Erreurs après mise à jour 2.5.28 vers 3.x

**mike3184** · 31/01/2021, 11h11

Hello, le site est à nouveau en ligne, j'ai remis le domaine d'origine du coup je n'utilise plus le dossier www comme indiqué précédemment.
J'ai remis le .htaccess d'origine qui avait été généré par aesecure, mais vu qu'il a été abandonné, est-ce que vous pourriez jeter un oeil si il y a pas des choses qui ne sont pas forcément adapté sur Joomla3 et php 7.3 svp?

Code HTML:

################################################## ################################################
#
# aeSecure v2.1 (c) AVONTURE Christophe (http://www.aesecure.com/)
#
# !!! ---------------------------------------------------------------------------------------- !!!
# !!! DON'T MODIFIY THIS FILE MANUALLY. IF YOU NEED TO ADD RULES IN IT, JUST USE YOUR !!!
# !!! http://yoursite/aesecure/setup.php?YOUR_LONG_KEY PAGE INTERFACE AND GO TO OPTION 1.4 !!!
# !!! "Manual edit of your .htaccess" !!!
# !!! ---------------------------------------------------------------------------------------- !!!
#
# If the .htaccess file isn't working at all, check in your httpd.conf server file that
# AllowOverride variable is not set on None and in that case change the settings to All
#
# So change "AllowOveridde None" to "AllowOverride All" (without double-quote). Restart then the Apache server.
#
################################################## ################################################
#aeSecure 1.1

#AESECURE_BLOCKUSERAGENT_START
#AESECURE_BLOCKUSERAGENT_END
#AESECURE_BLOCKIP_START
#aeSecure 1.5
# Blacklist IP addresses: allow all except those mentionned below
order allow,deny
allow from all
Deny from 1.2.3.4
#AESECURE_BLOCKIP_END
#AESECURE_BLOCKPARTURL_START
#AESECURE_BLOCKPARTURL_END
#AESECURE_BLOCKREFERRER_START
#AESECURE_BLOCKREFERRER_END

# Define the 403 - Access denied page
ErrorDocument 403 '<html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css" >body{color:#fff;background-color:#851507;font:14px/1.5 Helvetica,Arial,sans-serif};</style><title>Access denied</title></head><body><div style="margin:20px auto;width:700px;padding-top:50px"><img src="assets/images/aesecure_denied.png" style="float:right;" alt="aeSecure"/><h1>Access denied, unauthorized access.<br/><br/>If you think it\'s an error, please inform the webmaster to help him to adjust his security rules. Thank you.</h1><pre style="padding:20px;white-spacere-line;border-radius:10px;background-color:#b34334">Code : 403 - Deny access</pre></div></body></html>'

# Force to mention index.html when trying to access f.i. to http://yoursite/images
<IfModule mod_autoindex.c>
IndexIgnore *

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations. It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file. If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's. If they work,
# it has been set by your server administrator and you do not need it set here.
##
## Can be commented out if causes errors, see notes above.
Options +FollowSymLinks -Indexes
</IfModule>

# Define the default page ordering (first index.php if present, otherwise index.html)
DirectoryIndex index.php index.html

#AESECURE_MAINTENANCE_START
#AESECURE_MAINTENANCE_END

#AESECURE_COMPRESSION_START
#AESECURE_COMPRESSION_END

#Uncomment if want to force HTTPS and if your server can handle it
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# -------------------------------------------------------------------------
# -- Inclusion of the aeSecure Premium htaccess (only for Premium users) --

# -------------------------------------------------------------------------

# -------------------------------------------------------------------------
# ----------------------------- Site security -----------------------------
# -------------------------------------------------------------------------

# Activate PHP 5.4 which is more secure than older version
# Comment this line when php is no more executed but downloaded, it's the case on local webserver (localhost) or
# when your hosting company doesn't support php 5.4 yet
<IfModule mod_php5.c>
#AddHandler application/x-httpd-php54 .php .php5 .php4 .php3.
</IfModule>

#AESECURE_FILEUPLOAD_START
#AESECURE_FILEUPLOAD_END

#AESECURE_ERRORREPORTING_START
#aeSecure 1.3
# Disable errors and warnings; don't allow the user to see them but redirect them into a logfile
<IfModule mod_php5.c>
php_flag display_errors off
php_flag log_errors on
php_value track_errors on
php_value error_log aesecure/logs/error.log
</IfModule>
#AESECURE_ERRORREPORTING_END

