Tektriks

Coding starts here

Secure site through HTACCESS

A collection of useful .htaccess codes.
To work all of these, add the following line at the beginning to your .htaccess file.

Options +FollowSymlinks 
RewriteEngine on
RewriteBase /

Deny all accessing your site
```
Deny All Access
```
Deny All Access Except Yours
```
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx	
```
Where xxx.xxx.xxx.xxx is your IP Address. If you replace the last three digits with 0/12 for example, this will specify a range of IPs within the same network, thus saving you the trouble to list all allowed IPs separately.

Allow All Access Except Spammers’

Order deny,allow
Allow from all
Deny from xxx.xxx.xxx.xxx
Deny from xxx.xxx.xxx.xxy

Deny Access to Hidden Files and Directories
Hidden files and directories (those whose names start with a dot `.`) should most, if not all, of the time be secured. For example: `.htaccess`, `.htpasswd`, `.git`, `.hg`…
```
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
```
Alternatively, you can just raise a `Not Found` error, giving the attacker dude no clue:
```
RedirectMatch 404 /\..*$
```

Deny Access to Backup and Source Files

These files may be left by some text/html editors (like Vi/Vim) and pose a great security danger, when anyone can access them.

<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
    ## Apache 2.2
    Order allow,deny
    Deny from all
    Satisfy All

    ## Apache 2.4
    # Require all denied
</FilesMatch>

Disable Image Hotlinking

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(.+\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]

If you want to display a “blocked” banner in place of the hotlinked image

RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(.+\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp) http://example.com/blocked.png [R,L]

Disable Image Hotlinking for Specific Domains

RewriteCond %{HTTP_REFERER} ^http(s)?://(.+\.)?badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(.+\.)?badsite2\.com [NC,OR]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

Block Visitors by Referrer

This denies access for all users who are coming from (referred by) a specific domain.

RewriteCond %{HTTP_REFERER} somedomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherdomain\.com
RewriteRule .* - [F]

Prevent Framing the Site
Protect Against ClickJacking. Supported web browsers will prevent an attacker/hacker from putting your website’s content into an iframe on another website.
```
<IfModule mod_headers.c>  
  Header always append X-Frame-Options SAMEORIGIN
</IfModule>
```

Prevent some cross-site scripting (XSS) attacks

<IfModule mod_headers.c>  
  Header set X-XSS-Protection "1; mode=block"
</IfModule>

Block access to a particular file

Block accessing .htaccess file

<Files .htaccess>
order allow,deny 
deny from all
</Files>

Block multiple file types

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
order allow,deny 
deny from all
</FilesMatch>

Changing server signature
To change the server signature which is displayed as part of the default Apache error documents, use the following code:
```
ServerSignature EMail
SetEnv SERVER_ADMIN nospace@pleasenospace.com 	
```
To remove the server signature completely, use the following code:
```
ServerSignature Off 	
```

Prevent access to php.ini

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>

Tektriks

Secure site through HTACCESS

Deny all accessing your site

Deny All Access Except Yours

Allow All Access Except Spammers’

Deny Access to Hidden Files and Directories

Deny Access to Backup and Source Files

Disable Image Hotlinking

Block Visitors by Referrer

Prevent Framing the Site

Prevent some cross-site scripting (XSS) attacks

Block access to a particular file

Changing server signature

Prevent access to php.ini

Donate Us

Categories

Latest posts

Recent Comments

Install Browser Addons