1. IMPORTANT : Nouvelles mesures de sécurité - 2. Règles pour obtenir de l'aide dans les forums de support - 3. Restrictions des droits pour le groupe "Support suspendu"

Il est obligatoire de respecter les Règles de MyBB.fr : Version abrégée ou Version complète pour obtenir du support sur nos forums.

Les membres ayant un site/forum contrevenant aux règles de MyBB.support seront placés dans le groupe "Support suspendu" et ne bénéficieront plus du support du staff. Nous recommandons aux autres membres d'agir de même. Il ne s'agit pas d'un bannissement, le membre retrouvera son statut "normal" dès que sa situation sera conforme aux règles.

Nouveau : un Wiki en français : plus de détails.
Avant de soumettre votre problème, consultez-le, ainsi que la FAQ, sans oublier le moteur de recherche interne.


Note de ce sujet :
  • Moyenne : 0 (0 vote(s))
  • 1
  • 2
  • 3
  • 4
  • 5
Nouvelle install / Erreur 403
Mots-clés » 403, nouvelle, install, erreur
19-02-2014, 19:36,
#3
RE: Nouvelle install / Erreur 403
Bien vu ! C'est un .htaccess de Joomla 1.5.x :

Code :
## @version $Id: htaccess.txt 1.0 sam. janv. 30 15:16:29 CET 2010  lavsteph $
# Modifications in this file are not part of the original Joomla package!
#
# @version $Id: htaccess.txt 13415 2009-11-03 15:53:25Z ian $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! 1.5 is Free Software
#
# Ehanced protected filters by Sirius http://www.octeam.fr
# Support at Joomla Forum http://forum.joomla.fr/showthread.php?t=89166
#
## CrawlProtect-Jean-Denis Brun
# @ GNU GPL license
# Numerous htaccess rules used here are base on Enycu message on http://forum.ovh.com/showpost.php?p=103758
# Support : www.crawlprotect.com/fr/documentation.php
#
##

# PROTECTION FORTE HTACCESS
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
</Files>

# PROTECTION FICHIERS PAR EXTENSIONS
# AJOUTEZ CELLES QUE VOUS SOUHAITEZ SI BESOIN
<FilesMatch "\.(htpasswd|ini|phps|log|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>

# PROTECTION FICHIERS UNIQUE
<Files configuration.php>
deny from all
</Files>

## LIMITE TAILLE UPLOAD POST CONTRE LES ATTAQUES DOS
# PAR DEFAUT A 1MO (1024000 = 1Mo)
#bytes, 0-2147483647(2GB)
#LimitRequestBody 1024000

# ESSENTIELS
#  mod_rewrite in use
RewriteEngine on

RewriteBase /

RewriteCond ${HTTP_POST} ^www\.dungeon-keeper\.net$
RewriteRule (.^) http://dungeon-keeper.net/$1 [R=Permanent]

#### Ajout Crawlprotect
#
RewriteCond %{REQUEST_METHOD} (GET) [NC]
## A décommenter pour utiliser les tags long de crawltrack
#RewriteCond %{REQUEST_URI} !^(.*)crawltrack.php
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule  (.*)  /crawlprotect/noaccess/noaccess2.php  [L]
#

ServerSignature Off
Options All -Indexes

##  Can be commented out if causes errors, see notes above.

Options +FollowSymLinks

### FILTER REQUEST METHODS
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>

### QUERY STRING EXPLOITS

<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} \.\.\/    [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\=     [NC,OR]
RewriteCond %{QUERY_STRING} ftp\:     [NC,OR]
RewriteCond %{QUERY_STRING} http\:    [NC,OR]
RewriteCond %{QUERY_STRING} https\:   [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|'|"|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%3C|%3D|%3E|%7B|%7C).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|%B|%D|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(insert|union|declare).* [NC]
RewriteRule (.*) /crawlprotect/noaccess/noaccess1.php   [L]
</IfModule>

# CHARACTER STRINGS
<IfModule mod_alias.c>
# BASIC CHARACTERS
RedirectMatch 403 \,
RedirectMatch 403 \:
RedirectMatch 403 \;
RedirectMatch 403 \=
RedirectMatch 403 \@
RedirectMatch 403 \[
RedirectMatch 403 \]
RedirectMatch 403 \^
RedirectMatch 403 \`
RedirectMatch 403 \{
RedirectMatch 403 \}
RedirectMatch 403 \~
RedirectMatch 403 \"
RedirectMatch 403 \$
RedirectMatch 403 \<
RedirectMatch 403 \>
RedirectMatch 403 \|
RedirectMatch 403 \.\.
RedirectMatch 403 \/\/
RedirectMatch 403 \%0
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D
# COMMON PATTERNS
RedirectMatch 404 wp\_
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
#RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
#RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>

## Ajout Crawlprotect
#
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)https(%3A|:)(/|%2F){2}(.*)$ [NC,OR]  
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)https%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)http(%3A|:)(/|%2F){2}(.*)$ [NC]
#
########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
#RewriteRule ^(.*)$ index.php [F,L]
RewriteRule (.*) /crawlprotect/noaccess/noaccess1.php   [L]
#

