Welcome,
Guest
|
Jomsef 4.0.4 Joomla master htaccess file not work
(1 viewing) (1) Guest
Support forum for customers who have purchased JoomSEF 4 (Joomla 1.6/1.7/2.5+ compatible). Archive only, no new post can be added.
NOTE: This category has been locked. If you have purchased paid version, please, use our Support Ticket system instead. If you are using free edition, please see the Community Support section.
NOTE: This category has been locked. If you have purchased paid version, please, use our Support Ticket system instead. If you are using free edition, please see the Community Support section.
|
TOPIC: Jomsef 4.0.4 Joomla master htaccess file not work
Jomsef 4.0.4 Joomla master htaccess file not work 13 years, 7 months ago #22219
|
Hi
I wonder if you have tested Jomsef 4.0.4 with Joomla master file ? It seems not working to access the configuration file in the back end. Just say an message "htaccess is writeble" It would be very great if you could make this Joomla master htaccess file also working with Jomsef 4. docs.joomla.org/Htaccess_examples_%28security%29?oldid=58253 www.assembla.com/code/g1smd-master-htacc...65e6cbb227af141a4f54 Warning: note the hashed areas. Incorrect settings on some servers may cause 500 page errors ############################################################################### ## The Master .htaccess ## ## Version 3.3 - WORK IN PROGRESS ## ## ---------- ## This file is designed to be the template .htaccess file to put on your new ## sites, increasing your site's security and performance. It is not meant to ## be just dropped in your site, though. You should go through all of its ## sections and modify it to match your site. Most notably, all instances of ## example.com and example\.com should be replaced with your real domain name. ## ## Some sections are too picky and may cause problems with legitimate requests. ## You are ultimately responsible for disabling them or writing exception rules ## for your requests. Most notably, the advanced server protection section will ## cause issues with several minifiers, eXtplorer, VirtueMart and other exten- ## sions which use non-standard scripts as their entry points. You must add ## exceptions for them manually. ## ## Some sections - depending on your server configuration - may cause your site ## to throw 500 Internal Server Error. The only way to figure out which one is ## causing it is trial and error. ## ## Big thank you's to Brian Teeman, Ken Crowder, Radek Suski and Fotis ## Evangelou for sharing their .htaccess rules with the world and inspiring ## the creation of this file. Special thanks to Jon Brown for sharing his ## research and helping me improve this file. ## ## Additional thank-yous to John for his remarks and g1smd for taking the ## time to optimize the speed of the file. ## ## It is usually prudent to remove the comments from the file when using it ## on a live host to minimize the parsing time. ## ## ---------------------------------------------------------------------- ## Do you want to customize this .htaccess file with a few clicks? ## Admin Tools Professional by AkeebaBackup.com does this and much more. ## ## Learn more: www.akeebabackup.com/software/admin-tools.html ## ---------------------------------------------------------------------- ## ## Have fun, stay safe. ## ## Nicholas K. Dionysopoulos ## Lead Developer, AkeebaBackup.com ## ## CHANGELOG: ## Version 3.3 (PENDING RELEASE) ## - Version 3.2 wasn't tested and killed some sites ## Version 3.2 (April 8th, 2011) ## - Some slight improvements with negligible (if any) performance impact ## Version 3.1 (April 5th, 2011) ## - Expiration time of static resources adjusted to 1 month instead of 1 year ## - GET variables not passed along in the index.php to site root redirection ## - Fixed typos ## - Alternative for HTTP to HTTPS redirection ## - Common exploits protection: Minor changes in comments, combined base64_encode/base64_decode rule ## - Bug in query string protection rule ## - Back-end & front-end protection optimization ## - Fixed the UNION SELECT SQLi rule to actually work against real attacks ## - Added comments to Joomla! core SEF section ## Version 3.0 (March 28th, 2011) ## - Massive rewrite ## Version 2.3 (November 18th, 2010) ## - Added .ico to the pass-through rules, for favicons to load ## Version 2.2 (October 25th, 2010) ## - Bug in the tmpl=component rule ## Version 2.1 (October 19th, 2010) ## - index.php to root redirection would kill some AJAX requests ## - Referer filtering was screwed up ## - Simplified and more