Last active
May 1, 2021 13:01
-
-
Save mistergraphx/ae2de7bc5fc31bbdb8066f259adf9ef7 to your computer and use it in GitHub Desktop.
! Attention de ne pas tout ajouter d'un coup sur un site en production !
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################## | |
| # Fichier .htaccess SPIP v 3 # | |
| # # | |
| # V 1.1.6 # | |
| # # | |
| # Permet de controler les URLs et la version de php utilisee # | |
| # Compatible avec les URLs 'html', 'propres' et 'propres2' # | |
| # Permet aussi d'effectuer la transition de .PHP 3 vers .PHP # | |
| # # | |
| # Pour utiliser ce fichier renommez-le '.htaccess' dans le # | |
| # repertoire racine du site, en veillant a ne pas ecraser un # | |
| # .htaccess personnalise qui s'y trouverait deja # | |
| # # | |
| # Attention certains hebergeurs desactivent tout ou partie # | |
| # des fonctions du fichier .htaccess ; celui-ci est donc # | |
| # indicatif - en cas de difficulte voir sur les forums SPIP # | |
| ############################################################## | |
| # https://httpd.apache.org/docs/2.4/fr/rewrite/flags.html | |
| # https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess | |
| # https://core.spip.net/projects/spip/repository/entry/spip/htaccess.txt | |
| ## A remplacer par le nom du domaine : | |
| # __DOMAIN__ : ex domaine.fr | |
| RewriteEngine On | |
| # Ne pas lister les répertoires | |
| Options +FollowSymlinks -Indexes | |
| ################ CONFIGURATION ###################### | |
| ### Configuration sous-repertoire | |
| # Calcule automatiquememt le RewriteBase (qui permet de faire fonctionner | |
| # les belles URLs). De la sorte, un meme site peut etre affiche en racine | |
| # ou dans un sous repertoire sans devoir modifier la ligne RewriteBase. | |
| RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
| RewriteRule ^(.*) - [E=BASE:%1] | |
| # En alternative aux 2 lignes precedentes (a commenter dans ce cas), | |
| # vous pouvez indiquer un RewriteBase specifique | |
| # RewriteBase / | |
| ################ REGLAGES PERSONNALISES ###################### | |
| # http://www.joshuawinn.com/fix-html5-validator-error-bad-value-x-ua-compatible-for-attribute-http-equiv-on-element-meta/ | |
| Header set X-UA-Compatible "IE=Edge,chrome=1" | |
| ## https://sonarwhal.com/scanner/ | |
| ## https://www.keycdn.com/support/x-content-type-options/ | |
| Header set X-Content-Type-Options "nosniff" | |
| ## Block GooogleFloc | |
| ## https://ewatchers.org/floc | |
| Header always set Permissions-Policy "interest-cohort=()" | |
| # Rediriger rediriger monsite.tld vers wwww.monsite.tld | |
| # http://www.webrankinfo.com/dossiers/techniques/redirection-301-www | |
| # RewriteCond %{HTTP_HOST} ^[^.]+\.[^.]+$ | |
| # RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L] | |
| # Forcer le passage des adresses vers le https | |
| # http://www.webrankinfo.com/dossiers/techniques/redirection-http-https | |
| # Testeur de config ssl : https://www.linksspy.com/seo-tools/free-seo-ssl-scan/ | |
| # RewriteCond %{SERVER_PORT} 80 | |
| # RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | |
| # Rediriger les pages sans www vers celles avec www | |
| #RewriteCond %{HTTP_HOST} ^__DOMAIN__ | |
| #RewriteRule (.*) https://www.__DOMAIN__$1 [R=301,L] | |
| ## URLS PAGES PERSOS | |
| #RewriteRule ^collections(\.html)?$ spip.php?page=collections [QSA,L] | |
| #RewriteRule ^collection/([^/]*)\.html$ spip.php?page=collection&collection=$1 [QSA,L] | |
| ## Filtre image_responsives | |
| #<IfModule xmod_sendfile.c> | |
| #XSendFile on | |
| #RewriteRule (.*)\-resp([0-9]+v?)(\-([0-9\.]+))?\.(jpg|png|gif) index.php?action=image_responsive&img=$1.$5&taille=$2&dpr=$4&xsendfile=1 | |
| #</IfModule> | |
| #RewriteRule (.*)\-resp([0-9]+v?)(\-([0-9\.]+))?\.(jpg|png|gif) index.php?action=image_responsive&img=$1.$5&taille=$2&dpr=$4 | |
| ## REGLES DE REECRITURE DES PAGES | |
| RewriteRule ^plan-du-site(\.html)?$ spip.php?page=plan [QSA,E=url_propre:$0,L] | |
| ################ GESTIONS DES URLS SPIP ####################### | |
| # Deux pseudo-actions a present evacuees | |
| # N'y at-il pas moyen de REMPLACER un nom dans la QueryString ? | |
| RewriteCond %{QUERY_STRING} action=rss | |
| RewriteRule spip.php spip.php?page=rss [QSA,L] | |
| RewriteCond %{QUERY_STRING} action=ical | |
| RewriteRule spip.php spip.php?page=ical_prive [QSA,L] | |
| ### | |
| # Si le fichier ou repertoire demande existe | |
