### www.joomla-security.de # Version: 3v1 SMALL (2016-08-12) ### ############################################################################# ### This file is free software: you can redistribute it and/or modify ### ### it under the terms of the GNU General Public License as published by ### ### the Free Software Foundation, either version 3 of the License, or ### ### any later version. ### ### ### ### This file is distributed in the hope that it will be useful, ### ### but WITHOUT ANY WARRANTY; without even the implied warranty of ### ### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### ### GNU General Public License for more details. ### ### ### ### You should have received a copy of the GNU General Public License ### ### along with this file. If not, see . ### ############################################################################# ################################################# ##### ADDITIONAL SECURITY FUNCTIONS - START ##### ################################################# ##### Based upon: http://perishablepress.com/press/2009/03/16/the-perishable-press-4g-blacklist/ ##### and: http://docs.joomla.org/Htaccess_examples ########## Begin - ESSENTIALS RewriteEngine On ServerSignature Off Options All -Indexes IndexIgnore * Options +FollowSymLinks DirectoryIndex index.php index.html ########## End - ESSENTIALS ########## Begin - RewriteBase ## Uncomment following line if your webserver's URL ## is not directly related to physical file paths. ## Update Your Joomla! Directory (just / for root) # RewriteBase / ########## End - RewriteBase ########## Begin - Rule to block "?tp=1" RewriteCond %{QUERY_STRING} tp=(.*) RewriteRule ^(.*)$ index.php [F,L] ########## End - Rule to block "?tp=1" ########## Begin - Rule to block "?templateStyle" RewriteCond %{QUERY_STRING} templateStyle=(.*) RewriteRule ^(.*)$ index.php [F,L] ########## End - Rule to block "?templateStyle" ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # ## Deny access to extension xml files (uncomment out to activate) # #Order allow,deny #Deny from all #Satisfy all # ## End of deny access to extension xml files # Block out any script trying to base64_encode data within the URL. RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a