thorough PHP Easter Egg code (thanks Jon!) ## - The tp/template/tmpl filter was not thorough and killed some components ## - Optimized Joomla! core SEF section ## - Bot filters and GZip optimization would never run for dynamic content ## - Content expiration optimization got more optimized ## - Added ETag rule ## ############################################################################### ########## Begin - RewriteEngine enabled RewriteEngine On ########## End - RewriteEngine enabled ########## Begin - RewriteBase # Uncomment following line if your webserver's URL # is not directly related to physical file paths. # Update Your Joomla! Directory (just / for root) # RewriteBase / ########## End - RewriteBase ########## Begin - No directory listings ## Note: +FollowSymlinks may cause problems and you might have to remove it IndexIgnore * Options +FollowSymLinks All -Indexes ########## End - No directory listings ########## Begin - File execution order, by Komra.de DirectoryIndex index.php index.html ########## End - File execution order ########## Begin - ETag Optimization ## This rule will create an ETag for files based only on the modification ## timestamp and their size. This works wonders if you are using rsync'ed ## servers, where the inode number of identical files differs. ## Note: It may cause problems on your server and you may need to remove it FileETag MTime Size ########## End - ETag Optimization ########## Begin - Optimal default expiration time ## Note: this might cause problems and you might have to comment it out by ## placing a hash in front of this section's lines ## Note: Some people prefer using "now plus 1 month" instead of "now plus 1 year". ## Suit to taste. <IfModule mod_expires.c> # Enable expiration control ExpiresActive On # Default expiration: 1 hour after request ExpiresDefault "now plus 1 hour" # CSS and JS expiration: 1 week after request ExpiresByType text/css "now plus 1 week" ExpiresByType application/javascript "now plus 1 week" ExpiresByType application/x-javascript "now plus 1 week" # Image files expiration: 1 month after request ExpiresByType image/bmp "now plus 1 month" ExpiresByType image/gif "now plus 1 month" ExpiresByType image/jpeg "now plus 1 month" ExpiresByType image/jp2 "now plus 1 month" ExpiresByType image/pipeg "now plus 1 month" ExpiresByType image/png "now plus 1 month" ExpiresByType image/svg+xml "now plus 1 month" ExpiresByType image/tiff "now plus 1 month" ExpiresByType image/vnd.microsoft.icon "now plus 1 month" ExpiresByType image/x-icon "now plus 1 month" ExpiresByType image/ico "now plus 1 month" ExpiresByType image/icon "now plus 1 month" ExpiresByType text/ico "now plus 1 month" ExpiresByType application/ico "now plus 1 month" ExpiresByType image/vnd.wap.wbmp "now plus 1 month" ExpiresByType application/vnd.wap.wbxml "now plus 1 month" ExpiresByType application/smil "now plus 1 month" # Audio files expiration: 1 month after request ExpiresByType audio/basic "now plus 1 month" ExpiresByType audio/mid "now plus 1 month" ExpiresByType audio/midi "now plus 1 month" ExpiresByType audio/mpeg "now plus 1 month" ExpiresByType audio/x-aiff "now plus 1 month" ExpiresByType audio/x-mpegurl "now plus 1 month" ExpiresByType audio/x-pn-realaudio "now plus 1 month" ExpiresByType audio/x-wav "now plus 1 month" # Movie files expiration: 1 month after request ExpiresByType application/x-shockwave-flash "now plus 1 month" ExpiresByType x-world/x-vrml "now plus 1 month" ExpiresByType video/x-msvideo "now plus 1 month" ExpiresByType video/mpeg "now plus 1 month" ExpiresByType video/mp4 "now plus 1 month" ExpiresByType video/quicktime "now plus 1 month" ExpiresByType video/x-la-asf "now plus 1 month" ExpiresByType video/x-ms-asf "now plus 1 month" </IfModule> ########## End - Optimal expiration time ########## Begin - Common hacking tools and bandwidth hoggers block ## By SigSiu.net and @nikosdion. # This line also disables Akeeba Remote Control 2.5 and earlier SetEnvIf user-agent "Indy Library" stayout=1 # WARNING: Disabling wget will also block the most common method for # running CRON jobs. Remove if you have issues with CRON jobs. SetEnvIf user-agent "Wget" stayout=1 # The following rules are for bandwidth-hogging download tools SetEnvIf user-agent "libwww-perl" stayout=1 SetEnvIf user-agent "Download Demon" stayout=1 SetEnvIf user-agent "GetRight" stayout=1 SetEnvIf user-agent "GetWeb!" stayout=1 SetEnvIf user-agent "Go!Zilla" stayout=1 SetEnvIf user-agent "Go-Ahead-Got-It" stayout=1 SetEnvIf user-agent "GrabNet" stayout=1 SetEnvIf user-agent "TurnitinBot" stayout=1 # This line denies access to all of the above tools deny from env=stayout ########## End - Common hacking tools and bandwidth hoggers block ########## Begin - Automatic compression of resources # Compress text, html, javascript, css, xml, kudos to Komra.de # May kill access to your site for old versions of Internet Explorer # The server needs to be compiled with mod_deflate otherwise it will send HTTP 500 Error. # mod_deflate is not available on Apache 1.x series. Can only be used with Apache 2.x server. # AddOutputFilterByType is now deprecated by Apache. Use mod_filter in the future. AddOutputFilterByType DEFLATE text/plain text/html text/xml text/css application/xml application/xhtml+xml application/rss+xml application/javascript application/x-javascript ########## End - Automatic compression of resources ########## Begin - Google Apps redirection, by Komra.de ## Uncomment the following line to enable: # RewriteRule ^mail mail.google.com/a/example.com [R=301,L] ## If the above doesn't work on your server, try this: ## RewriteRule ^mail mail.google.com/a/example.com [R,L] ########## End - Google Apps redirection ########## Begin - Redirect index.php to / ## Note: Change example.com to reflect your own domain RewriteCond %{THE_REQUEST} !^POST RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/ RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$ RewriteRule ^index\.php$ http%2://www.example.com/$1 [R=301,L] # If the above line throws a 500 error, try this instead: # RewriteRule ^index\.php$ http%2://www.example.com/$1 [R,L] ########## End - Redirect index.php to / ########## Begin - Redirect non-www to www RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ www.%{HTTP_HOST}/$1 [R=301,L] ## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L] ########## End - Redirect non-www to www ########## Begin - Redirect www to non-www ## WARNING: Comment out the non-www to www rule if you choose to use this # RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] # RewriteRule ^(.*)$ %1/$1 [R=301,L] ## If the above throws an HTTP 500 error, swap [R=301,L] with [R,L] ########## End - Redirect non-www to www ########## Begin - Redirect (www.)olddomain.com to www.example.com ## Note: olddomain.com is your old domain name, you want to redirect FROM, ## whereas www.example.com is the new domain name you want to redirect TO. ## Change those names to reflect your current configuration. Remember, this ## part of the file is supposed to be placed in www.olddomain.com! ## Note: Replace [R=301,L] with [R,L] if you get error 500. ## Uncomment the following lines to enable: # RewriteCond %{HTTP_HOST} ^(www\.)?olddomain\.com [NC] # RewriteRule (.*) www.example.com/$1 [R=301,L] ########## End - Redirect olddomain.com to www.example.com ########## Begin - Force HTTPS for certain pages # Force the page foobar.html to run in HTTPS mode, no matter what Joomla! says. # This is a sample redirection for foobar.html. Do note that you have to change # www.example.com to reflect your own domain. Remember to escape the dots using # \. in the left hand side of each rule. You need BOTH LINES PER URL for the rule # to work. RewriteCond %{SERVER_PORT} !^443$ ## Alternatively, comment the above line and uncomment the following line: # RewriteCond %{HTTPS} ^off$ [NC] RewriteRule ^foobar\.html$ www.example.com/foobar.html [R=301,L] ## NOTE: If you get an HTTP 500 error, please swap [R=301,L] with [R,L] # Add more rules below this line ########## End - Force HTTPS for certain pages ########## Begin - Rewrite rules to block out some common exploits ## If you experience problems on your site block out the operations listed below ## This attempts to block the most common type of exploit `attempts` to Joomla! # # If the request query string contains /proc/self/environ (by SigSiu.net) RewriteCond %{QUERY_STRING} proc/self/environ [OR] # Legacy variable injection (these attacks wouldn't work w/out Joomla! 1.5's Legacy Mode plugin) RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR] # Block out any script trying to base64_encode/base64_decode data to send via URL RewriteCond %{QUERY_STRING} base64_(en|de)code\(.*\) [OR] ## IMPORTANT: If the above line throws an HTTP 500 error, replace it with these 2 lines: # RewriteCond %{QUERY_STRING} base64_encode\(.*\) [OR] # RewriteCond %{QUERY_STRING} base64_decode\(.*\) [OR] # Block out any script that includes a <script> tag in URL RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # Block out any script trying to set a PHP GLOBALS variable via URL RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] # Block out any script trying to modify a _REQUEST variable via URL RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) # Return a 403 Forbidden header and show the content of the root homepage RewriteRule .* index.php [F] # ########## End - Rewrite rules to block out some common exploits ########## Begin - File injection protection, by SigSiu.net RewriteCond %{REQUEST_METHOD} GET RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR] RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC] RewriteRule .* - [F] ########## End - File injection protection ########## Begin - Advanced server protection rules exceptions #### ## ## These are sample exceptions to the Advanced Server Protection 3.0 ## rule set further down this file. ## ## Allow UddeIM CAPTCHA RewriteRule ^components/com_uddeim/captcha15\.php$ - [L] ## Allow Phil Taylor's Turbo Gears RewriteRule ^plugins/system/GoogleGears/gears-manifest\.php$ - [L] ## Allow JoomlaWorks AllVideos RewriteRule ^plugins/content/jw_allvideos/includes/jw_allvideos_scripts\.php$ - [L] ## Allow Admin Tools Joomla! updater to run RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L] ## Allow Akeeba Backup Professional's integrated restoration script to run RewriteRule ^administrator/components/com_akeeba/restore\.php$ - [L] ## Allow Akeeba Kickstart RewriteRule ^kickstart\.php$ - [L] # Add more rules to single PHP files here ## Allow Agora attachments, but not PHP files in that directory! RewriteCond %{REQUEST_FILENAME} !(\.php)$ RewriteCond %{REQUEST_FILENAME} -f RewriteRule ^components/com_agora/img/members/ - [L] # Add more rules for allowing full access (except PHP files) on more directories here ## Uncomment to allow full access to the cache directory (strongly not recommended!) #RewriteRule ^cache/ - [L] ## Uncomment to allow full access to the tmp directory (strongly not recommended!) #RewriteRule ^tmp/ - [L] # Add more full access rules here ########## End - Advanced server protection rules exceptions #### ########## Begin - Advanced server protection # Advanced server protection, version 2.0 - August 2010 # by Nicholas K. Dionysopoulos ## Referrer filtering for common media files. Replace with your own domain. ## This blocks most common fingerprinting attacks ;) ## Note: Change www\.example\.com with your own domain name, substituting the ## dots with \., i.e.: www\.example\.com for www.example.com RewriteRule ^images/stories/.*\.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [L] RewriteCond %{HTTP_REFERER} . RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] RewriteCond %{REQUEST_FILENAME} -f RewriteRule \.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [F] ## Disallow visual fingerprinting of Joomla! sites (module position dump) ## Initial idea by Brian Teeman and Ken Crowder, see: ## www.slideshare.net/brianteeman/hidden-joomla-secrets ## Improved by @nikosdion to work more efficiently and handle template ## and tmpl query parameters RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC] RewriteRule .* - [L] RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC] RewriteRule .* - [F] ## Disallow PHP Easter Eggs (can be used in fingerprinting attacks to determine ## your PHP version). See www.0php.com/php_easter_egg.php and ## osvdb.org/12184 for more information RewriteCond %{QUERY_STRING} \=PHP[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12} [NC] RewriteRule .* - [F] ## Back-end protection ## This also blocks fingerprinting attacks browsing for XML and INI files RewriteRule ^administrator/?$ - [L] RewriteRule ^administrator/index\.(php|html?)$ - [L] RewriteRule ^administrator/index[23]\.php$ - [L] RewriteRule ^administrator/(components|modules|templates|images|plugins)/.*\.(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [L] RewriteRule ^administrator/ - [F] ## Explicitly allow access only to XML-RPC's xmlrpc/index.php or plain xmlrpc/ directory RewriteRule ^xmlrpc/(index\.php)?$ - [L] RewriteRule ^xmlrpc/ - [F] ## Disallow front-end access for certain Joomla! system directories RewriteRule ^includes/js/ - [L] RewriteRule ^(cache|includes|language|libraries|logs|tmp)/ - [F] ## Allow limited access for certain Joomla! system directories with client-accessible content RewriteRule ^(components|modules|plugins|templates)/.*\.(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [L] ## Uncomment this line if you have extensions which require direct access to their own ## custom index.php files. Note that this is UNSAFE and the developer should be ashamed ## for being so lame, lazy and security unconscious. # RewriteRule ^(components|modules|plugins|templates)/.*(index\.php)?$ - [L] ## Uncomment the following line if your template requires direct access to PHP files ## inside its directory, e.g. GZip compressed copies of its CSS files # RewriteRule ^templates/.*\.php$ - [L] RewriteRule ^(components|modules|plugins|templates)/ - [F] ## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed RewriteCond %{REQUEST_FILENAME} (\.php)$ RewriteCond %{REQUEST_FILENAME} !(/index[23]?\.php)$ RewriteCond %{REQUEST_FILENAME} -f RewriteRule (.*\.php)$ - [F] ## Disallow access to htaccess.txt and configuration.php-dist RewriteRule ^(htaccess\.txt|configuration\.php-dist|php\.ini)$ - [F] ## SQLi first line of defense, thanks to Radek Suski (SigSiu.net) @ ## www.sigsiu.net/presentations/fortifying_..._joomla_website.html ## May cause problems on legitimate requests RewriteCond %{QUERY_STRING} concat.*\( [NC,OR] RewriteCond %{QUERY_STRING} union.*select.*\( [NC,OR] RewriteCond %{QUERY_STRING} union.*all.*select.* [NC] RewriteRule .* - [F] ########## End - Advanced server protection ########## Begin - Basic antispam Filter, by SigSiu.net ## I removed some common words, tweak to your liking ## This code uses PCRE and works only with Apache 2.x. ## This code will NOT work with Apache 1.x servers. RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b [NC,OR] RewriteCond %{QUERY_STRING} \b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b [NC,OR] RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b [NC,OR] ## Note: The final RewriteCond must NOT use the [OR] flag. RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b [NC] RewriteRule .* - [F] ## Note: The previous lines are a "compressed" version ## of the filters. You can add your own filters as: ## RewriteCond %{QUERY_STRING} \bbadword\b [NC,OR] ## where "badword" is the word you want to exclude ########## End - Basic antispam Filter, by SigSiu.net ########## Begin - Joomla! core SEF Section # RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] # If the requested path and file is not /index.php and the request # has not already been internally rewritten to the index.php script RewriteCond %{REQUEST_URI} !^/index\.php # and the request is for the site root, or for an extensionless URL, # or the requested URL ends with one of the listed extensions RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|raw|ini|zip|json|file|vcf))$ [NC] # and the requested path and file doesn't directly match a physical file RewriteCond %{REQUEST_FILENAME} !-f # and the requested path doesn't match a physical folder RewriteCond %{REQUEST_FILENAME} !-d # internally rewrite the request to the index.php script RewriteRule .* index.php [L] # ########## End - Joomla! core SEF Section External links .htaccess tag archive @ perishablepress.com Proposed "master htaccess" (updated by Nicholas on November 18th 2010 to v2.3) DO read the intro by Nicholas! The original file contains a number of syntax errors, several rules that can never work, and a number of expressions that can be more efficiently coded. Bugs and enhancements originally discussed at: forum.joomla.org/viewtopic.php?f=432&t=549841 Discussion also at: snipt.net/nikosdion/the-master-htaccess/ and snipt.net/g1smd/joomla-patch/ The new proposed file: code.google.com/p/joomla-master-htaccess/source/list and at: akeeba.assembla.com/code/master-htaccess/git/node/logs The changes explained, line by line: codereview.appspot.com/4312049/diff/1/jo...-master-htaccess.txt codereview.appspot.com/4290071/diff/1/jo...-master-htaccess.txt codereview.appspot.com/4290071/diff/8001...-master-htaccess.txt codereview.appspot.com/4370051/diff/3/jo...-master-htaccess.txt codereview.appspot.com/4314051/diff/1001...-master-htaccess.txt codereview.appspot.com/4430062/diff/1/jo...-master-htaccess.txt codereview.appspot.com/4528051/diff/1/jo...-master-htaccess.txt |
Last Edit: 13 years, 7 months ago by .
The topic has been locked.
|
Re: Jomsef 4.0.4 Joomla master htaccess file not work 13 years, 7 months ago #22220
|
What do you need to add or change for make it work with Jomsef 4.0.4 ?
rgds |
The topic has been locked.
|
Re: Jomsef 4.0.4 Joomla master htaccess file not work 13 years, 7 months ago #22264
|
anyone tested and got this to work with Jomsef 4.0.4 ?
rgds |
The topic has been locked.
|
Re: Jomsef 4.0.4 Joomla master htaccess file not work 13 years, 6 months ago #22407
|
Just purchased sef404... Got the same problem...
|
The topic has been locked.
|
|