堆棧內存溢出
  簡體   English   中英

完整的.htaccess文件的Wordpress編譯

[英]Wordpress compilation of a “complete” .htaccess file

 原文  2013-06-14 07:32:42       wordpress/ security/ .htaccess

問題描述

我正在清理一些東西並使某些文件通用,以便在需要時可以將它們擱置起來。 但是我有一個.htaccess問題。

問題#1 [@Kanu回答]

在文件的開頭,我有: 

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

進一步,我有一個阻止熱鏈接的代碼段: 

#Switch on rewrite engine
RewriteEngine on
#Allow empty referrals, in case visitors are using personal firewalls
RewriteCond %{HTTP_REFERER} !^$
#Match request URL. Replace www.yourwebsite.com with your website URL
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www.yourwebsite.com [NC]
#Match all files with the below list of extensions
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

做會痛嗎 

RewriteEngine On

兩次還是可以跳過第二個RewriteEnginge? 最佳做法是什么?

問題#2: [@Kanu回答]另外,我是從WP部分開始還是我需要以它結尾?

我在htacces中還有很多其他事情,例如只允許某些IP管理員訪問,保護; htaccess的| htpasswd的|登錄| INI。 您是否還有其他建議或指示,是否想到安全性或其他任何漂亮的東西。

謝謝,/ Paul

新增:2013年6月14日

考慮添加此郵件以阻止垃圾郵件發送者,這是由於我在相對較舊的帖子中發現了此郵件 

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

通過HTACCESS進行規范化,以通過bot和邪惡腳本阻止惡意行為。 也可以使搜索引擎找到自己的方式。 在這里找到這個。 

#favicon
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/favicon.ico$ [NC]
RewriteCond %{REQUEST_URI} /favicon(s)?\.?(gif|ico|jpe?g?|png)?$ [NC]
RewriteRule (.*) http://your-domain-name.com/favicon.ico [R=301,L]

#robots.txt
RewriteBase /
RewriteCond %{REQUEST_URI} !^/robots.txt$ [NC]
RewriteCond %{REQUEST_URI} robots\.txt [NC]
RewriteRule .* http://your-domain-name.com/robots.txt [R=301,L]

#sitemap
RedirectMatch 301 /sitemap\.xml$ http://your-domain-name.com/sitemap.xml
RedirectMatch 301 /sitemap\.xml\.gz$ http://your-domain-name.com/sitemap.xml.gz

我將在此處發布完整的.htaccess文件,並更新所有可使用的好東西。 

# ==================================================================
# WORDPRESS
# ==================================================================

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

# ==================================================================
# RESTRICT ACCESS IP BASED
# ==================================================================

    order deny,allow
    # enter name here and replace xxx.xxx.x.x with IP
    allow from xxx.xxx.x.x
    # enter name here and replace xxx.xxx.x.x with IP
    allow from xxx.xxx.x.x
    # enter name here and replace xxx.xxx.x.x with IP
    allow from xxx.xxx.x.x
    deny from all

# ==================================================================
# PROTECT FILES, THANKS KANU: http://stackoverflow.com/users/1089399/kanu
# ==================================================================

    #Protect some files from direct access
    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|install\.php|php\.info|readme\.html|bb-config\.php|\.htaccess|\.htpasswd|readme\.txt|timthumb\.php|error_log|error\.log|PHP_errors\.log|\.svn)">
    Deny from all
    </FilesMatch>

# ==================================================================
# DISABLE TRACE TRACK REQUESTS, THANKS KANU: http://stackoverflow.com/users/1089399/kanu
# ==================================================================

    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]

# ==================================================================
# PREVENT HOTLINKING
# ==================================================================

    #Switch on rewrite engine
    RewriteEngine on
    #Allow empty referrals, in case visitors are using personal firewalls
    RewriteCond %{HTTP_REFERER} !^$
    #Match request URL. Replace www.yourwebsite.com with your website URL
    RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www.yourwebsite.com [NC]
    #Match all files with the below list of extensions
    RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

# ==================================================================
# DISABLE DIRECTORY BROWSING
# ==================================================================

    Options All -Indexes

# ==================================================================
# DISABLE SERVER SIGNATURE, THANKS KANU: http://stackoverflow.com/users/1089399/kanu
# ==================================================================   

    ServerSignature Off

# ==================================================================
# DENY SOME KNOWN BAD BOTS, THANKS KANU: http://stackoverflow.com/users/1089399/kanu
# ==================================================================   
    RewriteEngine On 
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] 
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] 
    RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] 
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] 
    RewriteCond %{HTTP_USER_AGENT} ^Zeus 
    RewriteRule ^.* - [F,L]

1 個解決方案

解決方案1
 2 已采納  2013-06-14 08:52:54

兩次聲明“ RewriteEngine On”不會有傷害

對於Question2,您不需要以WP開頭或結尾

我正在使用一些額外的安全代碼 

# Disable server signature 
ServerSignature Off

#Protect some files from direct access
<FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|install\.php|php\.info|readme\.html|bb-config\.php|\.htaccess|readme\.txt|timthumb\.php|error_log|error\.log|PHP_errors\.log|\.svn)">
Deny from all
</FilesMatch>

# Disable trace track requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

# Deny some known bad bots
RewriteEngine On 
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] 
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] 
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] 
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] 
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] 
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] 
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] 
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] 
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] 
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] 
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] 
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] 
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Zeus 
RewriteRule ^.* - [F,L]
# END bots

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 htaccess 文件與 ubuntu 和 WordPress WordPress的正確.htaccess文件 在wordpress中更改.htaccess文件 wordpress 上的 HTAccess 文件未正確重定向 使用Wordpress刪除.htaccess中的文件擴展名 VPS上的WordPress的.htaccess和文件權限 如何修復WordPress htaccess文件? WordPress永久鏈接和.htaccess文件問題 htaccess文件不適用於wordpress頁面 更改我的WordPress的htaccess文件
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM