Joomla - htaccess mal anders
.htaccess ist unter Windows direkt nicht bearbeitbar, bietet etliche Modfikationsmöglichkeiten, anhand des Beispiels unten kann die einzelnen Möglichkeiten ansehen.
### www.Joomla-Security.de # Version: 5 (2010-10-08) ###
#########################################################
#################################################
##### ADDITIONAL SECURITY FUNCTIONS - START #####
#################################################
##### Source: http://perishablepress.com/press/2009/03/16/the-perishable-press-4g-blacklist/
### PERISHABLE PRESS 4G BLACKLIST ###
### ESSENTIALS
RewriteEngine On
ServerSignature Off
Options All -Indexes
Options +FollowSymLinks
### FILTER REQUEST METHODS
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [R=404,L]
### BLOCK SOME USER AGENTS
RewriteCond %{HTTP_USER_AGENT} ^Java|HTTrack|Baiduspider|CligooRobot|TrackBack|Jakarta|libwww-perl|Wget
RewriteRule ^(.*)$ - [R=404,L]
### QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|'|"|\?|\*|%%|&%%|&"|").* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [R=404,L]
RedirectMatch 404 \@
###############################################
##### ADDITIONAL SECURITY FUNCTIONS - END #####
###############################################
#########################################################
##### ADDITIONAL JOOMLA! SECURITY FUNCTIONS - START #####
#########################################################
########## Begin - Rule to block "?tp=1"
RewriteCond %{QUERY_STRING} tp=(.*)
RewriteRule ^(.*)$ index.php [F,L]
########## End - Rule to block "?tp=1"
########## Begin - Rule to block "?template"
RewriteCond %{QUERY_STRING} template=(.*)
RewriteRule ^(.*)$ index.php [F,L]
########## End - Rule to block "?template"
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
########## Begin - Deny access to some files
<Files .htaccess>
Order Deny,Allow
Deny from all
</Files>
<Files configuration.php>
Order Deny,Allow
Deny from all
</Files>
########## End - Deny access to some files
#######################################################
##### ADDITIONAL JOOMLA! SECURITY FUNCTIONS - End #####
#######################################################
##############################################
##### ADDITIONAL CACHE FUNCTIONS - START #####
##############################################
### Compress the output with gzip
AddOutputFilterByType deflate text/html text/plain text/css text/javascript application/javascript application/x-javascript application/rss+xml
### Set the default character set
AddDefaultCharset utf-8
<IfModule mod_headers.c>
<FilesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=33135480, public"
</FilesMatch>
<FilesMatch "\\.(css)$">
Header set Cache-Control "max-age=1, public, must-revalidate"
</FilesMatch>
<FilesMatch "\\.(js)$">
Header set Cache-Control "max-age=216000, private"
</FilesMatch>
<FilesMatch "\\.(xml|txt)$">
Header set Cache-Control "max-age=216000, public, must-revalidate"
</FilesMatch>
<FilesMatch "\\.(html|htm|php)$">
Header set Cache-Control "max-age=33135480, public"
</FilesMatch>
</IfModule>
############################################
##### ADDITIONAL CACHE FUNCTIONS - END #####
############################################
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root)
# RewriteBase /
#############################################
##### CUSTOM HTACCESS FUNCTIONS - START #####
#############################################
### Redirect from "deluxe-it.ch" to "www.deluxe-it.ch" (uncomment out to activate)
#RewriteCond %{HTTP_HOST} ^([0-9a-z-]+)\.ch$ [NC]
#RewriteRule ^(.*)$ http://www.deluxe-it.ch/$1 [R=301,L]
###########################################
##### CUSTOM HTACCESS FUNCTIONS - END #####
###########################################
########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section
########## Begin - Error documents
#
ErrorDocument 401 "404 Not Found!
ErrorDocument 403 "404 Not Found!
ErrorDocument 404 "404 Not Found!
ErrorDocument 500 "Internal Server Error!
#
########## End - Error documents