| # ignorer toutes les regles qui suivent | |
| RewriteCond %{REQUEST_FILENAME} -f | |
| RewriteRule "." - [skip=100] | |
| RewriteCond %{REQUEST_FILENAME} -d | |
| RewriteRule "." - [skip=100] | |
| # | |
| ### | |
| ### | |
| # Compatibilite avec les URLS "html" (pour transition sympa) | |
| # voir fichier ecrire/urls/html.php | |
| RewriteRule ^rubrique([0-9]+)(\.html)?$ spip.php?page=rubrique&id_rubrique=$1 [QSA,L] | |
| RewriteRule ^article([0-9]+)(\.html)?$ spip.php?page=article&id_article=$1 [QSA,L] | |
| RewriteRule ^breve([0-9]+)(\.html)?$ spip.php?page=breve&id_breve=$1 [QSA,L] | |
| RewriteRule ^mot([0-9]+)(\.html)?$ spip.php?page=mot&id_mot=$1 [QSA,L] | |
| RewriteRule ^auteur([0-9]+)(\.html)?$ spip.php?page=auteur&id_auteur=$1 [QSA,L] | |
| RewriteRule ^site([0-9]+)(\.html)?$ spip.php?page=site&id_syndic=$1 [QSA,L] | |
| # Compatibilite avec les anciennes URLS appelant directement des fichiers php | |
| RewriteRule ^(rubrique|article|breve|mot|auteur|site|agenda|backend|backend-breves|distrib|forum|ical|plan|recherche|sommaire|sommaire_texte)\.php3?$ spip.php?page=$1 [QSA,L] | |
| RewriteRule ^resume.php[3]? spip.php?page=sommaire [QSA,L] | |
| RewriteRule ^page.php[3]? spip.php [QSA,L] | |
| RewriteRule ^spip_cal\.php3?$ spip.php?page=ical_prive [QSA,L] | |
| RewriteRule ^spip_rss\.php3?$ spip.php?page=rss [QSA,L] | |
| # Fin compatibilite | |
| ### | |
| ### | |
| # ping http://site/1234 => article1234 | |
| RewriteRule ^([1-9][0-9]*)$ spip.php?action=redirect&type=article&status=301&id=$1 [QSA,L] | |
| # | |
| ### | |
| ### | |
| # APIs | |
| # http://site/xmlrpc.api | |
| # http://site/atom.api/articles/1234 | |
| RewriteRule ^([\w]+)\.api(/(.*))?$ spip.php?action=api_$1&arg=$3 [QSA,L] | |
| # Fin des APIs | |
| ### | |
| ### | |
| # URLs "propres", "propres2", "libres", "arbo" | |
| RewriteRule ^[^\.]+(\.html)?$ spip.php [QSA,E=url_propre:$0,L] | |
| # Fin URLs "propres" et "propres2" | |
| ### | |
| ### | |
| # Divers | |
| # bloquer les acces aux fichiers caches (.svn, .git, etc) | |
| RewriteRule /\\..*(/.*|$) - [F] | |
| ## spam de sites référents | |
| ## | |
| ### | |
| # Fichiers "standards" (si absents de la racine) | |
| # | |
| RewriteRule ^robots[.]txt$ spip.php?page=robots.txt [QSA,L] | |
| RewriteRule ^favicon[.]ico$ spip.php?page=favicon.ico [QSA,L] | |
| RewriteRule ^sitemap[.]xml$ spip.php?page=sitemap.xml [QSA,L] | |
| ## | |
| # expirer les images (pour contourner gros bug MSIE sur le cache) | |
| # note : a decommenter si vous voulez tester | |
| #<IfModule mod_expires.c> | |
| # ExpiresActive on | |
| # ExpiresByType image/gif A3600 | |
| # ExpiresByType image/jpeg A3600 | |
| # ExpiresByType image/png A3600 | |
| #</IfModule> | |
| # Allow-cross-rigin | |
| # https://developer.mozilla.org/fr/docs/Web/HTTP/CORS | |
| # Add type | |
| # https://stackoverflow.com/questions/2856502/css-font-face-not-working-with-firefox-but-working-with-chrome-and-ie?rq=1 | |
| AddType font/ttf .ttf | |
| AddType font/eot .eot | |
| AddType font/otf .otf | |
| AddType font/woff .woff | |
| AddType font/woff .woff2 | |
| # Fix cross origin requests CORS issues for webfonts | |
| # https://deliciousbrains.com/wp-offload-media/doc/configure-cors-to-resolve-web-font-issues/ | |
| # https://crunchify.com/how-to-fix-access-control-allow-origin-issue-for-your-https-enabled-wordpress-site-and-maxcdn/ | |
| <IfModule mod_headers.c> | |
| <FilesMatch "\.(ttf|otf|eot|woff|woff2)$"> | |
| Header set Access-Control-Allow-Origin "*" | |
| </FilesMatch> | |
| </IfModule> | |
| # Fix cross origin requests CORS issues ALL | |
| # allow js, css, webfont useful mainly for static pages with lots of CDN assets | |
| # https://developer.mozilla.org/fr/docs/Web/HTTP/CORS | |
| # https://crunchify.com/how-to-fix-access-control-allow-origin-issue-for-your-https-enabled-wordpress-site-and-maxcdn/ | |
| #<IfModule mod_headers.c> | |
| # <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$"> | |
| # Header set Access-Control-Allow-Origin "*" | |
| # </FilesMatch> | |
| #</IfModule> | |
| # ---------------------------------------------------------------------- | |
| # | Cache expiration | | |
| # ---------------------------------------------------------------------- | |
| # https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess#L1046 | |
| # | |
| # Serve resources with far-future expiration date. | |
| # | |
