Estoy trasteando un poquito con htacess, y dándole algo de seguridad.
He estado leyendo varios blogs, y sacando algunas cosas de aquí y allí. Algunas cosas he llegado a comprender, pero de estas cosas aún estoy aprendiendo y no me gustaría estar haciendo algo mal en los htacess que genere.
He dejado un htacess así: (sólo pongo la parte de seguridad, donde tengo dudas)
Código:
De esta parte, se que pretende hacer, usa expresiones regulares, para evitar esas entradas y en la regla se supone que los redirige a esa página (o eso creo pretendo que haga no se si está bien esa parte, porque la regla la escribí, lo demás es sacado de varios sitios.RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_USER_AGENT} ^(-|\.|') [OR] RewriteCond %{HTTP_USER_AGENT} ^(.*)(<|>|%3C|%3E)(.*) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget)(.*) [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^(.*)(libwww-perl|libwwwperl|snoopy|curl|wget|winhttp|python|nikto|scan|clshttp|archiver|loader|email|harvest|fetch|extract|grab|miner|suck|reaper|leach)(.*) [NC,OR] RewriteCond %{REQUEST_URI} ^(/,|/;|/<|/>|/'|/`|/%2C|/%3C|/%3E|/%27|/////) [NC,OR] RewriteCond %{HTTP_REFERER} ^(.*)(%00|%08|%09|%0A|%0B|%0C|%0D|%0E|%0F|%2C|<|>|'|%3C|%3E|%26%23|%27|%60)(.*) [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)(%00|%08|%09|%0A|%0B|%0C|%0D|%0E|%0F|%2C|%3C|%3E|%27|%26%23|%60)(.*) [NC,OR] RewriteCond %{QUERY_STRING} ^(.*)('|-|<|>|,|/|\\|\.a|\.c|\.t|\.d|\.p|\.i|\.e|\.j)(.*) [NC,OR] RewriteCond %{HTTP_COOKIE} ^(.*)(<|>|'|%3C|%3E|%27)(.*) [NC] RewriteRule ^(.*)$ /pruebas/404.php
Luego tengo la parte de denegar acceso a robots, browser offline, etc ..
Código:
Aquí voy uniendo las condiciones mediante OR, sin hacer distinción de mayusculas y minusculas y aplico la regla que vean que es Forbidden.RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?gameday.de.*$ [NC] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?play-texas-holdem.gameday.de.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?forever.kz.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?craps.forever.kz.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?roulette-online.forever.kz.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?play-poker.forever.kz.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?onlinecasino.forever.kz.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?texashold-em.freeservers.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?playonline.inn7winter.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?poker-new.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?available-poker.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?free-poker.available-poker.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?texasholdem.prv.pl.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?prv.pl.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?homestead.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?texaspoker.homestead.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?t-e-x-a-s-poker.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?texas-poker.olo.cc.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?holdem-poker.servertown.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?online-poker.played.by.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?empire-poker.black-poker.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?black-poker.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?free.fr.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?pc800cdf.free.fr.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?free-poker.standard-poker.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?cameralover.net.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?golfshoot.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?bitlocker.net.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?bayfronthomes.net.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?cafexml.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?turniptruck.com.*$ [NC,OR] RewriteCond %{HTTP_REFERER} ^http(s)?://(www\.)?trojan-horse.co.uk.*$ [NC,OR] RewriteCond %{REMOTE_HOST} adm-muenchen\.de [NC,OR] RewriteCond %{REMOTE_HOST} cyveillance\.com [NC,OR] RewriteCond %{REMOTE_HOST} lightspeedsystems\.com [NC,OR] RewriteCond %{REMOTE_HOST} pea016-29980-net-adsl-01\.altohiway\.com [NC,OR] RewriteCond %{REMOTE_HOST} smartservercontrol\.com [NC,OR] RewriteCond %{REMOTE_HOST} syntryx\.com [NC,OR] RewriteCond %{REMOTE_HOST} proxad\.net [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR] RewriteCond %{HTTP_USER_AGENT} Java [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^lwp:: [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^lwp- [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Schmozilla [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^webcollage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Zeuse [NC] RewriteRule ^.*$ - [F,L] RewriteCond %{HTTP_USER_AGENT} ^($|.$|.*Almaden|[bcdfgjklmnpqrstvwxyz]{5,}|.*compatible\ \;|.*DTS.Agent|.*Fluffy|.*Girafabot|.*HTTrack|.*Harvest|.*LWP|.*Rover|.*Searchhippo|.*TrueRobot|.*Twiceler|.*Voila|.*Voyager|.*WUMPUS|.*Webcraft@bea\.com|ADSARobot|ASPSeek) [NC] RewriteRule ^.*$ - [F,L]
De aquí también lo he sacado de varios sitios y aun me falta por juntarlos todos, pero me gustaría saber también si aunque estén repetidos, como aplico la misma regla, pasaría algo?
Es mas que nada por si pongo 2 veces el mismo sin querer y por saber si pasa algo.
Mas o menos esas son mis dudas, también saber si mas o menos está bien , o ya no eso, mas bien si hay algo que esté fatal y vulnere el htacess.
Espero puedan ayudarme.
Un saludo y gracias.