You need to enable JavaScript to run this app.

Skip to main content

Siber Güvenlik Forumu

Httacces Güvenliği

Httacces Güvenliği

Question #1
Codex
magAcalaVE
Avatar: Codex
Httacces Güvenliği
Kod:
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Options All -Indexes

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^Anasayfa$ index.php
RewriteRule ^sitemap.html$ sitemap.php
RewriteRule ^sitemap.xml$ sitemap.php


############SİTE BAKIM MODU URL###################
RewriteRule ^Gecici-olarak-hizmet-disi.*$  back/Kapali/index.php [L,QSA]
RewriteRule ^Uyeliginiz-Yasaklandi.*$      back/error/userbanned.php [L,QSA]




# Enable Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE font/woff
AddOutputFilterByType DEFLATE font/woff2
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE image/webp
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>

<IfModule mod_mime.c>
AddType font/opentype .otf
AddType application/font-woff .woff
AddType application/font-woff2 .woff2
AddType application/x-font-ttf .ttf
AddType application/vnd.ms-fontobject .eot
AddType image/svg+xml .svg
</IfModule>

<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include mime ^application/x-javascript/
mod_gzip_item_include mime ^text//
mod_gzip_item_exclude rspheader ^Content-Encoding:/gzip/
mod_gzip_item_exclude mime ^image//
mod_gzip_item_include handler ^cgi-script$
</ifModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType application/javascript "access plus 1 years"
ExpiresByType application/vnd.ms-fontobject "access plus 1 years"
ExpiresByType application/xhtml+xml "access plus 10 minutes"
ExpiresByType application/x-javascript "access plus 1 years"
ExpiresByType application/x-shockwave-flash "access plus 1 years"
ExpiresByType application/x-woff "access plus 1 years"
ExpiresByType application/x-woff2 "access plus 1 years"
ExpiresByType font/otf "access plus 1 years"
ExpiresByType font/ttf "access plus 1 years"
ExpiresByType image/gif "access plus 1 years"
ExpiresByType image/jpeg "access plus 1 years"
ExpiresByType image/png "access plus 1 years"
ExpiresByType image/webp "access plus 1 years"
ExpiresByType image/svg+xml "access plus 1 years"
ExpiresByType image/x-icon "access plus 1 years"
ExpiresByType text/css "access plus 1 years"
ExpiresByType text/html "access plus 10 minutes"
ExpiresByType text/javascript "access plus 1 years"
ExpiresByType video/x-flv "access plus 1 years"
</IfModule>


<IfModule mod_headers.c>
    Header set Cross-Origin-Embedder-Policy: cross-origin
    Header set Cross-Origin-Opener-Policy: cross-origin
    Header set Cross-Origin-Resource-Policy: cross-origin
    


    Header set X-XSS-Protection "1; mode=block"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-Content-Type-Options "nosniff"
    ### Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" preload
    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
    Header set Expect-CT enforce,max-age=2592000,report-uri="https://ajans.softyrapps.com/report"

    Header set Referrer-Policy "same-origin"

    Header always set Content-Security-Policy: "default-src 'none';"
    Header always set Content-Security-Policy: "script-src 'self' https://wa.me/ https://cdn.tiny.cloud/ https://www.google-analytics.com https://ajax.googleapis.com https://www.ajans.softyrapps.com/ https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://cdn.onesignal.com/sdks/ https://onesignal.com/sdks/;"
    Header always set Content-Security-Policy: "style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://wa.me/ https://cdn.tiny.cloud/ https://www.ajans.softyrapps.com https://ajans.softyrapps.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://www.google.com/recaptcha/ https://fonts.gstatic.com/ https://cdn.onesignal.com/sdks/ https://onesignal.com/sdks/;"
    Header always set Permissions-Policy: fullscreen=(self "https://ajans.softyrapps.com"),geolocation=*, camera=()




    <FilesMatch "\\.(ico|jpeg|jpg|png|gif|swf)$">
        Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
    <FilesMatch "\\.(css)$">
        Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
    <FilesMatch "\\.(js)$">
        Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
    <FilesMatch "\.(ttf|otf|eot|woff|woff2|svg)$">
        Header set Cache-Control "max-age=31536000, public"
    </FilesMatch>
    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
    RewriteCond "%{REQUEST_FILENAME}\.gz" -s
    RewriteRule "^(/)\.css" "$1\.css\.gz" [QSA]

    RewriteCond "%{HTTP:Accept-encoding}" "gzip"
    RewriteCond "%{REQUEST_FILENAME}\.gz" -s
    RewriteRule "^(/)\.js" "$1\.js\.gz" [QSA]

    RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
    RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]
</IfModule>

# MIME TYPES
<IfModule mod_mime.c>
    
    # DEFAULTS
    DefaultLanguage tr
    AddLanguage tr-TR .html .css .js
    AddCharset utf-8 .html .css .js .xml .json .rss .atom
    
    # JAVASCRIPT
    AddType application/javascript js jsonp
    AddType application/json json
    
    # FONTS
    AddType font/opentype otf
    AddType application/font-woff woff
    AddType application/x-font-woff woff
    AddType application/vnd.ms-fontobject eot
    AddType application/x-font-ttf ttc ttf
    AddType image/svg+xml svg svgz
    AddEncoding gzip svgz
    
