forked from MightyGorgon/icy_phoenix
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
134 lines (111 loc) · 5.92 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#php_flag register_globals 0
#php_flag register_globals off
#php_flag magic_quotes_gpc on
#php_value memory_limit 16M
#Options +FollowSymlinks
# Disable the files listing feature
#Options All -Indexes
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
### MOD REWRITE ###
<IfModule mod_rewrite.c>
RewriteEngine On
#This may cause issues with subdirs and so it is not enabled by default.
#RewriteBase /
#Make sure the whole site goes to www.mysite.com instead of mysite.com. This is good for the search engines
#Edit and uncomment the below lines for your own site.
#Make sure to replace icyphoenix.com with your site address.
#RewriteCond %{HTTP_HOST} ^icyphoenix.com [NC]
#RewriteRule (.*) http://www.icyphoenix.com/$1 [R=301,L]
#Permanent redirection of a folder: example --> www.domain.com/old/ --> www.domain.com/new/
#RewriteRule old/(.*)$ new/$1 [R=301,L]
#Permanent redirection from WWW to domain name only: example --> www.domain.com --> domain.com
#RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
#RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
#Permanent redirection (the first line is the old domain, the second one is the new domain)
#RewriteCond %{HTTP_HOST} ^icyphoenix.com [NC]
#RewriteRule ^(.*)$ http://www.icyphoenix.com/$1 [R=301,L]
########## Rewrite rules to block out some common exploits - BEGIN
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]
# Various
RewriteCond %{REQUEST_URI} ^/(bin/|cgi/|cgi\-local/|cgi\-bin/|sumthin) [NC,OR]
RewriteCond %{THE_REQUEST} ^GET\ http [NC,OR]
RewriteCond %{REQUEST_METHOD}!^(GET|HEAD|POST) [NC,OR]
# You may want to enable these lines below to disallow php and perl scripts to access your site
#RewriteCond %{HTTP_USER_AGENT} ^.*PHP.*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^.*libwww-perl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww.* [NC]
# Send all blocked request to homepage with 403 Forbidden error!
# Please make sure the last "RewriteCond" doesn't end with [OR] otherwise "RewriteRule" will be forced!!!
RewriteRule !(errors\.php|robots\.txt) ./errors.php?code=403 [F,L]
# You may use any other of these RewriteRule if you wish...
# Used to send these bots to someplace else you can change the url to whatever you would like
#RewriteRule .* http://www.microsoft.com/ [F,R,L]
#RewriteRule /* http://www.geocities.com/WestHollywood/Heights/3204/1home.html [L,R]
# This could also be used to simply deny access to your site instead of the one above
#RewriteRule .* - [F,L]
#
########## Rewrite rules to block out some common exploits - END
########## URL Rewrite - BEGIN
RewriteRule ^.+-vf([0-9]*)-vt([0-9]*)-vp([0-9]*) ./viewtopic.php?f=$1&t=$2&p=$3&%{QUERY_STRING} [L]
RewriteRule ^.+-vf([0-9]*)-vt([0-9]*) ./viewtopic.php?f=$1&t=$2&%{QUERY_STRING} [L]
RewriteRule ^.+-vf([0-9]*)-vp([0-9]*) ./viewtopic.php?f=$1&p=$2&%{QUERY_STRING} [L]
RewriteRule ^.+-vc([0-9]*) ./forum.php?c=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-vf([0-9]*) ./viewforum.php?f=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-vt([0-9]*) ./viewtopic.php?t=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-vp([0-9]*) ./viewtopic.php?p=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-profile-u([0-9]*) ./profile.php?mode=viewprofile&u=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-ac([0-9]*) ./album_cat.php?cat_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-aspf([0-9]*) ./album_showpage.php?pic_id=$1&full=true&%{QUERY_STRING} [L]
RewriteRule ^.+-asp([0-9]*) ./album_showpage.php?pic_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-aper([0-9]*) ./album_personal.php?user_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-apic([0-9]*) ./album_pic.php?pic_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-apm([0-9]*) ./album_picm.php?pic_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-at([0-9]*) ./album_thumbnail.php?pic_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-dc([0-9]*) ./dload.php?action=category&cat_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-df([0-9]*) ./dload.php?action=file&file_id=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-kbc([0-9]*) ./kb.php?mode=cat&cat=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-kba([0-9]*) ./kb.php?mode=article&k=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-kbsmp ./kb.php?mode=stats&stats=mostpopular&%{QUERY_STRING} [L]
RewriteRule ^.+-kbstr ./kb.php?mode=stats&stats=toprated&%{QUERY_STRING} [L]
RewriteRule ^.+-kbsl ./kb.php?mode=stats&stats=latest&%{QUERY_STRING} [L]
RewriteRule ^.+-pbc([0-9]*) ./kb.php?mode=cat&cat=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-pa([0-9]*) ./kb.php?mode=article&k=$1&%{QUERY_STRING} [L]
RewriteRule ^.+-psmp ./kb.php?mode=stats&stats=mostpopular&%{QUERY_STRING} [L]
RewriteRule ^.+-pstr ./kb.php?mode=stats&stats=toprated&%{QUERY_STRING} [L]
RewriteRule ^.+-pbsl ./kb.php?mode=stats&stats=latest&%{QUERY_STRING} [L]
########## URL Rewrite - END
</IfModule>
##################################
# Errors Pages - BEGIN #
##################################
##################################
# Decomment these lines to enable error document management.
# You can add absolute path if you want always the correct path being parsed.
# Something like:
# ErrorDocument 400 http://www.icyphoenix.com/errors.php?code=400
##################################
ErrorDocument 400 /errors.php?code=400
ErrorDocument 401 /errors.php?code=401
ErrorDocument 403 /errors.php?code=403
ErrorDocument 404 /errors.php?code=404
ErrorDocument 500 /errors.php?code=500
##################################
# Errors Pages - END #
##################################