kanakiyajay · November 29, 2014 14:49
diff --git a/.htaccess b/.htaccess
 <FilesMatch "^(wp-config\.php|wp-cache-config\.php|advanced-cache\.php|php\.ini|php5\.ini|config\.php|db\.php|db-config\.ini)">
 Order Deny,Allow
 Deny from all
 </FilesMatch>

 ### If you have one or more dedicated IP addresses, uncomment the below
 ### from <FilesMatch to </FilesMatch then replace the IP addresess with
 ### your own; and completely remove any IP address line not necessary.
 ###
 ### For example, if you only have one dedicated IP address, there
 ### should only be one "allow from" line and not three.
 ###
 #<FilesMatch "^(wp-login\.php|install\.php|readme\.html)">
 #Order Deny,Allow
 #Deny from all
 #allow from 24.229.66.131
 #allow from 166.143.220.38
 #</FilesMatch>

 # Turn off directory indexes
 IndexIgnore *
 Options All -Indexes

 # prevent access to PHP error log
 <Files php_error.log>
 Order allow,deny
 Deny from all
 Satisfy All
 </Files>

 ########## Begin - Common hacking tools and bandwidth hoggers block
 # This line also disables Akeeba Remote Control 2.5 and earlier
 SetEnvIf user-agent "Indy Library" stayout=1
 # WARNING: Disabling wget will also block the most common method for
 # running CRON jobs. Remove if you have issues with CRON jobs.
 ###SetEnvIf user-agent "Wget" stayout=1
 # The following rules are for bandwidth-hogging download tools
 SetEnvIf user-agent "libwww-perl" stayout=1
 SetEnvIf user-agent "Download Demon" stayout=1
 SetEnvIf user-agent "GetRight" stayout=1
 SetEnvIf user-agent "GetWeb!" stayout=1
 SetEnvIf user-agent "Go!Zilla" stayout=1
 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1
 SetEnvIf user-agent "GrabNet" stayout=1
 SetEnvIf user-agent "TurnitinBot" stayout=1
 # This line denies access to all of the above tools
 deny from env=stayout
 ########## End - Common hacking tools and bandwidth hoggers block

 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /

 ########## Begin - Rewrite rules to block out some common exploits
 ## If you experience problems on your site block out the operations listed below
 ## This attempts to block the most common type of exploit `attempts` to Joomla!
 #
 # If the request query string contains /proc/self/environ (by SigSiu.net)
 RewriteCond %{QUERY_STRING} proc/self/environ [OR]
 # Block out any script trying to set a mosConfig value through the URL
 # (these attacks wouldn't work w/out Joomla! 1.5's Legacy Mode plugin)
 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
 # Block out any script trying to base64_encode or base64_decode data within the URL
 RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
 ## IMPORTANT: If the above line throws an HTTP 500 error, replace it with these 2 lines:
 # RewriteCond %{QUERY_STRING} base64_encode\(.*\) [OR]
 # RewriteCond %{QUERY_STRING} base64_decode\(.*\) [OR]
 # Block out any script that includes a <script> tag in URL
 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
 # Block out any script trying to set a PHP GLOBALS variable via URL
 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
 # Block out any script trying to modify a _REQUEST variable via URL
 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
 # Return 403 Forbidden header and show the content of the root homepage
 RewriteRule .* index.php [F]
 #
 ########## End - Rewrite rules to block out some common exploits

 ########## Begin - File injection protection, by SigSiu.net
 RewriteCond %{REQUEST_METHOD} GET
 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
 RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
 RewriteRule .* - [F]
 ########## End - File injection protection

 ########## Begin - Advanced server protection - query strings, referrer and config
 # Advanced server protection, version 3.2 - May 2011
 # by Nicholas K. Dionysopoulos

 ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
 ## your PHP version). See http://www.0php.com/php_easter_egg.php and
 ## http://osvdb.org/12184 for more information
 RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
 RewriteRule .* - [F]

 #Block mySQL injects - http://docs.joomla.org/Htaccess_examples_%28security%29
 RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC]
 RewriteRule .* - [F]
 ########## End - Advanced server protection - query strings, referrer and config

 ### Needed by WordPress for permalinks
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]

 # Block the include-only files.
 RewriteRule ^wp-admin/includes/ - [F,L]
 RewriteRule !^wp-includes/ - [S=3]
 RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
 RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
 RewriteRule ^wp-includes/theme-compat/ - [F,L]