| # (!) If you don't control versioning with filename-based | |
| # cache busting, you should consider lowering the cache times | |
| # to something like one week. | |
| # | |
| # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control | |
| # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires | |
| # https://httpd.apache.org/docs/current/mod/mod_expires.html | |
| <IfModule mod_expires.c> | |
| ExpiresActive on | |
| ExpiresDefault "access plus 1 month" | |
| # CSS | |
| ExpiresByType text/css "access plus 1 year" | |
| # Data interchange | |
| ExpiresByType application/atom+xml "access plus 1 hour" | |
| ExpiresByType application/rdf+xml "access plus 1 hour" | |
| ExpiresByType application/rss+xml "access plus 1 hour" | |
| ExpiresByType application/json "access plus 0 seconds" | |
| ExpiresByType application/ld+json "access plus 0 seconds" | |
| ExpiresByType application/schema+json "access plus 0 seconds" | |
| ExpiresByType application/geo+json "access plus 0 seconds" | |
| ExpiresByType application/xml "access plus 0 seconds" | |
| ExpiresByType text/calendar "access plus 0 seconds" | |
| ExpiresByType text/xml "access plus 0 seconds" | |
| # Favicon (cannot be renamed!) and cursor images | |
| ExpiresByType image/vnd.microsoft.icon "access plus 1 week" | |
| ExpiresByType image/x-icon "access plus 1 week" | |
| # HTML | |
| ExpiresByType text/html "access plus 0 seconds" | |
| # JavaScript | |
| ExpiresByType application/javascript "access plus 1 year" | |
| ExpiresByType application/x-javascript "access plus 1 year" | |
| ExpiresByType text/javascript "access plus 1 year" | |
| # Manifest files | |
| ExpiresByType application/manifest+json "access plus 1 week" | |
| ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" | |
| ExpiresByType text/cache-manifest "access plus 0 seconds" | |
| # Markdown | |
| ExpiresByType text/markdown "access plus 0 seconds" | |
| # Media files | |
| ExpiresByType audio/ogg "access plus 1 month" | |
| ExpiresByType image/bmp "access plus 1 month" | |
| ExpiresByType image/gif "access plus 1 month" | |
| ExpiresByType image/jpeg "access plus 1 month" | |
| ExpiresByType image/png "access plus 1 month" | |
| ExpiresByType image/svg+xml "access plus 1 month" | |
| ExpiresByType image/webp "access plus 1 month" | |
| ExpiresByType video/mp4 "access plus 1 month" | |
| ExpiresByType video/ogg "access plus 1 month" | |
| ExpiresByType video/webm "access plus 1 month" | |
| # WebAssembly | |
| ExpiresByType application/wasm "access plus 1 year" | |
| # Web fonts | |
| # Collection | |
| ExpiresByType font/collection "access plus 1 month" | |
| # Embedded OpenType (EOT) | |
| ExpiresByType application/vnd.ms-fontobject "access plus 1 month" | |
| ExpiresByType font/eot "access plus 1 month" | |
| # OpenType | |
| ExpiresByType font/opentype "access plus 1 month" | |
| ExpiresByType font/otf "access plus 1 month" | |
| # TrueType | |
| ExpiresByType application/x-font-ttf "access plus 1 month" | |
| ExpiresByType font/ttf "access plus 1 month" | |
| # Web Open Font Format (WOFF) 1.0 | |
| ExpiresByType application/font-woff "access plus 1 month" | |
| ExpiresByType application/x-font-woff "access plus 1 month" | |
| ExpiresByType font/woff "access plus 1 month" | |
| # Web Open Font Format (WOFF) 2.0 | |
| ExpiresByType application/font-woff2 "access plus 1 month" | |
| ExpiresByType font/woff2 "access plus 1 month" | |
| # Other | |
| ExpiresByType text/x-cross-domain-policy "access plus 1 week" | |
| </IfModule> | |
| # ---------------------------------------------------------------------- | |
| # Gzip compression | |
| # https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess | |
| # ---------------------------------------------------------------------- | |
| <IfModule mod_deflate.c> | |
| # Force deflate for mangled headers developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping/ | |
| <IfModule mod_setenvif.c> | |
| <IfModule mod_headers.c> | |
| SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding | |
| RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding | |
| </IfModule> | |
| </IfModule> | |
| # HTML, TXT, CSS, JavaScript, JSON, XML, HTC: | |
| # En apache 2.4 les FILTERProviders change de syntaxe | |
| # https://github.com/Laverna/laverna/issues/110 | |
| # https://community.ovh.com/t/faq-comment-mettre-a-jour-mon-site-pour-supporter-apache-2-4/3850 | |
