[Доступ запрещается в файле dom2.ru/docs/.htaccess] - Joomla 1.5: Общие вопросы

Доступ запрещается в файле dom2.ru/docs/.htaccess.
Вероятно, не все правила перенаправлений и запретов написаны корректно.

##
# @version $Id: htaccess.txt 21064 2011-04-03 22:12:19Z dextercowley $
# @package Joomla
# @copyright Copyright (C) 2005 - 2010 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##


#####################################################
#  READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your SEF url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

##  Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
#  mod_rewrite in use

RewriteEngine On

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension XML files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension XML files
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode data within the URL
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
########## End - Rewrite rules to block out some common exploits


########## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
########## End - Custom redirects


#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla! Directory (just / for root)

# RewriteBase /


########## Begin - Joomla! core SEF Section
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} (/[^.]*|\.(php|html?|feed|pdf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
########## End - Joomla! core SEF Section
##### Start ?tp=1 prevention######
 RewriteCond %{QUERY_STRING} tp=(.*)
 RewriteRule ^(.*)$ index.php [F,L]
##### End ?tp=1 prevention ######

######Открываем доступ только опредиленным IP:
Order Deny,Allow
Deny from all 
########################### 

#Запрещаем просмотр содержимого папки
Options All -Indexes
#Запрет на доступ к файлам с несколькими расширениями:
#<Files ~ "\.(conf|cfg)$">
#Deny from all
#</Files>

####### Блокируем выполнение некоторых потенциально опасных функций из сценариев php #######
php_flag disable_functions show_source
php_flag disable_functions system
php_flag disable_functions shell_exec
php_flag disable_functions passthru
php_flag disable_functions exec
php_flag disable_functions phpinfo
php_flag disable_functions popen
php_flag disable_functions proc_open 
### добавляем еще ###
php_flag disable_functions eval
php_flag disable_functions escapeshellarg
php_flag disable_functions escapeshellcmd
php_flag disable_functions proc_get_status
php_flag disable_functions proc_close
php_flag disable_functions chmod
php_flag disable_functions symlink
php_flag disable_functions fsocket
php_flag disable_functions pfsockopen
php_flag disable_functions fsockopen
php_flag disable_functions mail
php_flag disable_functions suhosin.executor.disable_emodifier
####### / Блокировки сценариев php #######


####### блокируем известные типы атак и программ, используемые для атак на сайты.#####
BrowserMatchNoCase ^libwww-perl blocktheaccess
BrowserMatchNoCase .*libwww-FM.* blocktheaccess
BrowserMatchNoCase ^wget blocktheaccess
BrowserMatchNoCase ^TeamSoft blocktheaccess
BrowserMatchNoCase &quot;^Express WebPictures&quot; blocktheaccess
BrowserMatchNoCase ^WebAuto blocktheaccess
BrowserMatchNoCase ^eCatch blocktheaccess
BrowserMatchNoCase ^InterGet blocktheaccess
BrowserMatchNoCase ^DOWNLOAD blocktheaccess
BrowserMatchNoCase ^Java1 blocktheaccess
BrowserMatchNoCase &quot;^Internet Ninja&quot; blocktheaccess
BrowserMatchNoCase &quot;^Teleport Pro&quot; blocktheaccess
BrowserMatchNoCase ^AllThumbs blocktheaccess
BrowserMatchNoCase ^Pockey-GetHTML blocktheaccess
BrowserMatchNoCase .*DnloadMage.* blocktheaccess
BrowserMatchNoCase .*HTTrack.* blocktheaccess
BrowserMatchNoCase .*WebLeacher.* blocktheaccess
BrowserMatchNoCase &quot;^Microsoft URL Control&quot; blocktheaccess
BrowserMatchNoCase ^Webdup blocktheaccess
BrowserMatchNoCase ^WebReaper blocktheaccess
BrowserMatchNoCase ^WebSauger blocktheaccess
BrowserMatchNoCase &quot;^Mister PiX&quot; blocktheaccess
BrowserMatchNoCase &quot;^Offline Explorer&quot; blocktheaccess
BrowserMatchNoCase &quot;^Download Ninja&quot; blocktheaccess
BrowserMatchNoCase ^Linkbot blocktheaccess
BrowserMatchNoCase &quot;.*Link Sleuth.*&quot; blocktheaccess
BrowserMatchNoCase ^SiteSnagger blocktheaccess
SetEnvIf Request_URI &quot;.*/phpwcms&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*/nonexistentfile.php$&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*/xmlrpc.php$&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*/adxmlrpc.php$&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*/cmd.php$&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*shell.php$&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*r57\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*c99\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*mod_pxt_latest\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*functions_mod_user\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*favorites\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*configuration\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*component\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*controller\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*router\.php&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*mosConfig_absolute_path&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*^(.*)CAST(.*)&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*^(.*)DECLARE(.*)&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*base64_encode.*\(.*\)&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*(\&lt;|%3C).*script.*(\&gt;|%3E)&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*GLOBALS(=|\[|\%[0-9A-Z]{0,2})&quot; blocktheaccess
SetEnvIf Request_URI &quot;.*_REQUEST(=|\[|\%[0-9A-Z]{0,2})&quot; blocktheaccess
SetEnvIfNoCase User-Agent &quot;^libwww-perl*&quot; blocktheaccess
Order deny,allow
Deny from env=blocktheaccess
####### / блокировки атак и программ#####

########## Блокируем плохиt боты и роботы ##########
SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
SetEnvIfNoCase user-Agent ^Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [NC,OR]
SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]
SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]
SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]
SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]
SetEnvIfNoCase user-Agent ^Zeus [NC]

######### блокируем змея

########## Конец - утилиты проникновения

######Открываем доступ только опредиленным IP:
#Order Deny,Allow
#Deny from all 
###########################