 # comment spam protection
 # replace dynamicnet.net with your domain name
 # http://www.catswhocode.com/blog/10-htaccess-snippets-to-optimize-your-website
 #RewriteCond %{REQUEST_METHOD} POST
 #RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
 #RewriteCond %{HTTP_REFERER} !.*dynamicnet.net.* [OR]
 #RewriteCond %{HTTP_USER_AGENT} ^$
 #RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
 #

 </IfModule>

 <IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary Accept-Encoding
  </FilesMatch>
 </IfModule>

 ### To help with compression
 <IfModule mod_deflate.c>
 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
 AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml
 AddOutputFilterByType DEFLATE application/javascript application/x-javascript

 BrowserMatch ^Mozilla/4 gzip-only-text/html
 BrowserMatch ^Mozilla/4\.0[678] no-gzip
 BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

 # Make sure proxies don't deliver the wrong content
 Header append Vary User-Agent env=!dont-vary
 </IfModule>

 ########## Begin - ETag Optimization
 ## This rule will create an ETag for files based only on the modification
 ## timestamp and their size. This works wonders if you are using rsync'ed
 ## servers, where the inode number of identical files differs.
 ## Note: It may cause problems on your server and you may need to remove it
 FileETag MTime Size
 ########## End - ETag Optimization


 ########## Begin - Optimal default expiration time
 ## Note: this might cause problems and you might have to comment it out by
 ## placing a hash in front of this section's lines
 <IfModule mod_expires.c>
        # Enable expiration control
        ExpiresActive On

        # Default expiration: 1 hour after request
        ExpiresDefault "now plus 1 hour"

        # CSS and JS expiration: 2 week after request
        ExpiresByType text/css "now plus 2 weeks"
        ExpiresByType application/javascript "now plus 2 weeks"
        ExpiresByType application/x-javascript "now plus 2 weeks"

        # Image files expiration: 1 month after request
        ExpiresByType image/bmp "now plus 1 month"
        ExpiresByType image/gif "now plus 1 month"
        ExpiresByType image/jpeg "now plus 1 month"
        ExpiresByType image/jp2 "now plus 1 month"
        ExpiresByType image/pipeg "now plus 1 month"
        ExpiresByType image/png "now plus 1 month"
        ExpiresByType image/svg+xml "now plus 1 month"
        ExpiresByType image/tiff "now plus 1 month"
        ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
        ExpiresByType image/x-icon "now plus 1 month"
        ExpiresByType image/ico "now plus 1 month"
        ExpiresByType image/icon "now plus 1 month"
        ExpiresByType text/ico "now plus 1 month"
        ExpiresByType application/ico "now plus 1 month"
        ExpiresByType image/vnd.wap.wbmp "now plus 1 month"
        ExpiresByType application/vnd.wap.wbxml "now plus 1 month"
        ExpiresByType application/smil "now plus 1 month"

        # Audio files expiration: 1 month after request
        ExpiresByType audio/basic "now plus 1 month"
        ExpiresByType audio/mid "now plus 1 month"
        ExpiresByType audio/midi "now plus 1 month"
        ExpiresByType audio/mpeg "now plus 1 month"
        ExpiresByType audio/x-aiff "now plus 1 month"
        ExpiresByType audio/x-mpegurl "now plus 1 month"
        ExpiresByType audio/x-pn-realaudio "now plus 1 month"
        ExpiresByType audio/x-wav "now plus 1 month"

        # Movie files expiration: 1 month after request
        ExpiresByType application/x-shockwave-flash "now plus 1 month"
        ExpiresByType x-world/x-vrml "now plus 1 month"
        ExpiresByType video/x-msvideo "now plus 1 month"
        ExpiresByType video/mpeg "now plus 1 month"
        ExpiresByType video/mp4 "now plus 1 month"
        ExpiresByType video/quicktime "now plus 1 month"
        ExpiresByType video/x-la-asf "now plus 1 month"
        ExpiresByType video/x-ms-asf "now plus 1 month"
 </IfModule>
 ########## End - Optimal expiration time

 ## Any Redirects go here
 ##
 ##
 ## EOF

 # BEGIN WordPress
 <IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /xampp/projects/jquer.in/
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /xampp/projects/jquer.in/index.php [L]
 </IfModule>

 # END WordPress
	<FilesMatch "^(wp-config\.php\|wp-cache-config\.php\|advanced-cache\.php\|php\.ini\|php5\.ini\|config\.php\|db\.php\|db-config\.ini)">
	Order Deny,Allow
	Deny from all
	</FilesMatch>

