Httacces Güvenliği - Baskı Önizleme

Options +FollowSymLinks

RewriteEngine on

RewriteCond %{HTTPS} off



RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]



Options All -Indexes 



RewriteCond %{REQUEST_FILENAME} !-f



RewriteCond %{REQUEST_FILENAME} !-d

 

RewriteRule ^Anasayfa$ index.php

RewriteRule ^sitemap.html$ sitemap.php

RewriteRule ^sitemap.xml$ sitemap.php





############SİTE BAKIM MODU URL###################

RewriteRule ^Gecici-olarak-hizmet-disi.*$  back/Kapali/index.php [L,QSA]

RewriteRule ^Uyeliginiz-Yasaklandi.*$      back/error/userbanned.php [L,QSA]









# Enable Compression

<IfModule mod_deflate.c>

AddOutputFilterByType DEFLATE application/javascript

AddOutputFilterByType DEFLATE application/rss+xml

AddOutputFilterByType DEFLATE application/vnd.ms-fontobject

AddOutputFilterByType DEFLATE application/x-font

AddOutputFilterByType DEFLATE application/x-font-opentype

AddOutputFilterByType DEFLATE application/x-font-otf

AddOutputFilterByType DEFLATE application/x-font-truetype

AddOutputFilterByType DEFLATE application/x-font-ttf

AddOutputFilterByType DEFLATE application/x-javascript

AddOutputFilterByType DEFLATE application/xhtml+xml

AddOutputFilterByType DEFLATE application/xml

AddOutputFilterByType DEFLATE font/opentype

AddOutputFilterByType DEFLATE font/otf

AddOutputFilterByType DEFLATE font/ttf

AddOutputFilterByType DEFLATE font/woff

AddOutputFilterByType DEFLATE font/woff2

AddOutputFilterByType DEFLATE image/svg+xml

AddOutputFilterByType DEFLATE image/x-icon

AddOutputFilterByType DEFLATE image/webp

AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE text/html

AddOutputFilterByType DEFLATE text/javascript

AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/xml

  BrowserMatch ^Mozilla/4 gzip-only-text/html

  BrowserMatch ^Mozilla/4\.0[678] no-gzip

  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

</IfModule>

 

<IfModule mod_mime.c>

AddType font/opentype .otf

AddType application/font-woff .woff

AddType application/font-woff2 .woff2

AddType application/x-font-ttf .ttf

AddType application/vnd.ms-fontobject .eot

AddType image/svg+xml .svg

</IfModule>



 <ifModule mod_gzip.c>

mod_gzip_on Yes

mod_gzip_dechunk Yes

mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$

mod_gzip_item_include mime ^application/x-javascript/

mod_gzip_item_include mime ^text//

mod_gzip_item_exclude rspheader ^Content-Encoding:/gzip/

mod_gzip_item_exclude mime ^image//

mod_gzip_item_include handler ^cgi-script$

</ifModule>



<IfModule mod_expires.c>

ExpiresActive On

ExpiresDefault "access plus 1 seconds"

ExpiresByType application/javascript "access plus 1 years"

ExpiresByType application/vnd.ms-fontobject "access plus 1 years"

ExpiresByType application/xhtml+xml "access plus 10 minutes"

ExpiresByType application/x-javascript "access plus 1 years"

ExpiresByType application/x-shockwave-flash "access plus 1 years"

ExpiresByType application/x-woff "access plus 1 years"

ExpiresByType application/x-woff2 "access plus 1 years"

ExpiresByType font/otf "access plus 1 years"

ExpiresByType font/ttf "access plus 1 years"

ExpiresByType image/gif "access plus 1 years"

ExpiresByType image/jpeg "access plus 1 years"

ExpiresByType image/png "access plus 1 years"

ExpiresByType image/webp "access plus 1 years"

ExpiresByType image/svg+xml "access plus 1 years"

ExpiresByType image/x-icon "access plus 1 years"

ExpiresByType text/css "access plus 1 years"

ExpiresByType text/html "access plus 10 minutes"

ExpiresByType text/javascript "access plus 1 years"

ExpiresByType video/x-flv "access plus 1 years"

</IfModule>

 

 

<IfModule mod_headers.c> 

    Header set Cross-Origin-Embedder-Policy: cross-origin

    Header set Cross-Origin-Opener-Policy: cross-origin

    Header set Cross-Origin-Resource-Policy: cross-origin

    





    Header set X-XSS-Protection "1; mode=block"

    Header set X-Frame-Options "SAMEORIGIN"

    Header set X-Content-Type-Options "nosniff"

    ### Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains" preload

    Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

    Header set Expect-CT enforce,max-age=2592000,report-uri="https://ajans.softyrapps.com/report"

 

    Header set Referrer-Policy "same-origin" 

 

    Header always set Content-Security-Policy: "default-src 'none';"

    Header always set Content-Security-Policy: "script-src 'self' https://wa.me/ https://cdn.tiny.cloud/ https://www.google-analytics.com https://ajax.googleapis.com https://www.ajans.softyrapps.com/ https://www.google.com/recaptcha/ https://googleads.g.doubleclick.net/ https://static.doubleclick.net/ https://cdn.onesignal.com/sdks/ https://onesignal.com/sdks/;"

    Header always set Content-Security-Policy: "style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://wa.me/ https://cdn.tiny.cloud/ https://www.ajans.softyrapps.com https://ajans.softyrapps.com https://fonts.googleapis.com https://cdnjs.cloudflare.com/ https://www.google.com/recaptcha/ https://fonts.gstatic.com/ https://cdn.onesignal.com/sdks/ https://onesignal.com/sdks/;"

    Header always set Permissions-Policy: fullscreen=(self "https://ajans.softyrapps.com"),geolocation=*, camera=()









    <FilesMatch "\\.(ico|jpeg|jpg|png|gif|swf)$">

        Header set Cache-Control "max-age=31536000, public"

    </FilesMatch>

    <FilesMatch "\\.(css)$">

        Header set Cache-Control "max-age=31536000, public"

    </FilesMatch>

    <FilesMatch "\\.(js)$">

        Header set Cache-Control "max-age=31536000, public"

    </FilesMatch>

    <FilesMatch "\.(ttf|otf|eot|woff|woff2|svg)$">

        Header set Cache-Control "max-age=31536000, public"

    </FilesMatch>

    RewriteCond "%{HTTP:Accept-encoding}" "gzip"

    RewriteCond "%{REQUEST_FILENAME}\.gz" -s

    RewriteRule "^(/)\.css" "$1\.css\.gz" [QSA]



    RewriteCond "%{HTTP:Accept-encoding}" "gzip"

    RewriteCond "%{REQUEST_FILENAME}\.gz" -s

    RewriteRule "^(/)\.js" "$1\.js\.gz" [QSA]



    RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]

    RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]

</IfModule>



# MIME TYPES

<IfModule mod_mime.c>

    

    # DEFAULTS

    DefaultLanguage tr

    AddLanguage tr-TR .html .css .js

    AddCharset utf-8 .html .css .js .xml .json .rss .atom

    

    # JAVASCRIPT

    AddType application/javascript js jsonp

    AddType application/json json

    

    # FONTS

    AddType font/opentype otf

    AddType application/font-woff woff

    AddType application/x-font-woff woff

    AddType application/vnd.ms-fontobject eot

    AddType application/x-font-ttf ttc ttf

    AddType image/svg+xml svg svgz

    AddEncoding gzip svgz

    

    # AUDIO

    AddType audio/mp4 m4a f4a f4b

    AddType audio/ogg oga ogg

    

    # VIDEO

    AddType video/mp4 mp4 m4v f4v f4p

    AddType video/ogg ogv

    AddType video/webm webm

    AddType video/x-flv flv

    

    # OTHERS

    AddType application/octet-stream safariextz

    AddType application/x-chrome-extension crx

    AddType application/x-opera-extension oex

    AddType application/x-shockwave-flash swf

    AddType application/x-web-app-manifest+json webapp

    AddType application/x-xpinstall xpi

    AddType application/xml atom rdf rss xml

    AddType application/vnd.openxmlformats .docx .pptx .xlsx .xltx . xltm .dotx .potx .ppsx

    AddType text/cache-manifest appcache manifest

    AddType text/vtt vtt

    AddType text/x-component htc

    AddType text/x-vcard vcf

    AddType image/webp webp

    AddType image/x-icon ico

    

