| [ASK] saya mau nanya nih, web saya kan pake joomla... Jul 25th 2013, 03:23, by Rakhmatullah EA | | [ASK]
saya mau nanya nih, web saya kan pake joomla core sef nah di htaccess-nya ada <FilesMatch> jadi yang bisa dibaca cuman file index.php ajah, tapi sayangnya subdomain juga ikut kena dimana subdomain itu scriptnya ga lewat index.php, kadang ada admin.php, profil.php, dll jadinya setiap mau diakses dialihin ke page 403
jadi pertanyaannya bisa buat pengecualian ga? biar folder yang dipilih tidak terkena filesmatch |
| | | Itu file .htacces ya??? |
| | | ya |
| | | Coba berikan file .htaccess pada sub domain nya. Setahu saya, kalau di suatu folder atau sub domain ada file .htaccess, entar yang diprioritaskan file.htaccess yang di sub folder tersebut |
| | | jwbn mas Mas Suwondo bener abnget |
| | | nah itu yang saya bingun padahal disetiap sub domain masing2x sudah ada htaccess-nya, kalau ditambah rule, rule apa yang cocok |
| | | Coba lihat rule nya yang di :
<FilesMatch>
logika dasarnya, yang di sub domain dikembalikan :
<FilesMatch>
ke * atau any atau apalah, yang mengacu ke awal atau sesuai kebutuhan sub domain tersebut |
| | | semuanya ajah yah
##
# @package Joomla
# @copyright Copyright (C) 2005 - 2012 Open Source Matters. All rights reserved.
# @license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
## Mod_rewrite in use.
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
RewriteBase /
## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
#php_value auto_prepend_file /administrator/components/com_jfirewall/request/htaccess.php
<Filesmatch ".(php)$">
order deny,allow
deny from all
</Filesmatch>
<FilesMatch "^index.php">
order allow,deny
allow from all
</Filesmatch>
#### @RS
# Prevent most common SQL-Injections
RewriteCond %{query_string} concat.*\( [NC,OR]
RewriteCond %{query_string} union.*select.*\( [NC,OR]
RewriteCond %{query_string} union.*all.*select [NC]
RewriteRule ^(.*)$ index.php [F,L]
#### @RS
#### @RS
# Block most common hacking tools
SetEnvIf user-agent "Indy Library" stayout=1
SetEnvIf user-agent "libwww-perl" stayout=1
SetEnvIf user-agent "Wget" stayout=1
deny from env=stayout
#### @RS
#### @RS
# Deny access to php, xml and ini files
# within components and plugins directories
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} \.php|\.ini|\.xml [NC]
#RewriteCond %{REQUEST_URI} \/components\/ [OR]
RewriteCond %{REQUEST_URI} ^\/includes\/|^\/administrator\/includes\/ [OR]
RewriteCond %{REQUEST_URI} \/language\/ [OR]
RewriteCond %{REQUEST_URI} \/libraries\/ [OR]
#RewriteCond %{REQUEST_URI} \/modules\/ [OR]
RewriteCond %{REQUEST_URI} \/plugins\/ [OR]
#RewriteCond %{REQUEST_URI} \/templates\/ [OR]
RewriteCond %{REQUEST_URI} \/xmlrpc\/
RewriteRule ^(.*)$ index.php [R=404,L]
#### @RS |
| | | Coba pakai (pada .htaccess di subdomain):
<Filesmatch ".(php)$">
order deny,allow
allow from all
</Filesmatch> |
| | | coba dibuat htaccess pada subdomain:
<FilesMatch ~ "\.(php)$">
order allow,deny
allow from all
</Filesmatch> |
| | | ok bisa, cuman tanpa ~ |
| | | [Resolve] | |
Tidak ada komentar:
Posting Komentar