP_USER_AGENT} ^-?$ [NC]
  RewriteRule .* - [F,L]
  
# Block out some common exploits
  RewriteEngine on
  RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
  RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
  RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
  RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
  RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
  RewriteRule ^(.*)$ index.php [F,L]

# Denies any badly formed HTTP PROTOCOL
  RewriteEngine on
  RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ .+\ HTTP/(0\.9|1\.0|1\.1) [NC]
  RewriteRule .* - [F,NS,L]

# Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD
  RewriteEngine on
  RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]
  RewriteRule .* - [F,NS,L]

# Anti XSS 
  RewriteEngine on
  RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]  
  RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]  
  RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
  RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
  RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})  
  RewriteRule ^(.*)$ index_error.php [F,L]  
  RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)  
  RewriteRule .* - [F]

# Extra anti URI and XSS 
  RewriteEngine on
  RewriteCond %{QUERY_STRING} ("|%22).*(>|%3E|<|%3C).* [NC]  
  RewriteRule ^(.*)$ log.php [NC]
  RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC]
  RewriteRule ^(.*)$ log.php [NC]  
  RewriteCond %{QUERY_STRING} (javascript:).*(;).* [NC]  
  RewriteRule ^(.*)$ log.php [NC]  
  RewriteCond %{QUERY_STRING} (;|'|"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if).* [NC]
  RewriteRule ^(.*)$ log.php [NC]
  RewriteRule (,|;|<|>|'|`) /log.php [NC]

# Block a _REQUEST variable via URL
  RewriteEngine on
  RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})

# Block shell usage
  RewriteEngine on
  RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
  RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
  RewriteCond %{QUERY_STRING} ^(.*)=(/|%2F)(h|%68|%48)(o|%6F|%4F)(m|%6D|%4D)(e|%65|%45)(.+)?(/|%2F)(.*)(/|%2F)(.*)$ [OR]
  RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
  RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
  RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
  RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
  RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
  RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
  RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
  RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|uname|unzip|gzip|gunzip|grep|more|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
  RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
  RewriteRule .* - [F]
</IfModule>


Обращаем ваше внимание, что это не панацея от взлома, но весьма осложнит выполнение вредоностных запросов.

0 комментариев

Только зарегистрированные и авторизованные пользователи могут оставлять комментарии.