所有分类
  • 所有分类
  • 网站模板
  • 设计素材
  • 办公素材
  • 站长素材
  • 软件资源
当前位置: 正文

织梦网站安全htaccss规则防火墙脚本_织梦网络安全设置

2023-11-24 教程 7 推广
本文章htaccess规则是一款强大的防火墙脚本,轻巧且超快。它努力在安全性和性能之间实现***佳平衡,直接构架在htaccess规则上,服务器不用安装第三方软件工具,直接补充网站安全。
 
一、以下是该htaccss规则防火墙的一些主要功能和目标:
通过简单实现安全
广泛的防火墙保护
进行微调以***大程度减少误报
轻巧(仅12KB!),模块化,灵活且快速
完全即插即用,无需配置
提高安全性,减少服务器负载并节省资源
Git / SVN友好(不阻止svn / git文件等)
开源,易于使用且完全免费
100%与WordPress兼容
更好的不良机器人检测
内置网站安全日志记录
 
二、htaccss规则防火墙可抵御多种类型的攻击和威胁,包括:
 
目录遍历
HTTP响应拆分
(XSS)跨站点脚本
缓存中毒
双头漏洞
SQL / PHP /代码注入
文件注入/包含
空字节注入
WordPress漏洞利用,例如revslider,timthumb,fckeditor等
漏洞利用,例如c99shell,phpshell,remoteview,站点复印机等
PHP信息泄漏
此外,htaccss规则防火墙防火墙可抵御各种恶意请求,恶意程序,垃圾邮件和其他胡扯。此外,htaccss规则防火墙使用Apache的mod_rewrite,因此它适用于所有类型的HTTP请求方法:GET,POST,PUT,DELETE和其他所有方法。这意味着为您的网站提供强大的保护。
 
三、要求
这是htaccss规则防火墙的***要求:
 
Apache服务器
启用mod_rewrite
访问.htaccess或配置

四、 网站安全htaccss规则防火墙脚本 如下:

# moban:[CORE]
ServerSignature Off
Options -Indexes
RewriteEngine On
RewriteBase /

# moban:[QUERY STRING]
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} !(moban_log.php) [NC]
	
	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)(*|%2a)(*|%2a)(/|%2f) [NC,OR]
	RewriteCond %{QUERY_STRING} (~|`|<|>|^||\|0x00|%00|%0d%0a) [NC,OR]
	RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
	RewriteCond %{QUERY_STRING} (fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((.|%2e)inc)?((.|%2e)php) [NC,OR]
	RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((.|%2e)php) [NC,OR]
	RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
	RewriteCond %{QUERY_STRING} (localhost|loopback|127(.|%2e)0(.|%2e)0(.|%2e)1) [NC,OR]
	RewriteCond %{QUERY_STRING} (.|20)(get|the)(_|%5f)(permalink|posts_page_url)((|%28) [NC,OR]
	RewriteCond %{QUERY_STRING} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
	RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|[|%[a-z0-9]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} ((boot|win)((.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
	RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((.|%2e){3,3})|((.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
	RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)((|%28)(.*)()|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
	RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)((|%28)(.*)()|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(.|%2e)) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
	RewriteCond %{QUERY_STRING} (+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(+|%2b|%20) [NC,OR]
	RewriteCond %{QUERY_STRING} (\x00|("|%22|'|%27)?0("|%22|'|%27)?(=|%3d)("|%22|'|%27)?0|cast((|%28)0x|or%201(=|%3d)1) [NC,OR]
	RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|[|%[0-9A-Z]{0,2}) [NC,OR]
	RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|)|%29) [NC,OR]
	RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(()(.*)()) [NC,OR]
	RewriteCond %{QUERY_STRING} (allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|(c99|php)shell|curltest|disable_functions?|document_root|elastix|encodeuricom|exec|exploit|fclose|fgets|fputs|fsbuff|fsockopen|gethostbyname|grablogin|hmei7|input_file|load_file|null|open_basedir|outfile|passthru|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sux0r|trojan|wget|xertive) [NC,OR]
	RewriteCond %{QUERY_STRING} (;|<|>|'|"|)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/*|alter|base64|benchmark|cast|char|concat|convert|create|encode|declare|delete|drop|insert|md5|order|request|script|select|set|union|update) [NC,OR]
	RewriteCond %{QUERY_STRING} ((+|%2b)(concat|delete|get|select|union)(+|%2b)) [NC,OR]
	RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)((|%28) [NC,OR]
	RewriteCond %{QUERY_STRING} (concat)(.*)((|%28) [NC]
	
	RewriteRule .* - [F,L]
	
	# RewriteRule .* /moban_log.php?log [L,NE,E=moban_QUERY_STRING:%1___%2___%3]
	
</IfModule>

# moban:[REQUEST URI]
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} !(moban_log.php) [NC]
	
	RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{REQUEST_URI} (=?\('|%27)/?)(.) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(*|"|'|.|,|&|&amp;?)/?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (.)(php)(()?([0-9]+)())?(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(vbulletin|boards|vbforum)(/)? [NC,OR]
	RewriteCond %{REQUEST_URI} (^|~|`|<|>|,|%|\|{|}|[|]||) [NC,OR]
	RewriteCond %{REQUEST_URI} (.(s?ftp-?)config|(s?ftp-?)config.) [NC,OR]
	RewriteCond %{REQUEST_URI} ({0}|"?0"?="?0|(/(|...|+++|\") [NC,OR]
	RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)(.php) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(fck|ckfinder|fullclick|ckfinder|fckeditor) [NC,OR]
	RewriteCond %{REQUEST_URI} (.|20)(get|the)(_)(permalink|posts_page_url)(() [NC,OR]
	RewriteCond %{REQUEST_URI} (///|??|/&&|/*(.*)*/|/:/|\\|0x00|%00|%0d%0a) [NC,OR]
	RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(=|$&?|&?(pws|rk)=0|_mm|_vti_|cgi(.|-)?|(=|/|;|,)nt.) [NC,OR]
	RewriteCond %{REQUEST_URI} (.)(conf(ig)?|ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127.0.0.1|localhost|loopback|makefile|pingserver|wwwroot)(/)? [NC,OR]
	RewriteCond %{REQUEST_URI} ((null)|{$itemURL}|cAsT(0x|echo(.*)kae|etc/passwd|eval(|self/environ|+union+all+select) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(awstats|(c99|php|web)shell|document_root|error_log|listinfo|muieblack|remoteview|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
	RewriteCond %{REQUEST_URI} (/)((php|web)?shell|conf(ig)?|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(.|() [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(author-panel|bitrix|class|database|(db|mysql)-?admin|filemanager|htdocs|httpdocs|https?|mailman|mailto|msoffice|mysql|_?php-?my-?admin(.*)|sql|system|tmp|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
	RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|child_terminate|e?chr|eval|exec|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo|posix_(kill|mkfifo|setpgid|setsid|setuid)|proc_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(()(.*)()) [NC,OR]
	RewriteCond %{REQUEST_URI} (.)(7z|ab4|afm|aspx?|bash|ba?k?|bz2|cfg|cfml?|cgi|conf(ig)?|ctl|dat|db|dll|eml|et2|exe|fec|fla|hg|inc|ini|inv|jsp|log|lqd|mbf|mdb|mmw|mny|old|one|out|passwd|pdb|pl|psd|pst|ptdb|pwd|py|qbb|qdf|rar|rdf|sdb|sql|sh|soa|swf|swl|swp|stx|tar|tax|tgz|tls|tmd|wow|zlib)$ [NC,OR]
	RewriteCond %{REQUEST_URI} (/)(^$|00.temp00|0day|3xp|70bex?|admin_events|bkht|(php|web)?shell|configbak|curltest|db|dompdf|filenetworks|hmei7|index.php/index.php/index|jahat|kcrew|keywordspy|mobiquo|mysql|nessus|php-?info|racrew|sql|ucp|webconfig|(wp-)?conf(ig)?(uration)?|xertive)(.php) [NC]
	
	RewriteRule .* - [F,L]
	
