.DEFAULT .htaccess FILE TO USE

#FORCE HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#REMOVE www FROM URL IF PRESENT
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]
#SET CORRECT DOMAIN NAME ABOVEEEEEEEEEEEEEEEEEEEEEEEEEE<<<<!!!!


#----------- BEGIN REWRITE RULES TO BLOCK OUT COMMON EXPLOITS ----------
## If you experience problems on your site block out the operations listed below

# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]

# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]

# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

# Send all blocked request to homepage with 403 Forbidden error
RewriteRule ^(.*)$ index.php [F,L]

#---------- END REWRITE RULES TO BLOCK OUT SOME COMMON EXPLOITS ----------
Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.

Comments

Your email address will not be published. Required fields are marked *