</IfModule>

#hata sayfalarını sabitlemek

    ErrorDocument 404 /back/error/404.php

    ErrorDocument 403 /back/error/403.php

    ErrorDocument 500 /back/error/500.php 

 

 

 #Php Shell engellemek 

RewriteCond %{REQUEST_URI} /((php|my)?shell|remview/|phpremoteview/|sshphp/|pcom|nstview/|c99|r57|webadmin/|phpget/|phpwriter/|fileditor/|locus7/|storm7/)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR] RewriteCond %{REQUEST_METHOD} (GET|POST) [NC] RewriteCond %{QUERY_STRING} ^(/)=/home(.+)?/loginftp/(/)$ [OR] RewriteCond %{QUERY_STRING} ^work_dir=/$ [OR] RewriteCond %{QUERY_STRING} ^command=/&output/$ [OR] RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=/$ [OR] RewriteCond %{QUERY_STRING} ^(/)cmd=/$ [OR] ## BU KURALA DIKKAT EDIN SITENIZIN CALISMASINI ENGELLEYEBILIR##

RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR] RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload/)|((chmod|f)&f=/))$ [OR] RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=/$ [OR] RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack)/$ [OR] RewriteCond %{QUERY_STRING} ^(/)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|mkdir|rmdir|pwd|clear|whoami|uname|tar|zip|unzip|tar|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR] RewriteCond %{QUERY_STRING} ^(/)(wget|shell_exec|passthru|system|exec|popen|proc_open)(/)$





#Zararlı örümcekleri engellemek

RewriteCond %{HTTP_USER_AGENT} ^-?$ [OR] RewriteCond %{HTTP_USER_AGENT} ^[bcdfghjklmnpqrstvwxz\ ]{8,}|^[0-9a-z]{15,}|^[0-9A-Za-z]{19,} [OR] RewriteCond %{HTTP_USER_AGENT} Extractor|almaden|anonymous|autoemailspider|blogsearchbot-martin|CherryPicker|Digger|DirectUpdate|Download\ Accelerator|echo\ extense|Collector|EmailWolf|flashget|frontpage|Go!Zilla|grub\ crawler|HTTPConnect|httplib|HttpProxy|HTTP\ agent|HTTrack|Indy\ Library|Jakarta\ Commons|libWeb|libwww|Microsoft\ Data|Microsoft\ URL|MJ12bot|Movable\ Type|NICErsPRO|NutchCVS|Nutscrape/|OmniExplorer|psycheclone|PussyCat|PycURL|python|QuepasaCreep|SiteMapper|Download|sucker|SurveyBot|Teleport\ Pro|Telesoft|TrackBack|Turing|TurnitinBot|vobsub|webbandit|WebCapture|webcollage|WebCopier|WebDAV|WebEmailExtractor|WebReaper|WEBsaver|WebStripper|WebZIP|widows|Wysigot|Zeus|Zeus/Webster [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^



#zararlı örümceklerin ulasacağı dosyalar

RewriteCond %{REQUEST_URI} !^/robots.txt

RewriteCond %{REQUEST_URI} !^/sitemap.xml



  

#SQL injection engellemek 

RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] RewriteCond %{HTTP_REFERER} ^(/)(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{REQUEST_URI} ^/(,|;|<|>|/{2,999})/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget)/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^/(winhttp|HTTrack|clshttp|archiver|loader|email| harvest|extract|grab|miner)/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^/(libwww|curl|wget|python|scan)/ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^/(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{HTTP_COOKIE} ^/(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{QUERY_STRING} ^/(localhost|loopback|127\\.0\\.0\\.1)/ [NC,OR] RewriteCond %{QUERY_STRING} ^/(<|>|’|%0A|%0D|’|<|>|%00)/ [NC,OR] RewriteCond %{QUERY_STRING} [^a-z](|order|union|declare|char|set|cast|convert|delete |drop|exec|insert|met*|script|select|truncate|upda te)[^a-z] [NC] RewriteRule (/) - [F]

 

#sunucu imzası kaldır

ServerSignature Off

 

 

#htaccess erişim engelleme

<Files .htaccess>

Order Allow,Deny

Deny from all

</Files>