    # AUDIO
    AddType audio/mp4 m4a f4a f4b
    AddType audio/ogg oga ogg
    
    # VIDEO
    AddType video/mp4 mp4 m4v f4v f4p
    AddType video/ogg ogv
    AddType video/webm webm
    AddType video/x-flv flv
    
    # OTHERS
    AddType application/octet-stream safariextz
    AddType application/x-chrome-extension crx
    AddType application/x-opera-extension oex
    AddType application/x-shockwave-flash swf
    AddType application/x-web-app-manifest+json webapp
    AddType application/x-xpinstall xpi
    AddType application/xml atom rdf rss xml
    AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx
    AddType text/cache-manifest appcache manifest
    AddType text/vtt vtt
    AddType text/x-component htc
    AddType text/x-vcard vcf
    AddType image/webp webp
    AddType image/x-icon ico
    
</IfModule>
#hata sayfalarını sabitlemek
    ErrorDocument 404 /back/error/404.php
    ErrorDocument 403 /back/error/403.php
    ErrorDocument 500 /back/error/500.php


#Php Shell engellemek
RewriteCond %{REQUEST_URI} /((php|my)?shell|remview/|phpremoteview/|sshphp/|pcom|nstview/|c99|r57|webadmin/|phpget/|phpwriter/|fileditor/|locus7/|storm7/)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR] RewriteCond %{REQUEST_METHOD} (GET|POST) [NC] RewriteCond %{QUERY_STRING} ^(/)=/home(.+)?/loginftp/(/)$ [OR] RewriteCond %{QUERY_STRING} ^work_dir=/$ [OR] RewriteCond %{QUERY_STRING} ^command=/&output/$ [OR] RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=/$ [OR] RewriteCond %{QUERY_STRING} ^(/)cmd=/$ [OR] ## BU KURALA DIKKAT EDIN SITENIZIN CALISMASINI ENGELLEYEBILIR##
RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR] RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload/)|((chmod|f)&f=/))$ [OR] RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=/$ [OR] RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack)/$ [OR] RewriteCond %{QUERY_STRING} ^(/)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|tar|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR] RewriteCond %{QUERY_STRING} ^(/)(wget|shell_exec|passthru|system|exec|popen|proc_open)(/)$


#Zararlı örümcekleri engellemek
RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR] RewriteCond %{HTTP_USER_AGENT} ^[bcdfghjklmnpqrstvwxz\ ]{8,}|^[0-9a-z]{15,}|^[0-9A-Za-z]{19,} [OR] RewriteCond %{HTTP_USER_AGENT} Extractor|almaden|anonymous|autoemailspider|blogsearchbot-martin|CherryPicker|Digger|DirectUpdate|Download\ Accelerator|echo\ extense|Collector|EmailWolf|flashget|frontpage|Go!Zilla|grub\ crawler|HTTPConnect|httplib|HttpProxy|HTTP\ agent|HTTrack|Indy\ Library|Jakarta\ Commons|libWeb|libwww|Microsoft\ Data|Microsoft\ URL|MJ12bot|Movable\ Type|NICErsPRO|NutchCVS|Nutscrape/|OmniExplorer|psycheclone|PussyCat|PycURL|python|QuepasaCreep|SiteMapper|Download|sucker|SurveyBot|Teleport\ Pro|Telesoft|TrackBack|Turing|TurnitinBot|vobsub|webbandit|WebCapture|webcollage|WebCopier|WebDAV|WebEmailExtractor|WebReaper|WEBsaver|WebStripper|WebZIP|widows|Wysigot|Zeus|Zeus/Webster [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^

#zararlı örümceklerin ulasacağı dosyalar
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteCond %{REQUEST_URI} !^/sitemap.xml

 
#SQL injection engellemek
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] RewriteCond %{HTTP_REFERER} ^(/)(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{REQUEST_URI} ^/(,|;|<|>|/{2,999})/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget)/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^/(winhttp|HTTrack|clshttp|archiver|loader|email| harvest|extract|grab|miner)/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^/(libwww|curl|wget|python|scan)/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^/(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{HTTP_COOKIE} ^/(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{QUERY_STRING} ^/(localhost|loopback|127\\.0\\.0\\.1)/ [NC,OR] RewriteCond %{QUERY_STRING} ^/(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{QUERY_STRING} [^a-z](|order|union|declare|char|set|cast|convert|delete |drop|exec|insert|met*|script|select|truncate|upda te)[^a-z] [NC] RewriteRule (/) - [F]

#sunucu imzası kaldır
ServerSignature Off


#htaccess erişim engelleme
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
Son Düzenleme: 09-30-2023, 14:48, Düzenleyen: Codex.
Cevapla

Httacces Güvenliği

İçerik sağlayıcı paylaşım sitesi olarak hizmet veren Siber Güvenlik Forumu sitemizde 5651 sayılı kanunun 8. maddesine ve T.C.K'nın 125. maddesine göre tüm üyelerimiz yaptıkları paylaşımlardan kendileri sorumludur. Sitemiz hakkında yapılacak tüm hukuksal şikayetleri İletişim bağlantısından bize ulaşıldıktan en geç 3 (üç) gün içerisinde ilgili kanunlar ve yönetmenlikler çerçevesinde tarafımızca incelenerek, gereken işlemler yapılacak ve site yöneticilerimiz tarafından bilgi verilecektir.