| <IfModule mod_version.c> | |
| <IfModule filter_module> | |
| # APACHE > 2.4 | |
| <IfVersion >= 2.4> | |
| FilterDeclare COMPRESS | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'text/html'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'text/css'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'text/plain'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'text/xml'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'text/x-component'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/javascript'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/json'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/xml'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/xhtml+xml'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/rss+xml'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/atom+xml'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/vnd.ms-fontobject'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'image/svg+xml'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'image/x-icon'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'application/x-font-ttf'" | |
| FilterProvider COMPRESS DEFLATE "%{Content_Type} = 'font/opentype'" | |
| FilterChain COMPRESS | |
| FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no | |
| </IfVersion> | |
| # APACHE < 2.4 | |
| <IfVersion < 2.4> | |
| FilterDeclare COMPRESS | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $text/html | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $text/css | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $text/plain | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $text/xml | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $text/x-component | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/javascript | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/json | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xml | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/xhtml+xml | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/rss+xml | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/atom+xml | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/vnd.ms-fontobject | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $image/svg+xml | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $image/x-icon | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $application/x-font-ttf | |
| FilterProvider COMPRESS DEFLATE resp=Content-Type $font/opentype | |
| FilterChain COMPRESS | |
| FilterProtocol COMPRESS DEFLATE change=yes;byteranges=no | |
| </IfVersion> | |
| </IfModule> | |
| </IfModule> | |
| # | |
| #<IfModule !mod_filter.c> | |
| # # Legacy versions of Apache | |
| # AddOutputFilterByType DEFLATE text/html text/plain text/css application/json | |
| # AddOutputFilterByType DEFLATE application/javascript | |
| # AddOutputFilterByType DEFLATE text/xml application/xml text/x-component | |
| # AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml | |
| # AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype | |
| #</IfModule> | |
| </IfModule> | |
| ################################# | |
| # gestion des erreurs 404 | |
| # voir http://www.spip.net/fr_article3226.html | |
| # Pour que le serveur http renvoie les erreurs 404 vers SPIP, supprimer le '#' | |
| ErrorDocument 404 /spip.php?page=404 | |
| # | |
| ### |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <IfModule mod_rewrite.c> | |
| RewriteEngine On | |
| # Some hosts may require you to use the `RewriteBase` directive. | |
| # Determine the RewriteBase automatically and set it as environment variable. | |
| # If you are using Apache aliases to do mass virtual hosting or installed the | |
| # project in a subdirectory, the base path will be prepended to allow proper | |
| # resolution of the index.php file and to redirect to the correct URI. It will | |
| # work in environments without path prefix as well, providing a safe, one-size | |
| # fits all solution. But as you do not need it in this case, you can comment | |
| # the following 2 lines to eliminate the overhead. | |
| RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$ | |
| RewriteRule ^(.*) - [E=BASE:%1] | |
| # If the above doesn't work you might need to set the `RewriteBase` directive manually, it should be the | |
| # absolute physical path to the directory that contains this htaccess file. | |
| # RewriteBase / | |
| RewriteCond %{REQUEST_FILENAME} !-f | |
