############################################################################################## ###################### Allgemeines ########################################################## # PHP-Version # AddHandler x-httpd-php7.2 .php # AddHandler x-httpd-php7.3 .php # AddHandler x-httpd-php7.4 .php # AddHandler x-httpd-php8.0 .php # PHP-Version mit aktiviertem OPcache laufen lassen # AddHandler x-httpd-opcache-php7.2 .php # AddHandler x-httpd-opcache-php7.3 .php # AddHandler x-httpd-opcache-php7.4 .php # AddHandler x-httpd-opcache-php8.0 .php Header always set X-Content-Type-Options "nosniff" #Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains;" Header set X-XSS-Protection "1; mode=block" Header always set X-Frame-Options "sameorigin" Header always set Referrer-Policy "no-referrer" Header always set Feature-Policy "autoplay 'none'; camera 'none'; geolocation 'none'; microphone 'none'; usb 'none'" Header always set Permissions-Policy "autoplay=(),camera=(),geolocation=(),microphone=(),usb=()" ## Disable inline JavaScript when directly opening SVG files or embedding them with the object-tag, ab J.3.9.21 Header always set Content-Security-Policy "script-src 'none'" # mod_rewrite in use RewriteEngine On ## SSL: In allen Fällen wird zur URL mit "https://www" weitergeleitet! RewriteCond %{HTTPS} off [OR,NC] RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L] ## Trailing Slash entfernen # bei post-Anfragen belassen RewriteCond %{REQUEST_METHOD} !^(POST) [NC] RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [R=301,NC,L] ## Serversignatur ein-und ausschalten ServerSignature Off ## No directory listings IndexIgnore * ## De/Aktivierung des "Directory-Indexing/Verzeichnis-Listings" # Options +FollowSymLinks Options -Indexes ## Beginn - RewriteBase RewriteBase / ## Ende - RewriteBase ## Deaktiviert die "Namensvervollständigung" bzw. das "autom. Finden ähnlicher Dateiennamen": # Checkspelling off führt bei manchen Hostern zu 500er-Fehler. # CheckSpelling off ######################### Ende - Allgemeines ############################################## ############################################################################################## ############################################################################################### ####### Sperrung bestimmter selbst ausgesuchter Suchmaschinen, Bots, Harvester ... usw. ###### RewriteCond %{HTTP_USER_AGENT} almaden [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Anarchie [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^attach [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BackWeb [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Bandit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BatchFTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Buddy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^bumblebee [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CherryPicker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^CICC [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Collector [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Copier [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Crescent [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DA [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo\ Pump [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Wonder [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Downloader [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Drip [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^DSurf15a [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EasyDL/2.99 [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} email [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FileHound [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR] RewriteCond %{HTTP_USER_AGENT} FrontPage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetSmart [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^gigabaz [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go\!Zilla [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^gotit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Grabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^grub-client [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^httpdown [NC,OR] RewriteCond %{HTTP_USER_AGENT} .*httrack.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Indy*Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InternetLinkagent [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Iria [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JBH*agent [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^JustView [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LexiBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^lftp [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Link*Sleuth [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^likse [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Link [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^LinkWalker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mag-Net [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Magnet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Memo [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Microsoft.URL [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mirror [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Mozilla*MSIECrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MS\ FrontPage* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MSIECrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^MSProxy [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetMechanic [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^NICErsPRO [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Ninja [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Openfind [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Ping [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^PingALink [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Pockey [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Pump [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^QRVA [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Reaper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Recorder [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Scooter [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Seeker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Siphon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SlySearch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Snake [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SpaceBison [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^sproose [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Stripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Szukacz [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^URLSpiderPro [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Vacuum [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^webcollage [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Downloader [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebEMailExtrac.* [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebHook [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebMiner [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebMirror [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Webster [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR] RewriteCond %{HTTP_USER_AGENT} WebWhacker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Whacker [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^x-Tractor [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Xenu [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC] RewriteCond %{REQUEST_FILENAME} !^.*robots\.txt$ RewriteRule ^.* - [F] #RewriteRule ^.*$ - [R=404,L] ############# Ende ########################################################################### ############################################################################################### ############################################################################################## ############ Beginn - Rewrite rules to block out some common exploits (Joomla-spezifisch) ### ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # Block out any script trying to base64_encode data within the URL RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR] # Block out any script that includes a