-
Notifications
You must be signed in to change notification settings - Fork 1
/
.htaccess
361 lines (330 loc) · 17.8 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
# Complete .htaccess
# @author Joshua Canfield (Code Clarity)
# @url http://forr.st/~DCW
# @license The PostgreSQL Licence (PostgreSQL)
# Copyright (c) 2011-2012, Code Clarity (Joshua Canfield) <www.icodeclarity.com>
#
# Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement is
# hereby granted, provided that the above copyright notice and this paragraph and the following two paragraphs appear in all copies.
#
# IN NO EVENT SHALL CODE CLARITY (Joshua Canfield) BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS,
# ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF $ORGANISATION HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# CODE CLARITY (Joshua Canfield) SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
# FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND CODE CLARITY (Joshua Canfield) HAS NO OBLIGATIONS TO
# PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
# Thanks to Code-Kickoff (http://www.codekickoff.com/), yourdomain.org, @Zywigby (Charlie Key - http://forr.st/~IG8) and others.
# (If you see your code snippets, please notify me.)
## Basic Settings
# (Allowing Execution of CGI Scripts, Following Symbolic Links and Not Allowing Public Viewing of Folders without an Index file)
Options +execCGI +FollowSymLinks
Options All -Indexes
## Basic Error Documents
# (Will add more soon. I typically have all error messages filter through a PHP file and use 404.php to display the error and direct the user)
ErrorDocument 404 /404.php
ErrorDocument 401 /404.php
ErrorDocument 403 /404.php
ErrorDocument 500 /404.php
## Restrict Access to Domain/Folder by Order and Allow
# (My current setup blocks known spammers that have DDoS Attacked me recently. Remove deny rules if needed)
order allow,deny
deny from 205.203.134.197
deny from 109.230.246.24
deny from 85.17.26.202
deny from 85.17.26.196
deny from 109.230.246.*
allow from all
#3 Remove ETags (To learn more visit http://developer.yahoo.com/performance/rules.html#etags)
Header unset ETag
FileETag None
## Use standardized UTF-8 for text/plain or text/html
AddDefaultCharset utf-8
## Force UTF-8 Character Set for specific File Types
AddCharset utf-8 .html .css .js .xml .json .rss
DefaultLanguage en-US
## htaccess for mod_php
# SetEnv PHPRC /location/todir/containing/phpinifile
## htaccess for PHP as CGI
# AddHandler php-cgi .php .htm
# Action php-cgi /cgi-bin/php5.cgi
## Disallow Script Execution
# Options -ExecCGI
# AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
## Redirect Mobile Browser Accessing /siteurltoredirect
# RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
# RewriteRule ^yourdomain.com$ http://mobile.yourdomain.com [R,L]
## Gzip and Compression
# (Ref1) Add custom mime type, to be able to use it in the 'AddOutputFilterByType' declaration (gzip font-face files: http://www.phpied.com/gzip-your-font-face-files/)
# (Ref2) Proper svg serving. Required for svg webfonts on iPad (http://twitter.com/FontSquirrel/status/14855840545)
# (Ref3) Apache 1.3 uses mod_gzip while Apache 2.x uses mod_deflate (http://httpd.apache.org/docs/2.0/mod/mod_deflate.html)
# (Ref4) Enable the compression (gzip) for any type of content SetOutputFilter DEFLATE Or (alternatively) define which filetypes should pass through the DEFLATE output filter (gzip compression)
# (Ref5) Turn-off (or restrict) compression to files of type text/html for known problematic web browsers
# (Ref6) File types not to be compressed
# (Ref7) Make sure proxies don't deliver the wrong content
# (Ref8) Allow access from all domains for webfonts (alternatively you could only whitelist your subdomains like "sub.domain.com")
<IfModule mod_headers.c>
<IfModule mod_mime.c> #Ref1
AddType application/vnd.ms-fontobject .eot
AddType font/truetype .ttf
AddType font/opentype .otf
AddType font/woff .woff
AddType image/svg+xml svg svgz #Ref2
AddEncoding gzip svgz
</IfModule>
<IfModule mod_deflate.c> #Ref3
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json #Ref4
<FilesMatch "\.(ttf|otf|woff|eot|svg|svgz)$" >
SetOutputFilter DEFLATE
</FilesMatch>
BrowserMatch ^Mozilla/4 gzip-only-text/html #Ref5
BrowserMatch ^Mozilla/4\.0[678] no-gzip
## BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48 the above regex won't work. You can use the following workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary #Ref6
SetEnvIfNoCase Request_URI \.(?:swf|flv|pdf)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:avi|mov)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:mp3|mp4)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary #Ref7
</IfModule>
<FilesMatch "\.(ttf|otf|eot|woff|font.css)$"> #Ref8
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
</IfModule>
## Setup Custom Headers
# Header set P3P "policyref=\"http://www.yourdomain.com/w3c/p3p.xml\""
# Header set X-Pingback "http://www.yourdomain.com/xmlrpc.php"
# Header set Content-Language "en-US"
# Header set Vary "Accept-Encoding"
## Force the latest IE version, in various cases when it may fall back to IE7 mode. (http://github.com/rails/rails/commit/123eb25#commitcomment-118920)
# Use ChromeFrame if it's installed for a better experience for the poor IE folk
<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1" env=ie
</IfModule>
</IfModule>
## Add values from HTTP Headers
# SetEnvIfNoCase ^If-Modified-Since$ "(.+)" HTTP_IF_MODIFIED_SINCE=$1
# SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
# SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
# SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
# SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
# SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
# SetEnvIfNoCase ^Cookie$ "(.+)" HTTP_MY_COOKIE=$1
## Allow combination of Javascript and CSS Stylesheets
# ie. Inside of script.combined.js you could have
# <!--#include file="jquery-1.4.2.js" -->
# <!--#include file="jquery.idletimer.js" -->
# and they would be included into this single file this is not in use in the boilerplate as it stands. you may choose to name your files in this way for this advantage or concatenate and minify them manually.
# Disabled by default.
#
# <FilesMatch "\.combined\.(js|css)$">
# Options +Includes
# SetOutputFilter INCLUDES
# </FilesMatch>
## Setup Cache-Control and Expires by File Types
<IfModule mod_expires.c>
<FilesMatch "\.(gif|jpg|jpeg|png|swf|flv|pdf|ico|avi|mov|ppt|doc|mp3|wmv|wav|txt|css|js|html?|php|xml|eot|ttf|otf|woff)$">
ExpiresActive On
Header unset Last-Modified
Header set Expires "Fri, 21 Dec 2013 00:00:00 GMT"
Header set Cache-Control "public, no-transform"
ExpiresDefault "access plus 1 year"
FileETag Size
</FilesMatch>
<FilesMatch "\.(gif|jpg|jpeg|png|swf|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|txt|eot|ttf|otf|woff)$">
Header append Cache-Control: public
</FilesMatch>
<FilesMatch "\.(css|js|html?|php|xml)$">
Header append Cache-Control: private
</FilesMatch>
</IfModule>
## Caching by Content Type using mod_expires.c
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A86400
ExpiresByType image/x-icon A2592000
ExpiresByType application/x-javascript A2592000
ExpiresByType text/css A2592000
ExpiresByType image/gif A604800
ExpiresByType image/png A604800
ExpiresByType image/jpeg A604800
ExpiresByType text/plain A604800
ExpiresByType application/x-shockwave-flash A604800
ExpiresByType video/x-flv A604800
ExpiresByType application/pdf A604800
ExpiresByType text/html A900
</IfModule>
## Cache-Control by File Type
<FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf)$">
Header set Cache-Control "max-age=7257600" # 3 Months
</FilesMatch>
<FilesMatch "\.(js|css|pdf|txt)$">
Header set Cache-Control "max-age=604800" # 1 Week
</FilesMatch>
<FilesMatch "\.(html|htm)$">
Header set Cache-Control "max-age=600" # 10 Minutes
</FilesMatch>
<FilesMatch "\.(pl|php|cgi|spl)$">
Header unset Cache-Control
Header unset Expires
Header unset Last-Modified
FileETag None
Header unset Pragma # No Caching
</FilesMatch>
## Redirect old links or pages using 301
# <IfModule mod_rewrite.c>
# RewriteEngine On
# RewriteBase /
# RewriteRule ^somedirectory/(.*)$ http://yourdomain.com/page.php [L,R=301] # Redirect Directory to Specific Page
# RewriteRule ^page.html$ http://www.yourdomain.com/newpage.php [L,R=301] # Redirect Specific Page to Specific Page
# </IfModule>
## Alternative Redirection
# Redirect 301 / http://www.yourdomain.com
# RedirectMatch 301 /blog(.*) /$1
# RedirectMatch 302 ^/ /temporary-offline.html
RedirectMatch 301 ^/(.*)$ http://www.yourdomain.com/$1
## Protect your php.ini
# (http://www.askapache.com/htaccess/htaccess.html#mod_rewrite-examples)
# <FilesMatch "^php5?\.(ini|cgi)$">
# Order Deny,Allow
# Deny from All
# Allow from env=REDIRECT_STATUS
# </FilesMatch>
## Deny Request Methods
# (http://www.askapache.com/htaccess/htaccess.html#mod_rewrite-examples)
# RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|OPTIONS|POST|PUT)
# RewriteRule .* - [F]
## Refuse Hotlinking of Files and Images
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain.com/.*$ [NC]
