Sécurité - qu'en pensez vous?

**deuxk** · 28/10/2013, 19h01

Bonjour,

Étant au niveau débutant dans l'apache, je suis en train de me demander si je n'en fait pas trop pour la sécurité... Peut-être est-ce le contraire aussi, je ne sais pas

!

Je suis présentement sur un serveur partagé de Godaddy et voici ce que j'ai mis a mon htaccess pour ma portion sécurité.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
RewriteEngine on
RewriteBase /
 
#BLACKLIST USER_AGENT
RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|DA$|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pockey|Proxy|psbot|PSurf|puf|Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|SmartDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|webdevil|webdownloader|Webdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|Website|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Zeus.*Webster|Zeus [NC]
	RewriteRule ^.* - [F,L]
 
 
	#Block potentially unwanted bots
	SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
	SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
	SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]
	SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]
	SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]
	SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]
	SetEnvIfNoCase user-Agent ^Zeus [NC]
 
	<limit GET POST>
	#DENYING YOUR CONNECTIONS THNX.
	Order Allow,Deny
	Allow from all
	Deny from env=bad_bot
 
	</limit>
 
 
 
#BLACKLIST BOTS
	RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
	RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
	RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
	RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
	RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
	RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
	RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
	RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
	RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
	RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
	RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
	RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
	RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
	RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
	RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
	RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
	RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
	RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
	RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
	RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
	RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
	RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
	RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
	RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Zeus
	RewriteRule ^.* - [F,L]
 
#DISABLE SERVER SIGNATURE
	ServerSignature Off 
 
	# Prevent use of specified methods in HTTP Request 
	RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] 
	# Block out use of illegal or unsafe characters in the HTTP Request 
	RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] 
	# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request 
	RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
	# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request 
	RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
	# Block out use of illegal characters in URI or use of malformed URI 
	RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] 
	# Block out  use of empty User Agent Strings
	# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
	RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 
	# Block out  use of illegal or unsafe characters in the User Agent variable 
	RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
	# Measures to block out  SQL injection attacks 
	RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] 
	# Block out  reference to localhost/loopback/127.0.0.1 in the Query String 
	RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] 
	# Block out  use of illegal or unsafe characters in the Query String variable 
	RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
 
 
	#File injection protection
	RewriteCond %{REQUEST_METHOD} GET
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
	RewriteRule .* - [F]

Qu'en pensez-vous? Suis-je perdu? J'oublie quelque chose? Je pourrais faire mieux?

Au plaisir
DeuxK

Sécurité - qu'en pensez vous?

Apache

Mode arborescent

Discussions similaires

Partager

Partager