########## End - Rewrite rules to block out some common exploits

####Ajout Crawlprotect

####Bad bot and site copier blocage
#
RewriteCond %{HTTP_USER_AGENT} @nonymouse|ADSARobot|amzn_assoc|Anarchie|ASPSeek|Atomz|^[^?]*addresses\.com|Advanced\ Email\ Extractor|ah-ha|aktuelles|almaden|Art-Online|AspiWeb|ASSORT|ATHENS|attach|attache|autoemailspider|BackWeb|Bandit|Batch​FTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|Bot\ mailto:craftbot@yahoo.com|BravoBrian\ SpiderEngine\ MarcoPolo|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|​Crescent\ Internet\ ToolPack|cURL|Custo|cyberalert|Deweb|diagem|Digger|Digimarc|DIIbot|DirectUpdate|​DISCo|Download\ Accelerator|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|echo\ extense|ecollector|efp@gmx\.net|EirGrabber|EmailCollector|Email\ Extractor|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|fastlwspider|FavOrg|Favorites\ Sweeper|Fetch\ API\ Request|FEZhead|FileHound|FlashGet|FlickBot|fluffy|frontpage|GalaxyBot|Generic|G​etleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go!Zilla|Go-Ahead-Got-It|GornKer|Grabber|GrabNet|Grafula|Green\ Research|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|HTTP\ agent|HTTPConnect|httpdown|http\ generic|HTTrack|^[^?]*iaea\.org|IBM_Planetwide|^[^?]*\.ideography\.co\.uk|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkAgent|InternetSeer\.com|Iria|Irvine|iOpus|IPiumBot\ laurion(dot)com|Jakarta|JBH*Agent|JetCar|JustView|Kapere|KWebGet|Lachesis|larbin​|LeechFTP|LexiBot|lftp|libwww|likse|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MemoWeb|MCspider|Microsoft\ URL\ Control|MIDown\ tool|minibot\(NaverRobot\)|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnt​s|NetCarta|netfactual|netcraft|NetMechanic|netprospector|NetResearchServer|NetSp​ider|Net\ Vampire|NetZIP|NEWT|nicerspro|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|OutWit|PackRat|PageGrabber​|Papa\ Foto|pavuk|pcBrowser|PersonaPilot|PingALink|Pockey|Program\ Shareware|psbot|PSurf|puf|Pump|PushSite|QRVA|QuepasaCreep|RealDownload|Reaper|Re​corder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Shai|sitecheck|SiteMapper|SiteSnagger|SlySearch|SmartDownload|snagger|S​paceBison|Spegla|SpiderBot|SqWorm|Star\ Downloader|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|SurveyBot|Szuka​cz|tAkeOut|tarspider|Teleport\ Pro|Telesoft|Templeton|traffixer|TrueRobot|TuringOS|TurnitinBot|TV33_Mercator|UI​owaCrawler|URL_Spider_Pro|UtilMind|Vacuum|vagabondo|vayala|visibilitygap|vobsub|​VoidEYE|vspider|w3mir|web\.by\.mail|Web\ Data\ Extractor|Web\ Downloader|Web\ Image\ Collector|Web\ Sucker|WebAuto|webbandit|Webclipping|webcollector|webcollage|WebCopier|webcraft@​bea|WebDAV|webdevil|webdownloader|Webdup|WebEmailExtractor|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WebMiner|WebMirror|webmole|WebReaper|WebSauger|W​EBsaver|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhack​er|WebZIP|Wget|whizbang|WhosTalking|Widow|WISEbot|WUMPUS|Wweb|WWWOFFLE|Wysigot|X​aldon\ WebSpider|XGET|x-Tractor|Zeus.* [OR]
RewriteCond %{HTTP_REFERER} ^XXX
RewriteRule  (.*)  /crawlprotect/noaccess/noaccess2.php  [L]

###Filter against PHPSHELL.PHP, REMOTEVIEW, c99Shell and others
#
RewriteEngine On
RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|weba​dmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|as​px?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
RewriteCond %{QUERY_STRING} ^(.*)=/home(.+)?/(.*)/(.*)$ [OR]
RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablog​ins|upload.*)|((chmod|f)&f=.*))$ [OR]
RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|u​pdate|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(ls|cd|cat|rm|mv|vim|chmod|chdir|mkdir|rmdir|pwd|clear|whoami|uname|tar|​zip|unzip|tar|gzip|gunzip|grep|more|ln|umask|telnet|ssh|ftp|head|tail|which|mkmo​de|touch|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file​_down|ftp_file_up|ftp_brute|mail_file|mysql|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)(wget|shell_exec|passthru|system|exec|popen|proc_open)(.*)$
RewriteRule  (.*)  /crawlprotect/noaccess/noaccess3.php  [L]

# RewriteBase /

########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section


########## Joomla / DK.NET
php_value magic_quotes_gpc "1"
php_value register_globals "0"
php_value session.save_path '/home/www/08071f0da19d8e1f11649dada9ca30eb/web/sessions'
php_flag "allow_url_fopen" "On"
Répondre


Messages dans ce sujet
Nouvelle install / Erreur 403 - chr!x - 19-02-2014, 17:38
RE: Nouvelle install / Erreur 403 - chr!x - 19-02-2014, 19:36



Utilisateur(s) parcourant ce sujet : 3 visiteur(s)

Contact | MyBB.support | Retourner en haut | Retourner au contenu | Version bas-débit (Archivé) | Syndication RSS
 Utilitaire de traduction fourni par Regentronique