# RewriteRule \.(gif|jpg|swf|flv|png)$ http://www.yourdomain.com/feed.gif [R=302,L]
## Alternative Hotlinking Fix
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
# RewriteCond %{HTTP_REFERER} !^http://www.askapache.com.*$ [NC]
# RewriteRule \.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$ - [F,NS,L]
## Redirect Bad Bots and Spammers
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^(aesop_com_spiderman|alexibot|backweb|bandit|batchftp|bigfoot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(black.?hole|blackwidow|blowfish|botalot|buddy|builtbottough|bullseye) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(cheesebot|cherrypicker|chinaclaw|collector|copier|copyrightcheck) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(cosmos|crescent|curl|custo|da|diibot|disco|dittospyder|dragonfly) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(drip|easydl|ebingbong|ecatch|eirgrabber|emailcollector|emailsiphon) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(emailwolf|erocrawler|exabot|eyenetie|filehound|flashget|flunky) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(grafula|harvest|hloader|hmview|httplib|httrack|humanlinks|ilsebot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(infonavirobot|infotekies|intelliseek|interget|iria|jennybot|jetcar) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(joc|justview|jyxobot|kenjin|keyword|larbin|leechftp|lexibot|lftp|libweb) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(likse|linkscan|linkwalker|lnspiderguy|lwp|magnet|mag-net|markwatch) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(mata.?hari|memo|microsoft.?url|midown.?tool|miixpc|mirror|missigua) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(mister.?pix|moget|mozilla.?newt|nameprotect|navroad|backdoorbot|nearsite) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(net.?vampire|netants|netcraft|netmechanic|netspider|nextgensearchbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(attach|nicerspro|nimblecrawler|npbot|octopus|offline.?explorer) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(offline.?navigator|openfind|outfoxbot|pagegrabber|papa|pavuk) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(pcbrowser|php.?version.?tracker|pockey|propowerbot|prowebwalker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(psbot|pump|queryn|recorder|realdownload|reaper|reget|true_robot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(repomonkey|rma|internetseer|sitesnagger|siphon|slysearch|smartdownload) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(snake|snapbot|snoopy|sogou|spacebison|spankbot|spanner|sqworm|superbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(superhttp|surfbot|asterias|suzuran|szukacz|takeout|teleport) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(telesoft|the.?intraformant|thenomad|tighttwatbot|titan|urldispatcher) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(turingos|turnitinbot|urly.?warning|vacuum|vci|voideye|whacker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^(libwww-perl|widow|wisenutbot|wwwoffle|xaldon|xenu|zeus|zyborg|anonymouse) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^web(zip|emaile|enhancer|fetch|go.?is|auto|bandit|clip|copier|master|reaper|sauger|site.?quester|whack) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures).*$ [NC]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
</IfModule>
## Block Common Exploits
# *Caution* These fixes can break plugins and modules. Use with caution please.
# RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
# RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
# RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
# RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
# RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
# RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
# RewriteRule .* - [F,NS,L]
## Forbid Proxy Servers
# RewriteCond %{REQUEST_METHOD} =POST
# RewriteCond %{HTTP:VIA}%{HTTP:FORWARDED}%{HTTP:USERAGENT_VIA}%{HTTP:X_FORWARDED_FOR}%{HTTP:PROXY_CONNECTION} !^$ [OR]
# RewriteCond %{HTTP:XPROXY_CONNECTION}%{HTTP:HTTP_PC_REMOTE_ADDR}%{HTTP:HTTP_CLIENT_IP} !^$
# RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
# RewriteRule .* - [F,NS,L]