Tweet
Bonjour,
j'ai installé joomla 3.1.5. le site est accessible et est hébergé chez ovh sur un plan240 (mutualisé). Mais dès que je souhaite modifier le menu, j'ai un forbidden quand je tente d'accéder à administrator/index.php.
voici mon htaccess, tiré de mon ancien site en joomla 1.5 :
si vous pouviez m'aider, ce serait tip top 
j'ai installé joomla 3.1.5. le site est accessible et est hébergé chez ovh sur un plan240 (mutualisé). Mais dès que je souhaite modifier le menu, j'ai un forbidden quand je tente d'accéder à administrator/index.php.
voici mon htaccess, tiré de mon ancien site en joomla 1.5 :
Code:
# PROTECTION FORTE HTACCESS
Header append X-FRAME-OPTIONS "SAMEORIGIN"
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
#securite OVH
SetEnv REGISTER_GLOBALS 0
SetEnv ZEND_OPTIMIZER 1
SetEnv MAGIC_QUOTES 0
SetEnv PHP_VER 5_4
#icon site
AddType image/x-icon .ico
# PROTECTION FICHIERS PAR EXTENSIONS
<FilesMatch "\.(htpasswd|ini|phps|log|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>
# PROTECTION FICHIERS UNIQUE
<Files configuration.php>
deny from all
</Files>
# USER AGENTS
SetEnvIfNoCase User-Agent "libwww" keep_out
SetEnvIfNoCase User-Agent "DotBot" keep_out
SetEnvIfNoCase User-Agent "Nutch" keep_out
SetEnvIfNoCase User-Agent "cr4nk" keep_out
<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</Limit>
# ESSENTIELS
# mod_rewrite in use
RewriteEngine on
#redirection des sous-domaine pour pointer vers lestibidous.fr
RewriteCond %{HTTP_HOST} ^(www\.coloriage-tibidous\.fr)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.coloriage-tibidous\.com)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.tibidous\.fr)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.tibidous\.net)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.lestibidous\.com)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.lestibidous\.net)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.les-tibidous\.net)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^(www\.les-tibidous\.fr)(:80)? [NC]
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [R=301,L]
RewriteCond %{HTTP_HOST} ^lestibidous.fr$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^coloriage-tibidous.fr$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^coloriage-tibidous.com$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^tibidous.fr$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^lestibidous.net$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^lestibidous.com$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^les-tibidous.net$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
RewriteCond %{HTTP_HOST} ^les-tibidous.fr$
RewriteRule ^(.*) http://www.lestibidous.fr/$1 [QSA,L,R=301]
ServerSignature Off
Options All -Indexes
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks
# FILTER REQUEST METHODS
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
# QUERY STRING EXPLOITS
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|'|"|\?|\*).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%22|%27|%3C|%3D|%3E|%7B|%7C).* [NC,OR]
#RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%F|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(select|insert|union|declare|drop).* [NC]
RewriteRule ^(.*)$ - [F,L]
</IfModule>
# CHARACTER STRINGS
<IfModule mod_alias.c>
# BASIC CHARACTERS
#RedirectMatch 403 \,
RedirectMatch 403 \:
RedirectMatch 403 \;
RedirectMatch 403 \=
RedirectMatch 403 \@
RedirectMatch 403 \[
RedirectMatch 403 \]
RedirectMatch 403 \^
RedirectMatch 403 \`
RedirectMatch 403 \{
RedirectMatch 403 \}
RedirectMatch 403 \~
RedirectMatch 403 \"
RedirectMatch 403 \$
RedirectMatch 403 \<
RedirectMatch 403 \>
RedirectMatch 403 \|
RedirectMatch 403 \.\.
