https://support.qbpro.ru/index.php?action=history&feed=atom&title=.htaccess_php-malware-protection.txt
.htaccess php-malware-protection.txt - История изменений
2026-04-03T23:27:06Z
История изменений этой страницы в вики
MediaWiki 1.38.1
https://support.qbpro.ru/index.php?title=.htaccess_php-malware-protection.txt&diff=3287&oldid=prev
imported>Vix в 00:46, 11 мая 2022
2022-05-11T00:46:54Z
<p></p>
<table style="background-color: #fff; color: #202122;" data-mw="interface">
<col class="diff-marker" />
<col class="diff-content" />
<col class="diff-marker" />
<col class="diff-content" />
<tr class="diff-title" lang="ru">
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Предыдущая версия</td>
<td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Версия от 03:46, 11 мая 2022</td>
</tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l1">Строка 1:</td>
<td colspan="2" class="diff-lineno">Строка 1:</td></tr>
<tr><td colspan="2" class="diff-side-deleted"></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div><ins style="font-weight: bold; text-decoration: none;">* '''Apache:'''</ins></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><hr></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><hr></div></td></tr>
<tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><syntaxhighlight lang="shell" line='line'></div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div><syntaxhighlight lang="shell" line='line'></div></td></tr>
<!-- diff cache key pgdb4support-mediawiki-:diff::1.12:old-3286:rev-3287 -->
</table>
imported>Vix
https://support.qbpro.ru/index.php?title=.htaccess_php-malware-protection.txt&diff=3286&oldid=prev
imported>Vix: Новая страница: «<hr> <syntaxhighlight lang="shell" line='line'> ... # Блокировка XSS RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Блокируем...»
2022-05-11T00:46:04Z
<p>Новая страница: «<hr> <syntaxhighlight lang="shell" line='line'> ... # Блокировка XSS RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] # Блокируем...»</p>
<p><b>Новая страница</b></p><div><hr><br />
<syntaxhighlight lang="shell" line='line'><br />
...<br />
# Блокировка XSS<br />
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]<br />
# Блокируем выставление переменной PHP GLOBALS через URL<br />
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]<br />
# Блокируем возможность изменять переменную _REQUEST через URL<br />
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})<br />
<br />
# Блокировка MySQL инъекций, RFI, base64, и др.<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC,OR]<br />
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC,OR]<br />
RewriteCond %{QUERY_STRING} (\.\./|\.\.) [OR]<br />
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]<br />
RewriteCond %{QUERY_STRING} http\: [NC,OR]<br />
RewriteCond %{QUERY_STRING} https\: [NC,OR]<br />
RewriteCond %{QUERY_STRING} \=\|w\| [NC,OR]<br />
RewriteCond %{QUERY_STRING} ^(.*)/self/(.*)$ [NC,OR]<br />
RewriteCond %{QUERY_STRING} ^(.*)cPath=http://(.*)$ [NC,OR]<br />
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (<|%3C)([^i]*i)+frame.*(>|%3E) [NC,OR]<br />
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR]<br />
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]<br />
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [NC,OR]<br />
RewriteCond %{QUERY_STRING} ^.*(\[|\]|\(|\)|<|>).* [NC,OR]<br />
RewriteCond %{QUERY_STRING} (NULL|OUTFILE|LOAD_FILE) [OR]<br />
RewriteCond %{QUERY_STRING} (\./|\../|\.../)+(motd|etc|bin) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (<|>|'|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]<br />
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]<br />
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]<br />
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC,OR]<br />
RewriteCond %{QUERY_STRING} (;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|drop|delete|update|cast|create|char|convert|alter|declare|order|script|set|md5|benchmark|encode) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]<br />
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]<br />
RewriteCond %{QUERY_STRING} (sp_executesql) [NC]<br />
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]<br />
RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]<br />
RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]<br />
RewriteRule ^(.*)$ - [F,L]<br />
<br />
# Отклонение запросов TRACE|TRACK<br />
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) <br />
RewriteRule .* - [F]<br />
<br />
# Фильтрация URL на служебные символы<br />
RewriteCond %{QUERY_STRING} (<|>|'|\+|%2B|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]<br />
<br />
# Блокировка известных Shell<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*).(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]<br />
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]<br />
RewriteCond %{QUERY_STRING} ^(.*)=(/|%2F)(h|%68|%48)(o|%6F|%4F)(m|%6D|%4D)(e|%65|%45)(.+)?(/|%2F)(.*)(/|%2F)(.*)$ [OR]<br />
RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]<br />
RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]<br />
RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]<br />
RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]<br />
RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]<br />
RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]<br />
RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]<br />
RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|uname|unzip|gzip|gunzip|grep|more|umask|telnet|ssh|ftp|head|tail|which|mkmode|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]<br />
# Удалите из слудующей строки слово "system" для нормальной работы информационных систем HostCMS<br />
RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$<br />
RewriteRule .* - [F]<br />
<br />
# Отклонение плохо сформированных запросов HTTP<br />
RewriteEngine on<br />
RewriteCond %{THE_REQUEST} !^[A-Z]{3,9} .+ HTTP/(0.9|1.0|1.1) [NC]<br />
RewriteRule .* - [F,NS,L]<br />
<br />
# Запрет любых запросов кроме GET,PROPFIND,POST,OPTIONS,PUT,HEAD<br />
RewriteEngine on<br />
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]<br />
RewriteRule .* - [F,NS,L]<br />
<br />
# Блокировка от LFi-атак (экспериментальное, см. комментарии)<br />
RewriteCond %{REQUEST_METHOD} GET<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]<br />
RewriteRule .* - [F]<br />
@geepis<br />
<br />
# Для защиты от LFi атак<br />
RewriteCond %{REQUEST_METHOD} GET<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http%3A%2F%2F [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(..//?)+ [OR]<br />
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]<br />
RewriteRule .* - [F]<br />
...<br />
</syntaxhighlight><br />
<br />
<hr><br />
<br />
* [https://gist.github.com/r3code/35b9e7f5a7ac8f44c265f07e37eb3c87 источник]</div>
imported>Vix