| RewriteRule ^ index.php [QSA,L] | |
| </IfModule> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # V 1.0.2 | |
| ## bloquer le spam de sites référents | |
| # https://olivier-chauvel.fr/referrer-spam-google-analytics/ | |
| # https://github.com/Stevie-Ray/referrer-spam-blocker/blob/master/.htaccess | |
| # https://perishablepress.com/blacklist/ultimate-referrer-blacklist.txt | |
| # SPAM BLOCKER | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*03e\.info.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*66728556\.videos\-for\-your\-business\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*anonymizeme\.pro.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*avtovykup\.kz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*blog2019\.top.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*burger\-tycoon\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*burger\-imperia\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*buttons\-for\-website\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*buttons\-for\-your\-website\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*comp\-pomosch\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*computer\-remont\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*dbutton\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*dev\.borezo\.info.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*dosugrostov\.site.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*elementspluss\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*elvel\.com\.ua.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*fidalsa\.de.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*free\-website\-traffic\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*hard\-porn\.mobi.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*hundejo\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*hvd\-store\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*int\.search\.myway\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*justprofit\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*kinosed\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*lerporn\.info.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*medicineseasybuy\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*metallo\-konstruktsii\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*mobile\.regionshop\.biz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*muzaporn\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*pizza\-imperia\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*pizza\-tycoon\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*pk\-pomosch\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*pornonik\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*prostitutki\-spb\.spb\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*shnyagi\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*shops\-ru\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*skinali\.photo\-clip\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*sladkoevideo\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*sovetogorod\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*viagra\-soft\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*video\-\-production\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*videos\-for\-your\-business\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*w3data\.co.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*alinabaniecka\.pl.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*marinetraffic\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*rospromtest\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*stavimdveri\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*tsatu\.edu\.ua.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*xn\-\-\-\-\-6kcamwewcd9bayelq\.xn\-\-p1ai.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*xn\-\-\-\-8sblgmbj1a1bk8l\.xn\-\-\-\-161\-4vemb6cjl7anbaea3afninj\.xn\-\-p1ai.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*xn\-\-\-\-ctbigni3aj4h\.xn\-\-p1ai.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*xn\-\-d1abj0abs9d\.in\.ua.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ya\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*yandex\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ask\-yug\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*beremenyashka\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*brillianty\.info.