	### If you have one or more dedicated IP addresses, uncomment the below
	### from <FilesMatch to </FilesMatch then replace the IP addresess with
	### your own; and completely remove any IP address line not necessary.
	###
	### For example, if you only have one dedicated IP address, there
	### should only be one "allow from" line and not three.
	###
	#<FilesMatch "^(wp-login\.php\|install\.php\|readme\.html)">
	#Order Deny,Allow
	#Deny from all
	#allow from 24.229.66.131
	#allow from 166.143.220.38
	#</FilesMatch>

	# Turn off directory indexes
	IndexIgnore *
	Options All -Indexes

	# prevent access to PHP error log
	<Files php_error.log>
	Order allow,deny
	Deny from all
	Satisfy All
	</Files>

	########## Begin - Common hacking tools and bandwidth hoggers block
	# This line also disables Akeeba Remote Control 2.5 and earlier
	SetEnvIf user-agent "Indy Library" stayout=1
	# WARNING: Disabling wget will also block the most common method for
	# running CRON jobs. Remove if you have issues with CRON jobs.
	###SetEnvIf user-agent "Wget" stayout=1
	# The following rules are for bandwidth-hogging download tools
	SetEnvIf user-agent "libwww-perl" stayout=1
	SetEnvIf user-agent "Download Demon" stayout=1
	SetEnvIf user-agent "GetRight" stayout=1
	SetEnvIf user-agent "GetWeb!" stayout=1
	SetEnvIf user-agent "Go!Zilla" stayout=1
	SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1
	SetEnvIf user-agent "GrabNet" stayout=1
	SetEnvIf user-agent "TurnitinBot" stayout=1
	# This line denies access to all of the above tools
	deny from env=stayout
	########## End - Common hacking tools and bandwidth hoggers block

	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /

	########## Begin - Rewrite rules to block out some common exploits
	## If you experience problems on your site block out the operations listed below
	## This attempts to block the most common type of exploit `attempts` to Joomla!
	#
	# If the request query string contains /proc/self/environ (by SigSiu.net)
	RewriteCond %{QUERY_STRING} proc/self/environ [OR]
	# Block out any script trying to set a mosConfig value through the URL
	# (these attacks wouldn't work w/out Joomla! 1.5's Legacy Mode plugin)
	RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=\|\%3D) [OR]
	# Block out any script trying to base64_encode or base64_decode data within the URL
	RewriteCond %{QUERY_STRING} base64_(en\|de)code[^(]\([^)]\) [OR]
	## IMPORTANT: If the above line throws an HTTP 500 error, replace it with these 2 lines:
	# RewriteCond %{QUERY_STRING} base64_encode\(.*\) [OR]
	# RewriteCond %{QUERY_STRING} base64_decode\(.*\) [OR]
	# Block out any script that includes a <script> tag in URL
	RewriteCond %{QUERY_STRING} (<\|%3C)([^s]s)+cript.(>\|%3E) [NC,OR]
	# Block out any script trying to set a PHP GLOBALS variable via URL
	RewriteCond %{QUERY_STRING} GLOBALS(=\|\[\|\%[0-9A-Z]{0,2}) [OR]
	# Block out any script trying to modify a _REQUEST variable via URL
	RewriteCond %{QUERY_STRING} _REQUEST(=\|\[\|\%[0-9A-Z]{0,2})
	# Return 403 Forbidden header and show the content of the root homepage
	RewriteRule .* index.php [F]
	#
	########## End - Rewrite rules to block out some common exploits

	########## Begin - File injection protection, by SigSiu.net
	RewriteCond %{REQUEST_METHOD} GET
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
	RewriteRule .* - [F]
	########## End - File injection protection

	########## Begin - Advanced server protection - query strings, referrer and config
	# Advanced server protection, version 3.2 - May 2011
	# by Nicholas K. Dionysopoulos

	## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine
	## your PHP version). See http://www.0php.com/php_easter_egg.php and
	## http://osvdb.org/12184 for more information
	RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
	RewriteRule .* - [F]

	#Block mySQL injects - http://docs.joomla.org/Htaccess_examples_%28security%29
	RewriteCond %{QUERY_STRING} (;\|<\|>\|'\|"\|\)\|%0A\|%0D\|%22\|%27\|%3C\|%3E\|%00).(/\\|union\|select\|insert\|cast\|set\|declare\|drop\|update\|md5\|benchmark) [NC]
	RewriteRule .* - [F]
	########## End - Advanced server protection - query strings, referrer and config

	### Needed by WordPress for permalinks
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /index.php [L]

	# Block the include-only files.
	RewriteRule ^wp-admin/includes/ - [F,L]
	RewriteRule !^wp-includes/ - [S=3]
	RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
	RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
	RewriteRule ^wp-includes/theme-compat/ - [F,L]