	# RewriteRule .* /moban_log.php?log [L,NE,E=moban_REQUEST_URI:%1___%2___%3]
	
</IfModule>

# moban:[USER AGENT]
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} !(moban_log.php) [NC]
	
	RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ((c99|php|web)shell|remoteview|site((.){0,2})copier) [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|lwp-download|unserialize|\") [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} (360Spider|acapbot|acoonbot|ahrefs|alexibot|asterias|attackbot|backdorbot|becomebot|binlar|blackwidow|blekkobot|blexbot|blowfish|bullseye|bunnys|butterfly|careerbot|casper|checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|cy_cho|datacha|demon|diavol|discobot|dittospyder|dotbot|dotnetdotcom|dumbot|emailcollector|emailsiphon|emailwolf|exabot|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httrack|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|linkextractor|linkscan|linkwalker|loader|miner|majestic|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nutch|octopus|pagegrabber|planetwork|postrank|proximic|purebot|pycurl|python|queryn|queryseeker|radian6|radiation|realdownload|rogerbot|scooter|seekerspider|semalt|seznambot|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot|sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker|winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
	
	RewriteRule .* - [F,L]
	
	# RewriteRule .* /moban_log.php?log [L,NE,E=moban_USER_AGENT:%1]
	
</IfModule>

# moban:[REMOTE HOST]
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} !(moban_log.php) [NC]
	
	RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
	
	RewriteRule .* - [F,L]
	
	# RewriteRule .* /moban_log.php?log [L,NE,E=moban_REMOTE_HOST:%1]
	
</IfModule>

# moban:[HTTP REFERRER]
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} !(moban_log.php) [NC]
	
	RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC,OR]
	RewriteCond %{HTTP_REFERER} (ambien|bluespill|cialis|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]

	RewriteRule .* - [F,L]
	
	# RewriteRule .* /moban_log.php?log [L,NE,E=moban_HTTP_REFERRER:%1]
	
</IfModule>

# moban:[REQUEST METHOD]
<IfModule mod_rewrite.c>
	
	RewriteCond %{REQUEST_URI} !(moban_log.php) [NC]
	
	RewriteCond %{REQUEST_METHOD} ^(connect|debug|delete|move|put|trace|track) [NC]
	
	RewriteRule .* - [F,L]
	
	# RewriteRule .* /moban_log.php?log [L,NE,E=moban_REQUEST_METHOD:%1]
	
</IfModule>

织梦cms

感谢您阅读这篇织梦网站安全htaccss规则防火墙脚本_织梦网络安全设置文章,希望可以帮助您解决使用织梦cms途中的问题,更多相关织梦cms教程关注我们万条网吧。

文章原文链接:https://www.wantiao.net/35458.html,转载请注明出处。
免责声明:本站资源均来自互联网,仅供研究学习使用,禁止违法违规使用,产生法律纠纷本站概不负责!本站信息来源于网络,版权争议与本站无关。如有侵权请邮件与我们联系处理,敬请谅解!
0

猜你喜欢

织梦cms定时自动更新首页的方法_织梦cms前台首页地址
教程

织梦dedecms定时自动更新首页的方法如下: 1、在 根目录/plus 目录下新建一个p...
2023-12-13 5 0
DedeCms织梦 tag标签静态化教程_织梦dedecms网站后台基本设置大全
教程

dedecms tag标签静态化方法-dedecms tag标签静态化教程 一、dede后台开启伪静...
2023-12-13 5 0
Dedecms/织梦模板cms建站经验和技巧总结_织梦dedecms建站视频教程
教程

Dedecms是目前国内cms的龙头老大,相信没多少人有异议。本人从2009年开始用dede...
2023-12-13 5 0
使用phpstudy时织梦cms后台页面空白解决方法(PHP版本原因)
教程

今天把电脑上的phpStudy升级到2018版。在登录本地织梦dedecms5.7时,/dede/login...
2023-12-13 5 0
织梦cms远程附件图片整合阿里云存储OSS插件教程
教程

使用阿里云存储OSS实现图片的远程附件有一段时间了,因为手头上一直有东西在做没...
2023-12-13 5 0
给织梦cms织梦后台添加文章下载远程图片失败加个提醒功能
教程

用过dedecms建站的朋友都知道,dedecms后台自带了下远程图片的功能,让我们从其...
2023-12-13 4 0

评论0

请先

首页 发现 VIP 我的
疫情期间优惠活动!原360元包年VIP,现128元;原588元终身VIP,现158元。随着资源不断增多,随时提价!立即查看
显示验证码
没有账号?注册  忘记密码?

社交账号快速登录