RedirectMatch 403 \/\/
RedirectMatch 403 \%0
# ce sont les accents
RedirectMatch 403 \%A
RedirectMatch 403 \%B
RedirectMatch 403 \%C
RedirectMatch 403 \%D
RedirectMatch 403 \%E
RedirectMatch 403 \%F
RedirectMatch 403 \%22
RedirectMatch 403 \%27
RedirectMatch 403 \%28
RedirectMatch 403 \%29
RedirectMatch 403 \%3C
RedirectMatch 403 \%3E
RedirectMatch 403 \%3F
RedirectMatch 403 \%5B
RedirectMatch 403 \%5C
RedirectMatch 403 \%5D
RedirectMatch 403 \%7B
RedirectMatch 403 \%7C
RedirectMatch 403 \%7D
# COMMON PATTERNS
RedirectMatch 404 wp\_
Redirectmatch 403 \_vpi
RedirectMatch 403 \.inc
Redirectmatch 403 xAou6
Redirectmatch 403 db\_name
Redirectmatch 403 select\(
Redirectmatch 403 convert\(
Redirectmatch 403 \/query\/
RedirectMatch 403 ImpEvData
Redirectmatch 403 \.XMLHTTP
Redirectmatch 403 proxydeny
RedirectMatch 403 function\.
Redirectmatch 403 remoteFile
Redirectmatch 403 servername
Redirectmatch 403 \&rptmode\=
Redirectmatch 403 sys\_cpanel
RedirectMatch 403 db\_connect
RedirectMatch 403 doeditconfig
RedirectMatch 403 check\_proxy
Redirectmatch 403 system\_user
Redirectmatch 403 \/\(null\)\/
Redirectmatch 403 clientrequest
Redirectmatch 403 option\_value
RedirectMatch 403 ref\.outcontrol
# SPECIFIC EXPLOITS
RedirectMatch 403 errors\.
#RedirectMatch 403 config\.
RedirectMatch 403 include\.
RedirectMatch 403 display\.
#RedirectMatch 403 register\.
Redirectmatch 403 password\.
RedirectMatch 403 maincore\.
RedirectMatch 403 authorize\.
Redirectmatch 403 macromates\.
RedirectMatch 403 head\_auth\.
RedirectMatch 403 submit\_links\.
RedirectMatch 403 change\_action\.
Redirectmatch 403 com\_facileforms\/
RedirectMatch 403 admin\_db\_utilities\.
RedirectMatch 403 admin\.webring\.docs\.
Redirectmatch 403 Table\/Latest\/index\.
</IfModule>
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$ [NC]
RewriteRule (.*) index.php
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
#
########## End - Joomla! core SEF Section
AddOutputFilter DEFLATE css js
# BEGIN Expire headers
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 7200 seconds"
ExpiresByType image/jpg "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType image/ico "access plus 2592000 seconds"
ExpiresByType image/icon "access plus 2592000 seconds"
ExpiresByType image/x-icon "access plus 2592000 seconds"
ExpiresByType text/css "access plus 2592000 seconds"
ExpiresByType text/javascript "access plus 2592000 seconds"
ExpiresByType text/html "access plus 7200 seconds"
ExpiresByType application/xhtml+xml "access plus 7200 seconds"
ExpiresByType application/javascript A259200
ExpiresByType application/x-javascript "access plus 2592000 seconds"
ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds"
</IfModule>
# END Expire headers
# BEGIN Cache-Control Headers
<IfModule mod_headers.c>
<FilesMatch "\\.(ico|jpe?g|png|gif|swf|gz|ttf)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
<FilesMatch "\\.(css)$">
Header set Cache-Control "max-age=2592000, public"
</FilesMatch>
<FilesMatch "\\.(js)$">
Header set Cache-Control "max-age=2592000, private"
</FilesMatch>
<filesMatch "\\.(html|htm)$">
Header set Cache-Control "max-age=7200, public"
</filesMatch>
# Disable caching for scripts and other dynamic files
<FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
Header unset Cache-Control
</FilesMatch>
</IfModule>
# END Cache-Control Headers
# KILL THEM ETAGS
Header unset ETag
FileETag none
#empeche le listage des répertoires
Options -Indexes
Commentaire