	# comment spam protection
	# replace dynamicnet.net with your domain name
	# http://www.catswhocode.com/blog/10-htaccess-snippets-to-optimize-your-website
	#RewriteCond %{REQUEST_METHOD} POST
	#RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
	#RewriteCond %{HTTP_REFERER} !.dynamicnet.net. [OR]
	#RewriteCond %{HTTP_USER_AGENT} ^$
	#RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
	#

	</IfModule>

	<IfModule mod_headers.c>
	<FilesMatch "\.(js\|css\|xml\|gz)$">
	Header append Vary Accept-Encoding
	</FilesMatch>
	</IfModule>

	### To help with compression
	<IfModule mod_deflate.c>
	AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
	AddOutputFilterByType DEFLATE application/xml application/xhtml+xml application/rss+xml
	AddOutputFilterByType DEFLATE application/javascript application/x-javascript

	BrowserMatch ^Mozilla/4 gzip-only-text/html
	BrowserMatch ^Mozilla/4\.0[678] no-gzip
	BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

	# Make sure proxies don't deliver the wrong content
	Header append Vary User-Agent env=!dont-vary
	</IfModule>

	########## Begin - ETag Optimization
	## This rule will create an ETag for files based only on the modification
	## timestamp and their size. This works wonders if you are using rsync'ed
	## servers, where the inode number of identical files differs.
	## Note: It may cause problems on your server and you may need to remove it
	FileETag MTime Size
	########## End - ETag Optimization


	########## Begin - Optimal default expiration time
	## Note: this might cause problems and you might have to comment it out by
	## placing a hash in front of this section's lines
	<IfModule mod_expires.c>
	# Enable expiration control
	ExpiresActive On

	# Default expiration: 1 hour after request
	ExpiresDefault "now plus 1 hour"

	# CSS and JS expiration: 2 week after request
	ExpiresByType text/css "now plus 2 weeks"
	ExpiresByType application/javascript "now plus 2 weeks"
	ExpiresByType application/x-javascript "now plus 2 weeks"

	# Image files expiration: 1 month after request
	ExpiresByType image/bmp "now plus 1 month"
	ExpiresByType image/gif "now plus 1 month"
	ExpiresByType image/jpeg "now plus 1 month"
	ExpiresByType image/jp2 "now plus 1 month"
	ExpiresByType image/pipeg "now plus 1 month"
	ExpiresByType image/png "now plus 1 month"
	ExpiresByType image/svg+xml "now plus 1 month"
	ExpiresByType image/tiff "now plus 1 month"
	ExpiresByType image/vnd.microsoft.icon "now plus 1 month"
	ExpiresByType image/x-icon "now plus 1 month"
	ExpiresByType image/ico "now plus 1 month"
	ExpiresByType image/icon "now plus 1 month"
	ExpiresByType text/ico "now plus 1 month"
	ExpiresByType application/ico "now plus 1 month"
	ExpiresByType image/vnd.wap.wbmp "now plus 1 month"
	ExpiresByType application/vnd.wap.wbxml "now plus 1 month"
	ExpiresByType application/smil "now plus 1 month"

	# Audio files expiration: 1 month after request
	ExpiresByType audio/basic "now plus 1 month"
	ExpiresByType audio/mid "now plus 1 month"
	ExpiresByType audio/midi "now plus 1 month"
	ExpiresByType audio/mpeg "now plus 1 month"
	ExpiresByType audio/x-aiff "now plus 1 month"
	ExpiresByType audio/x-mpegurl "now plus 1 month"
	ExpiresByType audio/x-pn-realaudio "now plus 1 month"
	ExpiresByType audio/x-wav "now plus 1 month"

	# Movie files expiration: 1 month after request
	ExpiresByType application/x-shockwave-flash "now plus 1 month"
	ExpiresByType x-world/x-vrml "now plus 1 month"
	ExpiresByType video/x-msvideo "now plus 1 month"
	ExpiresByType video/mpeg "now plus 1 month"
	ExpiresByType video/mp4 "now plus 1 month"
	ExpiresByType video/quicktime "now plus 1 month"
	ExpiresByType video/x-la-asf "now plus 1 month"
	ExpiresByType video/x-ms-asf "now plus 1 month"
	</IfModule>
	########## End - Optimal expiration time

	## Any Redirects go here
	##
	##
	## EOF

	# BEGIN WordPress
	<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /xampp/projects/jquer.in/
	RewriteRule ^index\.php$ - [L]
	RewriteCond %{REQUEST_FILENAME} !-f
	RewriteCond %{REQUEST_FILENAME} !-d
	RewriteRule . /xampp/projects/jquer.in/index.php [L]
	</IfModule>

	# END WordPress