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*darkbyte\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*dawlenie\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*documentserver\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*filesdatabase\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*infektsii\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*luckybull\.io.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*modforwot\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*moinozhki\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*mybuh\.kz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*odiabetikah\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ofermerah\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*officedocuments\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ogorodnic\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*orenstein\.soef\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*pills24h\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*popugaychiki\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*scat\.porn.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*sinhronperevod\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*slomm\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*spb\-plitka\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*tattoo\-stickers\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*vzheludke\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*vzubkah\.com.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ww2awards\.info.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*atyks\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*blog100\.org.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*blog2019\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*blogseo\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*dailyseo\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ecblog\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*ecosia\.org.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*galblog\.top.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*hiblog\.top.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*iblogger\.site.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*incomekey\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*kakablog\.net.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*seotalk\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*urblog\.xyz.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*zapmeta\.fr.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*yhirurga\.ru.*$ [NC,OR] | |
| RewriteCond %{HTTP_REFERER} ^http(s)?://(www.)?.*youcare\.world.*$ [NC] | |
| # flags F (forbiden) L (stop propagation) | |
| RewriteRule ^(.*)$ – [F,L] | |
| # SPAM BOTS | |
| # https://pastebin.com/5Hw9KZnW | |
| # Abuse Agent Blocking | |
| RewriteCond %{HTTP_USER_AGENT} crawl [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} [Dd]ot[Bb]ot [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} Exabot [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} Python-urllib [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} Dalvik [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} Cliqzbot [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} SafeDNSBot [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} SemrushBot [NC,OR] | |
| RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC] | |
| # flags F (forbiden) L (stop propagation) | |
| RewriteRule ^.* - [F,L] |
Author
mistergraphx
commented
Jan 28, 2019
•
- v1.1.6 - Ajout du blocage de Google FloC
- v1.1.5 - correction d'un un retour en trop qui plantait apache + maj du cache control https://github.com/h5bp/server-configs-apache/blob/master/dist/.htaccess#L1046
- v1.1.3 - Sépare la liste spam crawlers/bots du htaccess et maj
- v1.1.2 - ajout du rejet de crawlers/robots
- v1.1.1 - maj de la liste des spam referer
Proposé par erational sur IRC
http://spip.pastebin.fr/56908
# Securite
Header always set X-Content-Type-Options "nosniff" # déjà intégéré
Header always set X-XSS-Protection "1; mode=block"
Header always set X-FRAME-OPTIONS "DENY"
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Header set Content-Security-Policy "script-src 'self' https://www.google.com"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment