1

### File security

2

# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions

3

#

4

5

order allow,deny

6

deny from all

7

</Files>

8

9

## Enable mod-rewrite

10

RewriteEngine On

11

12

###### Rewrite rule to force 'www.' prefix. Use only if needed

13

# If your site can be accessed both with and without the 'www.' prefix,

14

# use the following setting to redirect all users to access the site with the 'www.'

15

# when they access without 'www.'. Uncomment and MAKE sure to adapt for your domain name

16

#

17

# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]

18

# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

19

20

###### Rewrite rules to block common hacks

21

## If you experience problems comment out the operations listed below

22

## Block out any script trying to base64_encode crap to send via URL

23

RewriteCond %{QUERY_STRING} base64_encode.*$.*$ [OR]

24

## Block out any script that includes a <script> tag in URL

25

RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]

26

## Block out any script trying to set a PHP GLOBALS variable via URL

27

RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]

28

## Block out any script trying to modify a _REQUEST variable via URL

29

RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})

30

## Send all blocked request to homepage with 403 Forbidden error!

31

RewriteRule ^(.*)$ index.php [F,L]

32

33

## Uncomment line below if FollowSymLinks option is not enabled

34

## by default in server configuration

35

#

36

# Options +FollowSymLinks

37

38

## Uncomment following line if your webserver's URL

39

## is not directly related to physical file paths.

40

## Update Your In-Portal Directory (just / for root)

41

#

42

# RewriteBase /

43

44

## In-Portal SEF URLs

45

#

46

RewriteCond %{REQUEST_FILENAME} !-f

47

RewriteCond %{REQUEST_FILENAME}/ !-f

48

RewriteCond %{REQUEST_FILENAME}/index.php !-f

49

RewriteCond %{REQUEST_FILENAME}/index.html !-f

50

RewriteCond %{REQUEST_URI} !\.(gif|jpg|png|bmp|js|css|ico|swf)$ [NC]

51

RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]

			1		### File security
			2		# Exclude direct access to tpl, tpl.xml, inc.php, sql extensions
			3		#
			4		<Files ~ "\.(tpl\|tpl.xml\|inc.php\|sql)$">
			5		order allow,deny
			6		deny from all
			7		</Files>
			8
			9		## Enable mod-rewrite
			10		RewriteEngine On
			11
			12		###### Rewrite rule to force 'www.' prefix. Use only if needed
			13		# If your site can be accessed both with and without the 'www.' prefix,
			14		# use the following setting to redirect all users to access the site with the 'www.'
			15		# when they access without 'www.'. Uncomment and MAKE sure to adapt for your domain name
			16		#
			17		# RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
			18		# RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
			19
			20		###### Rewrite rules to block common hacks
			21		## If you experience problems comment out the operations listed below
			22		## Block out any script trying to base64_encode crap to send via URL
			23		RewriteCond %{QUERY_STRING} base64_encode.\(.\) [OR]
			24		## Block out any script that includes a <script> tag in URL
			25		RewriteCond %{QUERY_STRING} (<\|%3C).script.(>\|%3E) [NC,OR]
			26		## Block out any script trying to set a PHP GLOBALS variable via URL
			27		RewriteCond %{QUERY_STRING} GLOBALS(=\|\[\|\%[0-9A-Z]{0,2}) [OR]
			28		## Block out any script trying to modify a _REQUEST variable via URL
			29		RewriteCond %{QUERY_STRING} _REQUEST(=\|\[\|\%[0-9A-Z]{0,2})
			30		## Send all blocked request to homepage with 403 Forbidden error!
			31		RewriteRule ^(.*)$ index.php [F,L]
			32
			33		## Uncomment line below if FollowSymLinks option is not enabled
			34		## by default in server configuration
			35		#
			36		# Options +FollowSymLinks
			37
			38		## Uncomment following line if your webserver's URL
			39		## is not directly related to physical file paths.
			40		## Update Your In-Portal Directory (just / for root)
			41		#
			42		# RewriteBase /
			43
			44		## In-Portal SEF URLs
			45		#
			46		RewriteCond %{REQUEST_FILENAME} !-f
			47		RewriteCond %{REQUEST_FILENAME}/ !-f
			48		RewriteCond %{REQUEST_FILENAME}/index.php !-f
			49		RewriteCond %{REQUEST_FILENAME}/index.html !-f
			50		RewriteCond %{REQUEST_URI} !\.(gif\|jpg\|png\|bmp\|js\|css\|ico\|swf)$ [NC]
			51		RewriteRule ^(.*) index.php?rewrite=on&_mod_rw_url_=$1 [QSA]