October 2019
M T W T F S S
« Aug    
 123456
78910111213
14151617181920
21222324252627
28293031  

Categories

WordPress Quotes

The only man who never makes mistakes is the man who never does anything.
Theodore Roosevelt
October 2019
M T W T F S S
« Aug    
 123456
78910111213
14151617181920
21222324252627
28293031  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (268)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (1)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

19 visitors online now
7 guests, 12 bots, 0 members

Hit Counter provided by dental implants orange county

Apache mod_rewrite security rules for Web server harding

# Hardened Apache Mod_Rewrite Security Rule
# Ref: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
# NC = ‘nocase|NC’ (no case-sensitive)
# OR = ‘ornext|OR’ (or next condition)
# L = last rule
RewriteEngine on

# Allow only GET and POST verbs
# ‘Coz most vul scanners use HEAD for hunting buggy files existence
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Non-GUI Browsers
RewriteCond %{HTTP_USER_AGENT} ^.*(lynx|wget).* [NC,OR]

# Ban Typical Vulnerability Scanners and others

RewriteCond %{HTTP_USER_AGENT} ^()$ [NC,OR] # void of UserAgent

# Known Web vulnerabilty Scanners

RewriteCond %{HTTP_USER_AGENT} ^.*(syhunt|sqlmap|WhatWeb|Netsparker|w3af|Nstalker|acunetix|qualys|nikto|wikto|pikto|pykto).* [NC,OR]

# Random Underground Web Exploit Scanners

RewriteCond %{HTTP_USER_AGENT} ^.*(javascript\:alert|0d\s0a|ZeW|SlimBrowser|drone|DataCha|SBIder|Shelob|MobileRunner|Microsoft\sOffice|Plesk|Itah|Mosill|Internet\sExplorer\s4\.01|al_viewer|NetSeer|MSFrontPage|Yandex|webcollage|lwp\-trivial|Isidorus|core\-project|\<script\>|Toata\sdragostea\smea\spentru\sdiavola|StackRambler|Firebat|Y\!J\-SRD|ZmEu|libwww|perl|java|curl|ruby|python|scan|fuck|kiss|ass|Morfeus|0wn|hack|h4x|h4x0r).* [NC,OR]
# Denial-of-Service Tool
RewriteCond %{HTTP_USER_AGENT} ^.*(ApacheBench).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(WWW\-Mechanize|revolt|Crawl|Mail\.Ru|Walker|sbide|findlinks|spide|Ace\sExplorer|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]

# Disable access to cgi-bins if not used
RewriteCond %{REQUEST_URI} ^/(cgi\.cgi|webcgi|cgi\-914|cgi\-915|bin|cgi|mpcgi|cgi\-bin|ows\-bin|cgi\-sys|cgi\-local|htbin|cgibin|cgis|scripts|cgi\-win|fcgi\-bin|cgi\-exe|cgi\-home|cgi\-perl|scgi\-bin)/ [NC,OR]
# Block out common attack strings
# Additional filtering can be put into
# HTTP_USER_AGENT, HTTP_REFERER, HTTP_COOKIE,HTTP_FORWARDED,HTTP_ACCEPT

# Directory Traversal, Null Byte Injection, HTTP Response Splitting
RewriteCond %{QUERY_STRING} ^.*(\.\.\/|\.\.%2f|\.\.%5C|\.\.%252F|\.\.%255C|\.\.%u2215|%u002e%u002e%u2215|%252e%252e%252f|%00|\\x00|\\u00|%5C00|%09|%0D%0A) [NC,OR]

# SQL Injection Probing
RewriteCond %{QUERY_STRING} ^.*(\@\@version|CHR\(|CHAR\(|UNION%20SELECT|/select/|/union/|/insert/|/update/|/delete/).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(or|and)%20([0-9]=[0-9]).* [NC,OR]
# Remote/Local File Inclusion
# RFI: yoursite.com/?pg=http://evil.com/shell.txt?
# LFI: yoursite.com/?pg=/logs/access_log?
RewriteCond %{QUERY_STRING} .*(=https|=http|=ftp)(://|%3a%2f%2f).*\?$ [NC,OR]
RewriteCond %{QUERY_STRING} (\/access_log|boot\.ini|\/etc\/passwd|%2Fetc%2Fpasswd|c:\\boot\.ini|c%3A\\boot\.ini|c:\/boot\.ini|c:%2Fboot\.ini|c%3A%2Fboot\.ini|c:boot\.ini|c%3Aboot\.ini).* [NC,OR]

# PHP Version Probing
RewriteCond %{QUERY_STRING} ^(=PHP).* [NC,OR]

# XSS Probing
RewriteCond %{QUERY_STRING} ^.*(\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(/XSS/).* [NC,OR]

# PHP GLOBALS Overriding
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]

# PHP REQUEST variable Overriding
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]

# PHP Command Injection Probing
# vuln.php?exec=uname -a;ls -al;whoami
RewriteCond %{QUERY_STRING} ^.*(=|;)(uname%20-|ls%20-|whoami).* [NC,OR]

# PHP CGI code execution

RewriteCond %{QUERY_STRING} ^[^=]*$ [OR]

RewriteCond %{QUERY_STRING} %2d|\-

# Deny access
RewriteRule ^(.*)$ /path/to/friendly_errror.php [F,L]

 

 

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam