Discussion :

[deuxk]

Bonjour,

Étant au niveau débutant dans l'apache, je suis en train de me demander si je n'en fait pas trop pour la sécurité... Peut-être est-ce le contraire aussi, je ne sais pas !

Je suis présentement sur un serveur partagé de Godaddy et voici ce que j'ai mis a mon htaccess pour ma portion sécurité.

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
 
RewriteEngine on
RewriteBase /
 
#BLACKLIST USER_AGENT
RewriteCond %{HTTP_USER_AGENT} ADSARobot|ah-ha|almaden|aktuelles|Anarchie|amzn_assoc|ASPSeek|ASSORT|ATHENS|Atomz|attach|attache|autoemailspider|BackWeb|Bandit|BatchFTP|bdfetch|big.brother|BlackWidow|bmclient|Boston\ Project|BravoBrian\ SpiderEngine\ MarcoPolo|Bot\ mailto:craftbot@yahoo.com|Buddy|Bullseye|bumblebee|capture|CherryPicker|ChinaClaw|CICC|clipping|Collector|Copier|Crescent|Crescent\ Internet\ ToolPak|Custo|cyberalert|DA$|Deweb|diagem|Digger|Digimarc|DIIbot|DISCo|DISCo\ Pump|DISCoFinder|Download\ Demon|Download\ Wonder|Downloader|Drip|DSurf15a|DTS.Agent|EasyDL|eCatch|ecollector|efp@gmx\.net|Email\ Extractor|EirGrabber|email|EmailCollector|EmailSiphon|EmailWolf|Express\ WebPictures|ExtractorPro|EyeNetIE|FavOrg|fastlwspider|Favorites\ Sweeper|Fetch|FEZhead|FileHound|FlashGet\ WebWasher|FlickBot|fluffy|FrontPage|GalaxyBot|Generic|Getleft|GetRight|GetSmart|GetWeb!|GetWebPage|gigabaz|Girafabot|Go\!Zilla|Go!Zilla|Go-Ahead-Got-It|GornKer|gotit|Grabber|GrabNet|Grafula|Green\ Research|grub-client|Harvest|hhjhj@yahoo|hloader|HMView|HomePageSearch|http\ generic|HTTrack|httpdown|httrack|ia_archiver|IBM_Planetwide|Image\ Stripper|Image\ Sucker|imagefetch|IncyWincy|Indy*Library|Indy\ Library|informant|Ingelin|InterGET|Internet\ Ninja|InternetLinkagent|Internet\ Ninja|InternetSeer\.com|Iria|Irvine|JBH*agent|JetCar|JOC|JOC\ Web\ Spider|JustView|KWebGet|Lachesis|larbin|LeechFTP|LexiBot|lftp|libwww|likse|Link|Link*Sleuth|LINKS\ ARoMATIZED|LinkWalker|LWP|lwp-trivial|Mag-Net|Magnet|Mac\ Finder|Mag-Net|Mass\ Downloader|MCspider|Memo|Microsoft.URL|MIDown\ tool|Mirror|Missigua\ Locator|Mister\ PiX|MMMtoCrawl\/UrlDispatcherLLL|^Mozilla$|Mozilla.*Indy|Mozilla.*NEWT|Mozilla*MSIECrawler|MS\ FrontPage*|MSFrontPage|MSIECrawler|MSProxy|multithreaddb|nationaldirectory|Navroad|NearSite|NetAnts|NetCarta|NetMechanic|netprospector|NetResearchServer|NetSpider|Net\ Vampire|NetZIP|NetZip\ Downloader|NetZippy|NEWT|NICErsPRO|Ninja|NPBot|Octopus|Offline\ Explorer|Offline\ Navigator|OpaL|Openfind|OpenTextSiteCrawler|OrangeBot|PageGrabber|Papa\ Foto|PackRat|pavuk|pcBrowser|PersonaPilot|Ping|PingALink|Pockey|Proxy|psbot|PSurf|puf|Pump|PushSite|QRVA|RealDownload|Reaper|Recorder|ReGet|replacer|RepoMonkey|Robozilla|Rover|RPT-HTTPClient|Rsync|Scooter|SearchExpress|searchhippo|searchterms\.it|Second\ Street\ Research|Seeker|Shai|Siphon|sitecheck|sitecheck.internetseer.com|SiteSnagger|SlySearch|SmartDownload|snagger|Snake|SpaceBison|Spegla|SpiderBot|sproose|SqWorm|Stripper|Sucker|SuperBot|SuperHTTP|Surfbot|SurfWalker|Szukacz|tAkeOut|tarspider|Teleport\ Pro|Templeton|TrueRobot|TV33_Mercator|UIowaCrawler|UtilMind|URLSpiderPro|URL_Spider_Pro|Vacuum|vagabondo|vayala|visibilitygap|VoidEYE|vspider|Web\ Downloader|w3mir|Web\ Data\ Extractor|Web\ Image\ Collector|Web\ Sucker|Wweb|WebAuto|WebBandit|web\.by\.mail|Webclipping|webcollage|webcollector|WebCopier|webcraft@bea|webdevil|webdownloader|Webdup|WebEMailExtrac|WebFetch|WebGo\ IS|WebHook|Webinator|WebLeacher|WEBMASTERS|WebMiner|WebMirror|webmole|WebReaper|WebSauger|Website|Website\ eXtractor|Website\ Quester|WebSnake|Webster|WebStripper|websucker|webvac|webwalk|webweasel|WebWhacker|WebZIP|Wget|Whacker|whizbang|WhosTalking|Widow|WISEbot|WWWOFFLE|x-Tractor|^Xaldon\ WebSpider|WUMPUS|Xenu|XGET|Zeus.*Webster|Zeus [NC]
	RewriteRule ^.* - [F,L]
 
 
	#Block potentially unwanted bots
	SetEnvIfNoCase user-Agent ^FrontPage [NC,OR]
	SetEnvIfNoCase user-Agent ^Java.* [NC,OR]
	SetEnvIfNoCase user-Agent ^Microsoft.URL [NC,OR]
	SetEnvIfNoCase user-Agent ^MSFrontPage [NC,OR]
	SetEnvIfNoCase user-Agent ^Offline.Explorer [NC,OR]
	SetEnvIfNoCase user-Agent ^[Ww]eb[Bb]andit [NC,OR]
	SetEnvIfNoCase user-Agent ^Zeus [NC]
 
	<limit GET POST>
	#DENYING YOUR CONNECTIONS THNX.
	Order Allow,Deny
	Allow from all
	Deny from env=bad_bot
 
	</limit>
 
 
 
#BLACKLIST BOTS
	RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
	RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
	RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
	RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
	RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
	RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
	RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
	RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
	RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
	RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
	RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
	RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
	RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
	RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
	RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
	RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
	RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
	RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
	RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
	RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
	RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
	RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
	RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
	RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
	RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
	RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
	RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
	RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
	RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
	RewriteCond %{HTTP_USER_AGENT} ^Zeus
	RewriteRule ^.* - [F,L]
 
#DISABLE SERVER SIGNATURE
	ServerSignature Off 
 
	# Prevent use of specified methods in HTTP Request 
	RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC,OR] 
	# Block out use of illegal or unsafe characters in the HTTP Request 
	RewriteCond %{THE_REQUEST} ^.*(\\r|\\n|%0A|%0D).* [NC,OR] 
	# Block out use of illegal or unsafe characters in the Referer Variable of the HTTP Request 
	RewriteCond %{HTTP_REFERER} ^(.*)(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
	# Block out use of illegal or unsafe characters in any cookie associated with the HTTP Request 
	RewriteCond %{HTTP_COOKIE} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
	# Block out use of illegal characters in URI or use of malformed URI 
	RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|">|"<|/|\\\.\.\\).{0,9999}.* [NC,OR] 
	# Block out  use of empty User Agent Strings
	# NOTE - disable this rule if your site is integrated with Payment Gateways such as PayPal 
	RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 
	# Block out  use of illegal or unsafe characters in the User Agent variable 
	RewriteCond %{HTTP_USER_AGENT} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC,OR] 
	# Measures to block out  SQL injection attacks 
	RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark).* [NC,OR] 
	# Block out  reference to localhost/loopback/127.0.0.1 in the Query String 
	RewriteCond %{QUERY_STRING} ^.*(localhost|loopback|127\.0\.0\.1).* [NC,OR] 
	# Block out  use of illegal or unsafe characters in the Query String variable 
	RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%27|%3C|%3E|%00).* [NC]
 
 
	#File injection protection
	RewriteCond %{REQUEST_METHOD} GET
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
	RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
	RewriteRule .* - [F]

Qu'en pensez-vous? Suis-je perdu? J'oublie quelque chose? Je pourrais faire mieux?

Au plaisir
DeuxK

[Marc3001]

Je ne pense pas que tu en fasses trop.

A partir du moment où tu es sûr que toutes ces règles sont en adéquation avec tes besoins, tu peux les garder.

Par contre garde bien à l'esprit que ton application n'est pas à l'abri avec uniquement ces règles. Au niveau du code de l'application, un certain nombre de précautions sont à prendre pour éviter par exemple les injections sql, les attaques XSS,...