|
|
```
|
|
```
|
|
|
|
|
|
|
|
|
# exemplo bloqueando todos ips, exceto 1
|
|
|
|
#Deny from All
|
|
|
|
#Allow from 168.194.162.37
|
|
|
|
|
|
|
|
# exemplo bloqueando ips especificos
|
|
|
|
#Deny from 168.194.162.37
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
<IfModule mod_headers.c>
|
|
|
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$">
|
|
<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js|gif|png|jpe?g|svg|svgz|ico|webp)$">
|
|
|
Header set Access-Control-Allow-Origin "*"
|
|
Header set Access-Control-Allow-Origin "*"
|
|
|
</FilesMatch>
|
|
</FilesMatch>
|
|
|
|
|
|
|
|
<FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
|
|
|
|
Header set Cache-Control "max-age=2592000, public"
|
|
|
|
</FilesMatch>
|
|
|
|
|
|
|
|
<FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
|
|
|
|
Header append Vary: Accept-Encoding
|
|
|
|
</FilesMatch>
|
|
|
|
|
|
|
|
Header set Connection keep-alive
|
|
|
|
Header set Referrer-Policy "no-referrer"
|
|
|
|
Header set X-Frame-Options "sameorigin"
|
|
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
|
|
Header set X-Content-Type-Options "nosniff"
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
|
|
|
|
<IfModule mod_expires.c>
|
|
<IfModule mod_expires.c>
|
| ... | @@ -47,6 +68,12 @@ |
... | @@ -47,6 +68,12 @@ |
|
|
ExpiresByType font/woff "access plus 1 month"
|
|
ExpiresByType font/woff "access plus 1 month"
|
|
|
ExpiresByType application/font-woff2 "access plus 1 month"
|
|
ExpiresByType application/font-woff2 "access plus 1 month"
|
|
|
ExpiresByType text/x-cross-domain-policy "access plus 1 week"
|
|
ExpiresByType text/x-cross-domain-policy "access plus 1 week"
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
|
|
Header unset ETag
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
FileETag None
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
|
|
|
|
<IfModule mod_deflate.c>
|
|
<IfModule mod_deflate.c>
|
| ... | @@ -83,104 +110,38 @@ |
... | @@ -83,104 +110,38 @@ |
|
|
Header append Vary User-Agent env=!dont-vary
|
|
Header append Vary User-Agent env=!dont-vary
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
<IfModule mod_alias.c>
|
|
|
<FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
|
|
RedirectMatch 403 (?i)([a-z0-9]{2000,})
|
|
|
Header set Cache-Control "max-age=2592000, public"
|
|
RedirectMatch 403 (?i)(https?|ftp|php):/
|
|
|
</FilesMatch>
|
|
RedirectMatch 403 (?i)(base64_encode)(.*)(\()
|
|
|
</IfModule>
|
|
RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
|
|
|
|
|
RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$
|
|
|
<IfModule mod_headers.c>
|
|
RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
|
|
|
<FilesMatch "\.(js|css|xml|gz)$">
|
|
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)
|
|
|
Header append Vary Accept-Encoding
|
|
RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
|
|
|
</FilesMatch>
|
|
RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
|
|
|
|
RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
|
|
|
|
RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|webshell)\.php
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
<IfModule mod_setenvif.c>
|
|
|
Header set Connection keep-alive
|
|
SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
|
|
|
</IfModule>
|
|
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
|
|
|
|
|
|
|
|
<IfModule mod_expires.c>
|
|
<IfModule !mod_authz_core.c>
|
|
|
<IfModule mod_headers.c>
|
|
Order Allow,Deny
|
|
|
Header unset ETag
|
|
Allow from all
|
|
|
|
Deny from env=bad_bot
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
FileETag None
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
<IfModule mod_authz_core.c>
|
|
|
<FilesMatch ".(js|css|xml|gz|html|woff|woff2|ttf)$">
|
|
<RequireAll>
|
|
|
Header append Vary: Accept-Encoding
|
|
Require all Granted
|
|
|
</FilesMatch>
|
|
Require not env bad_bot
|
|
|
</IfModule>
|
|
</RequireAll>
|
|
|
|
|
</IfModule>
|
|
|
<IfModule mod_rewrite.c>
|
|
|
|
|
|
|
|
|
|
DirectoryIndex index.html index.php
|
|
|
|
|
|
|
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
|
|
|
|
|
#RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
|
|
|
|
|
RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
|
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_rewrite.c>
|
|
|
|
|
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
|
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_rewrite.c>
|
|
|
|
|
RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
|
|
|
|
|
RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
|
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_alias.c>
|
|
|
|
|
RedirectMatch 403 (?i)([a-z0-9]{2000,})
|
|
|
|
|
RedirectMatch 403 (?i)(https?|ftp|php):/
|
|
|
|
|
RedirectMatch 403 (?i)(base64_encode)(.*)(\()
|
|
|
|
|
RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
|
|
|
|
|
RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$
|
|
|
|
|
RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
|
|
|
|
|
RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\s|\{|\}|\[|\]|\|)
|
|
|
|
|
RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
|
|
|
|
|
RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
|
|
|
|
|
RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
|
|
|
|
|
RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|webshell)\.php
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_setenvif.c>
|
|
|
|
|
SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
|
|
|
|
|
SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
|
|
|
|
|
|
|
|
|
|
<IfModule !mod_authz_core.c>
|
|
|
|
|
Order Allow,Deny
|
|
|
|
|
Allow from all
|
|
|
|
|
Deny from env=bad_bot
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_authz_core.c>
|
|
|
|
|
<RequireAll>
|
|
|
|
|
Require all Granted
|
|
|
|
|
Require not env bad_bot
|
|
|
|
|
</RequireAll>
|
|
|
|
|
</IfModule>
|
|
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
|
|
|
|
|
<Limit GET HEAD OPTIONS POST PUT>
|
|
|
|
|
Order Allow,Deny
|
|
|
|
|
Allow from All
|
|
|
|
|
# uncomment/edit/repeat next line to block IPs
|
|
|
|
|
# Deny from 123.456.789
|
|
|
|
|
</Limit>
|
|
|
|
|
|
|
|
|
|
<files install.php>
|
|
<files install.php>
|
|
|
Order allow,deny
|
|
Order allow,deny
|
|
|
Deny from all
|
|
Deny from all
|
| ... | @@ -214,39 +175,70 @@ |
... | @@ -214,39 +175,70 @@ |
|
|
</FilesMatch>
|
|
</FilesMatch>
|
|
|
|
|
|
|
|
<IfModule mod_rewrite.c>
|
|
<IfModule mod_rewrite.c>
|
|
|
|
# BEGIN W3TC Page Cache core
|
|
|
RewriteEngine On
|
|
RewriteEngine On
|
|
|
RewriteBase /
|
|
RewriteBase /
|
|
|
|
RewriteCond %{HTTPS} =on
|
|
|
|
RewriteRule .* - [E=W3TC_SSL:_ssl]
|
|
|
|
RewriteCond %{SERVER_PORT} =443
|
|
|
|
RewriteRule .* - [E=W3TC_SSL:_ssl]
|
|
|
|
RewriteCond %{HTTP:X-Forwarded-Proto} =https [NC]
|
|
|
|
RewriteRule .* - [E=W3TC_SSL:_ssl]
|
|
|
|
RewriteCond %{HTTP:Accept-Encoding} gzip
|
|
|
|
RewriteRule .* - [E=W3TC_ENC:_gzip]
|
|
|
|
RewriteCond %{HTTP_COOKIE} w3tc_preview [NC]
|
|
|
|
RewriteRule .* - [E=W3TC_PREVIEW:_preview]
|
|
|
|
RewriteCond %{REQUEST_METHOD} !=POST
|
|
|
|
RewriteCond %{QUERY_STRING} =""
|
|
|
|
RewriteCond %{REQUEST_URI} \/$
|
|
|
|
RewriteCond %{HTTP_COOKIE} !(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle) [NC]
|
|
|
|
RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" -f
|
|
|
|
RewriteRule .* "/wp-content/cache/page_enhanced/%{HTTP_HOST}/%{REQUEST_URI}/_index%{ENV:W3TC_SSL}%{ENV:W3TC_PREVIEW}.html%{ENV:W3TC_ENC}" [L]
|
|
|
|
# END W3TC Page Cache core
|
|
|
|
|
|
|
|
# BEGIN WordPress
|
|
|
|
RewriteEngine On
|
|
|
|
RewriteBase /
|
|
|
|
|
|
|
|
DirectoryIndex index.html index.php
|
|
|
|
|
|
|
|
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
|
|
|
|
RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
|
|
|
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
|
|
|
|
RewriteRule .* - [F]
|
|
|
|
|
|
|
RewriteRule ^wp-admin/includes/ - [F,L]
|
|
RewriteRule ^wp-admin/includes/ - [F,L]
|
|
|
RewriteRule !^wp-includes/ - [S=3]
|
|
RewriteRule !^wp-includes/ - [S=3]
|
|
|
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
|
|
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
|
|
|
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
|
|
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
|
|
|
RewriteRule ^wp-includes/theme-compat/ - [F,L]
|
|
RewriteRule ^wp-includes/theme-compat/ - [F,L]
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
|
|
|
Header set Referrer-Policy "no-referrer"
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
|
|
|
Header set X-Frame-Options "sameorigin"
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
|
|
|
Header set X-XSS-Protection "1; mode=block"
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
<IfModule mod_headers.c>
|
|
# regras para wordpress padrão
|
|
|
Header set X-Content-Type-Options "nosniff"
|
|
|
|
|
</IfModule>
|
|
|
|
|
|
|
|
|
|
# BEGIN WordPress
|
|
|
|
|
<IfModule mod_rewrite.c>
|
|
|
|
|
RewriteEngine On
|
|
|
|
|
RewriteBase /
|
|
|
|
|
RewriteRule ^index\.php$ - [L]
|
|
RewriteRule ^index\.php$ - [L]
|
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
RewriteCond %{REQUEST_FILENAME} !-f
|
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
RewriteCond %{REQUEST_FILENAME} !-d
|
|
|
RewriteRule . /index.php [L]
|
|
RewriteRule . /index.php [L]
|
|
|
|
|
|
|
|
# regras para multisites
|
|
|
|
#RewriteRule ^index\.php$ - [L]
|
|
|
|
#RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
|
|
|
|
#RewriteCond %{REQUEST_FILENAME} -f [OR]
|
|
|
|
#RewriteCond %{REQUEST_FILENAME} -d
|
|
|
|
#RewriteRule ^ - [L]
|
|
|
|
#RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
|
|
|
|
#RewriteRule ^(.*\.php)$ $1 [L]
|
|
|
|
#RewriteRule . index.php [L]
|
|
|
|
# END WordPress
|
|
|
</IfModule>
|
|
</IfModule>
|
|
|
# END WordPress
|
|
|
|
|
``` |
|
``` |
|
\ No newline at end of file |
|
|