<IfModule mod_php5.c>

# Be sure that these php.ini variables are correctly initialized
php_value register_globals off

# Disable magic_quotes (if not yet done in httpd.conf)
php_flag magic_quotes_runtime off
php_flag magic_quotes_sybase off

# Set your default timezone.
php_value date.timezone Europe/Brussels

# Increase cookie security; reduce XSS attacks
# http://www.php.net/manual/fr/session.configuration.php#ini.session.cookie-httponly
# CAUSE PROBLEM WITH AUTHENTIFICATION IN JOOMLA!® DON'T UNCOMMENT.
#php_value session.cookie_secure true
#php_value session.use_only_cookies true
#php_value session.cookie_httponly true

</IfModule>

# ------------------------------
# --- Block files/folders

<IfModule mod_rewrite.c>

RewriteEngine On

#AESECURE_BLOCKFILE_START
#aesecure 1.7
# Block direct access to these files : don't allow an url like f.i. http://yoursite/install.txt
RewriteCond %{REQUEST_FILENAME} (boot.ini|changelog.php|changelog.txt|configuratio n.php|contributing.md|copyright.php|credits.php|ht access.txt|httpd.conf|install.mysql)$ [NC,OR]
RewriteCond %{QUERY_STRING} (boot.ini|changelog.php|changelog.txt|configuratio n.php|contributing.md|copyright.php|credits.php|ht access.txt|httpd.conf|install.mysql).*$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} (install.pgsql|install.txt|joomla.xml|license.php| license.txt|maintainers.php|maintainers.txt|php.in i|phpinfo.php|readme.htm)$ [NC,OR]
RewriteCond %{QUERY_STRING} (install.pgsql|install.txt|joomla.xml|license.php| license.txt|maintainers.php|maintainers.txt|php.in i|phpinfo.php|readme.htm).*$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} (readme.html|readme.txt|upgrade.txt|web.config.txt |web.config|wp-config.php)$ [NC,OR]
RewriteCond %{QUERY_STRING} (readme.html|readme.txt|upgrade.txt|web.config.txt |web.config|wp-config.php).*$
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule .* /aesecure/accessdenied.php?s=148 [L]
#AESECURE_BLOCKFILE_END

# Never direct access to these files or folder (aesecure)
# Block f.i. http://yoursite/.htaccess, http://yoursite/configuration.php, ...
RewriteCond %{REQUEST_FILENAME} .*\.(phtm?l?|ash?x|aspx?|cfml?|cgi|pl|jsp|sql)$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.(bak|config|dll|exe|sql|ini|log|sh|inc|dist)$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} .*\.(htaccess|htaccess_old|htpasswd)$ [NC]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule .* /aesecure/accessdenied.php?s=148 [L]

# ------------------------------
# --- Block fingerprint

# Block &tp=1 or &tmpl=offline ...
# Block f.i. http://yoursite/index.php?tmpl=offline
RewriteCond %{QUERY_STRING} (^|&)tmpl=(system|offline) [NC]
RewriteRule .* - [L]
RewriteCond %{QUERY_STRING} (^|&)tp= [NC]
RewriteRule .* - [F]

# ------------------------------
# --- Block specific querystring

# PHP Easter Eggs
# Block f.i. http://yoursite/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 but not if
# the request comes from the webserver himself (=allowed on localhost and serveur (since called by Joomla backend))
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www\.xxxx\.org [NC]
RewriteRule .* /aesecure/accessdenied.php?s=758 [L]

# Block out any script trying to modify a _REQUEST / PHP GLOBAL variables via URL
# Block out any script trying to set a PHP GLOBALS variable via URL.
# Block f.i. http://yoursite/index.php?GLOBALS=SuperMe
RewriteCond %{QUERY_STRING} ((\?|&)GLOBALS(=|\[|\%[0-9A-Z]{0,2})?) [NC,OR]
RewriteCond %{QUERY_STRING} ((\?|&)_REQUEST(=|\[|\%[0-9A-Z]{0,2})?) [NC]
RewriteRule .* /aesecure/accessdenied.php?s=654 [L]

# Block out any script that includes a <script> tag in URL.
# Block f.i. http://yoursite/index.php?%3Cscript%3Ealert%28%27Msg%27%29;%3C/script%3E
# Block f.i. http://yoursite/index.php?%3Ctable%20background=%22javascript:aler t(([code])%22%3E%3C/table%3E
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ((java)?script.*(.* [NC,OR]
RewriteCond %{QUERY_STRING} .*(\&lt;script).* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=541 [L]

#xss blocage For instance, a parameter on the querystring is an url (http://...)
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
# Exception : the http:// parameter has been set by the website himself. This is the case with WordPress, f.i.
# because wp-admin makes a redirection to wp-login. Allow the server IP and localhost
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteCond %{REMOTE_ADDR} !178.33.103.85
RewriteCond %{QUERY_STRING} !option=com_akeeba&view=backup(.*)$ [NC]
RewriteCond %{QUERY_STRING} !(.*)https?(://|%3A%2F%2F)www\.xxxx\.org(.*)$ [NC]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|% 74|%54)(p|%70|%50)(s|%73|%53)(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|% 74|%54)(p|%70|%50)(s|%73|%53)%3a(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|% 74|%54)(p|%70|%50)(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|% 74|%54)(p|%70|%50)%3a(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(f|%66|%46)(t|%74|%54)(p|% 70|%50)(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)%20( t|%74|%54)(p|%70|%50)(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|% 74|%54)%20(p|%70|%50)(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|% 74|%54)(p|%70|%50)%20(%3A|(/|%2F){2}(.*)$ [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)%20(t|%74|%54)( t|%74|%54)(p|%70|%50)(%3A|(/|%2F){2}(.*)$ [NC]
RewriteRule .* /aesecure/accessdenied.php?s=782 [L]

# Block out any script trying to base64_encode data within the URL.
# Block f.i. http://yoursite/index.php?ImageName=base64_encode(%22I'm%20an%20ha cker...%20Tadaaa%22)
RewriteCond %{QUERY_STRING} .*base64_(de|en)code.* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=345 [L]

# Block querystring where "PHPSESSID" appears.
RewriteCond %{QUERY_STRING} ^.*PHPSESSID.*$ [NC]
RewriteRule .* /aesecure/accessdenied.php?s=310 [L]

# Redirect tentative to use the com_users standard component of Joomla and
# redirect to Community Builder
#RewriteCond %{QUERY_STRING} option=com_users&view=login [NC]
#RewriteRule .* index.php?option=com_comprofiler&task=login [L]

# Prevent use of specified methods in HTTP Request, but allow opensiteexplorer.org to do so
# http://bodvoc.com/index.php?option=com_content&view=article&id=43&ca tid=2&Itemid=3; see rule #1
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
RewriteCond %{HTTP_REFERER} !(www\.)?opensiteexplorer\.org/ [NC]
RewriteCond %{HTTP_REFERER} !(www\.)?uptimerobot\.com/ [NC]
RewriteCond %{HTTP_REFERER} !http://validator\.w3\.org/ [NC]
RewriteRule .* /aesecure/accessdenied.php?s=651 [L]

# Block out use of illegal or unsafe characters in the HTTP Request
# Block urls having a carriage return or linefeed in it
# Block also urls having "wwwroot" or "public_html" in it. Can be an hacker trying to access to a localfile
# Block urls having "alert(", "char(", "eval(", "function(" ...
RewriteCond %{QUERY_STRING} .*((alert|char|eval|function|load_file)\().* [NC,OR]
RewriteCond %{QUERY_STRING} .*(\_vti\_|crossdomain|wwwroot|public_html).* [NC,OR]
RewriteCond %{QUERY_STRING} .*(\\r|\\n|%0A|%0D).* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=429 [L]

# No carriage return, line feed, escape (%27), ... in the query string
# Block f.i. http://yoursite/index.php?value=%27
RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%25|%27|%3C|%3E|%00).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*((\/\*)?\*\/).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\|\|.* [NC]
RewriteCond %{QUERY_STRING} !option=com_akeeba(.*)$ [NC] # exception for Akeeba backup
RewriteRule .* /aesecure/accessdenied.php?s=271 [L]

# Block SQL injection tentatives
# Block f.i. http://yoursite/index.php?%3CDROP%20TABLE%20jos_users%3E
RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%25|%27|%3C|%3E|%00). *(/\*|union|select|insert|cast|declare|drop|update|md 5|benchmark).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%20)?([(])?(union|select|insert|cast|declare|group_concat|d rop|update|md5|benchmark)%20.* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%20|\+)(AND|OR)(%20|\+).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%20|\+)ORDER(%20|\+).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*%201\=1.* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=682 [L]
# Block urls trying to get access to the jos_ defaut prefix of Joomla 1.5
RewriteCond %{QUERY_STRING} .*jos_.* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=682 [L]

#Block functions in the querystring (f.i. String.fromCharCode)
RewriteCond %{QUERY_STRING} ^.*string\.fromcharcode.* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=352 [L]

# Filter against shell attacks
# Block f.i. http://yoursite/index.php?cmd=chmod or http://yoursite/index.php?act=tools&d=54
# http://yoursite/index.php?page=../../../../proc/self/environ or http://yoursite/index.php?cmd=../../etc/passwd

RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp .*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpw riter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm ?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|unam e|unzip|gunzip|grep|umask|telnet|ssh|ftp|mkmode|lo gname|edit_file|search_text|find_text|php_eval|dow nload_file|ftp_file_down|ftp_file_up|ftp_brute|mai l_file|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|mass browsersploit|exploits|grablogins|upload.*)|((chmo d|f)&f=.*))$ [OR]
RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftp quickbrute|security|sql|eval|update|feedback|cmd|g ofile|mkfile)&d=.*$ [OR]
RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree& d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
RewriteCond %{QUERY_STRING} ^(.*)*etc(/|%2F)passwd* [OR]
# Windows slashes \..
RewriteCond %{QUERY_STRING} .*(((\\|%5C)\.\.\\)+).* [OR]
# Unix slashes /..
RewriteCond %{QUERY_STRING} .*(((\/|%2F)\.\.)+).* [OR]
RewriteCond %{QUERY_STRING} ^(.*)*proc\/self\/environ* [NC]
RewriteRule .* /aesecure/accessdenied.php?s=490 [L]
</IfModule>

#AESECURE_BLOCKHIDDENFOLDERS_START
#aesecure 2.6
# Block access to hidden files and directories.
# This includes directories used by version control systems such as Git and SVN.
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." /aesecure/accessdenied.php?s=26 [L]
</IfModule>
#AESECURE_BLOCKHIDDENFOLDERS_END
#AESECURE_BLOCK_COM_USERS_START
#AESECURE_BLOCK_COM_USERS_END
#AESECURE_BADBOTS_START
#aeSecure 2.3
# ------------------------------
# --- Block bad bots and spam

# Block website "aspirator" and well known bad bots. This list is NOT exhaustive.
<IfModule mod_setenvif.c>
SetEnvIfNoCase ^User-Agent$ .*(aesop_com_spiderman|ahrefsbot|alexibot|backweb| bandit|batchftp|bigfoot).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(black.?hole|blackwidow|blowfish|botalot|buddy|b uiltbottough|bullseye).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(cheesebot|cherrypicker|chinaclaw|collector|copi er|copyrightcheck).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(cosmos|crescent|curl|custo|da|diibot|disco|ditt ospyder|dragonfly).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(drip|easydl|ebingbong|ecatch|eirgrabber|emailco llector|emailsiphon).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(emailwolf|erocrawler|exabot|eyenetie|filehound| flashget|flunky).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(frontpage|getright|getweb|go.?zilla|go-ahead-got-it|gotit|grabnet).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(grafula|harvest|hloader|hmview|httplib|httrack| humanlinks|ilsebot).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(infonavirobot|infotekies|intelliseek|interget|i ria|jennybot|jetcar).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(joc|justview|jyxobot|kenjin|keyword|larbin|leec hftp|lexibot|lftp|libweb).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(likse|linkscan|linkwalker|lnspiderguy|lwp|magne t|mag-net|markwatch).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(mata.?hari|memo|microsoft.?url|midown.?tool|mii xpc|mirror|missigua).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(mister.?pix|mj12bot|moget|mozilla.?newt|namepro tect|navroad|backdoorbot|nearsite).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(net.?vampire|netants|netcraft|netmechanic|netsp ider|nextgensearchbot).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(attach|nicerspro|nimblecrawler|npbot|octopus|of fline.?explorer).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(offline.?navigator|openfind|outfoxbot|pagegrabb er|papa|pavuk).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(pcbrowser|php.?version.?tracker|pockey|propower bot|prowebwalker).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(psbot|pump|queryn|recorder|realdownload|reaper| reget|rogerbot|true_robot).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(repomonkey|rma|internetseer|sitesnagger|siphon| slysearch|smartdownload).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(snake|snapbot|snoopy|sogou|spacebison|spankbot| spanner|sqworm|superbot).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(superhttp|surfbot|asterias|suzuran|szukacz|take out|teleport).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(telesoft|the.?intraformant|thenomad|tighttwatbo t|titan|urldispatcher).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(turingos|turnitinbot|urly.?warning|vacuum|vci|v oideye|whacker).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(widow|wisenutbot|wwwoffle|xaldon|zeus|zyborg|an onymouse).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*web(zip|emaile|enhancer|fetch|go.?is|auto|bandit |clip|copier|master|reaper|sauger|site.?quester|wh ack).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja |clshttp|webspider|leacher|collector|grabber|webpi ctures).* HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spidermano).* HTTP_SAFE_BADBOT
# Don't redirect to the access denied page since the user agent can't definitly access to our pages
Order Deny,Allow
Allow from All
Deny from env=HTTP_SAFE_BADBOT
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
# Antispam (just populate the list of other keywords)
# Block f.i. http://yoursite/index.php?postmsg=ejaculation i.e. any querystring that contains one "blacklisted" word
RewriteCond %{QUERY_STRING} \b(ambien|blue\spill|cialis|cocaine|ejaculation|er ectile)\b [NC,OR]
RewriteCond %{QUERY_STRING} \b(********s|hoodia|huronriveracres|impotence|levi tra|libido)\b [NC,OR]
RewriteCond %{QUERY_STRING} \b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b [NC,OR]
RewriteCond %{QUERY_STRING} \b(ultram|unicauca|valium|******|vicodin|vuiton|xa nax|ypxaieo)\b [NC]
RewriteRule .* /aesecure/accessdenied.php?s=23 [L]
</IfModule>
#AESECURE_BADBOTS_END
#AESECURE_BLOCK_COMPONENTS_START
#AESECURE_BLOCK_COMPONENTS_END

# Disable Server Signature, be sure that PHP version number won't be transmitted
ServerSignature Off
# -------------------------------------------------------------------------
# -------------- IE aka Immonde Explorateur (Awful explorer) -------------
# -------------------------------------------------------------------------

# Always force latest IE rendering engine (even in intranet) & Chrome Frame
# Read http://www.1stwebdesigner.com/design/snippets-html5-boilerplate/; X-UA-Compatible chapter
<IfModule mod_headers.c>
<IfModule mod_setenvif.c>
BrowserMatch MSIE ie
Header set X-UA-Compatible "IE=Edge,chrome=1"
# mod_headers can't match by content-type, but we don't want to send this header on *everything*...
<FilesMatch "\.(js|css|gif|png|jpe?g|webp|pdf|xml|oga|ogg|m4a| ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff2?|ico|w ebp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$ " >
Header unset X-UA-Compatible
</FilesMatch>
</IfModule>
</IfModule>

# -------------------------------------------------------------------------
# --------------------------- Site optimization ---------------------------
# -------------------------------------------------------------------------

#AESECURE_HOTLINKING_START
#AESECURE_HOTLINKING_END

<IfModule mod_rewrite.c>
# Browsers trying to access to the site favicon from a bad locations... This will generate 404 pages
# and entries in logfiles; avoid this. Redirect to the good file
#--- Commented because need to first verify if the querystring points to favicon or not.
#--- need to verify too the existence of the /templates/favicon.ico file first
#RewriteCond %{REQUEST_URI} !^/favicon\.ico [NC]
#RewriteCond %{REQUEST_URI} favicon\.ico [NC]
#RewriteRule (.*) http://%{HTTP_HOST}/templates/favicon.ico [R=301,L]
</IfModule>

#AESECURE_WITHORNOTWWW_START
#aeSecure 7.2
# Redirect non-www to www pages, avoid duplicate content. Add prefix
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/aesecure/.*$
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
#AESECURE_WITHORNOTWWW_END

# Everything will be, by default, in utf-8, in French
AddDefaultCharset UTF-8
DefaultLanguage fr-FR

<IfModule mod_mime.c>
AddType image/svg+xml .svg .svgz .svg.gz
AddType application/x-gzip .gz .gzip
AddType text/css .css.gz
AddType text/html .html.gz .htm.gz
AddType image/x-icon .ico.gz .icon.gz
AddType text/plain .txt.gz
AddType text/json .json.gz
AddType text/xml .xml.gz
AddType application/xslt+xml .xsl.gz
AddType application/javascript .js.gz
AddCharset utf-8 .atom .css .js .json .rss .xml .css.gz .htm.gz .html.gz .js.gz .xml.gz
</IfModule>

#AESECURE_PAGESPEED_START
#AESECURE_PAGESPEED_END
#AESECURE_EXPIREBYTYPE_START
#AESECURE_EXPIREBYTYPE_END
#AESECURE_MINIFY_START
#AESECURE_MINIFY_END
#AESECURE_BOTSNOARCHIVE_START
#AESECURE_BOTSNOARCHIVE_END
#AESECURE_BLOCKROBOTSTXT_START
#AESECURE_BLOCKROBOTSTXT_END

## force the latest IE version, in various cases when it may fall back to IE7 mode
## github.com/rails/rails/commit/123eb25#commitcomment-118920
## Use ChromeFrame if it's installed for a better experience for the poor IE folk
<IfModule mod_headers.c>

# Just for the fun, doesn't have any impact.
Header set Protected-by "aesecure (c) Christophe Avonture"

# In case of, remove the X-Powered-By which reveal the PHP version number running on the server
Header unset X-Powered-By

# Disable ETags (French explanations : http://www.takeitweb.fr/blog/configurer-etags.html)
Header unset ETag
FileEtag None

</IfModule>

<IfModule mod_headers.c>
## Because X-UA-Compatible isn't sent to non-IE (to save header bytes),
## We need to inform proxies that content changes based on UA
Header append Vary User-Agent
## Cache control is set only if mod_headers is enabled, so that's unncessary to declare
</IfModule>

#AESECURE_REDIRECTIONS_START
#AESECURE_REDIRECTIONS_END

# Include your manual changes here below
#AESECURE_OLDHTACCESS_START
#aeSecure 1.4
#SetEnv PHP_VER 5_4
SetEnv REGISTER_GLOBALS 0
SetEnv MAGIC_QUOTES 0
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SN|NE|NG|CG|CI|BJ|BR|CN|UA|TW|RU$
RewriteRule .* - [F]
#AESECURE_OLDHTACCESS_END

#AESECURE_REWRITE_START
#aeSecure 7.1
<IfModule mod_rewrite.c>

RewriteEngine On

# Joomla! core SEF Section
# Workaround for HTTP authorization in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php

# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]

# Never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l

# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]

</IfModule>
#AESECURE_REWRITE_END

**RobertG** · 31/01/2021, 11h17

Bonjour,

Le plus simple est de désactiver sa personnalisation, de repartir de la version de base (htaccess.txt) puis de régénérer tous tes paramétrages.
Je l'utilise ainsi sur plus d'un site. La seule chose qui n'est plus disponible, c'est la récupération d'un certain nombre de données complémentaires sur le site aeSecure, puisque ce site n'est plus disponible.
Mais je me demande s'il y a vraiment intérêt à utiliser aeSecure ET Admintools.
aeSecure n'est pas adapté à PHP 7.4 et mets des avertissements, ce qui ne l'empêche pas de fonctionner.

**mike3184** · 31/01/2021, 11h22

En fait je n'ai pas réinstallé admintools ni akeeba backup d'ailleurs, j'avais trop peur d'avoir encore un problème

Et aesecure je ne sais pas si c'est encore possible de l'installer, je ne sais pas ce qui est le mieux à faire d'un point de vue sécurité du coup, vu que je ne maitrise pas vraiment le .htaccess...

**RobertG** · 31/01/2021, 11h34

A mon avis, si tu as toujours de pack aesecure, il doit s'installer, il m'est arrivé il n'y a pas si longtemps de le faire sur des versions récentes de Joomla! 3.
Sinon, le dossier peut très bien être copié.
Quant à Akeeba backup et Admintools, aucun problème !

**cavo789** · 31/01/2021, 12h01

Bonjour

Vu que le projet aesecure n'est plus suivi depuis deux ans, le plus raisonnable est, comme suggère par Robert, de repartir d'un htaccess propre (sans aesecure donc). Et si tu as AdminTools utilise le en lieu et place d'aeSecure.

Bonne journée

**mike3184** · 31/01/2021, 12h20

En fait il faut savoir que j'utilisais les versions gratuites de aesecure et admintools, ils me semblaient assez complémentaire mais peu être insuffisants en gratuit.

**mike3184** · 31/01/2021, 23h43

Bonsoir, j'ai réussi à remettre le site quasiment comme il était, j'ai un peu bricoler le template qui faisait appel à des fonctions qui ont changé, et j'ai surtout retrouvé un notepad que j'avais fait il y a quelques mois avec les changements à faire en 3.x, j'aurais aimé le trouve plus tôt mais bon x).

J'ai juste un truc que j'arrive pas à faire, c'est rien de bien grave, mais j'ai appliquer la procédure pour créer une page 404 personnalisé avec un lien vers un article et un lien de menu non publié, ça fonctionne très bien, mais l'url affichée n'est pas réécrite, elle est donc du type index.php?option=com_content&view=article&id=42.
J'ai bien activé les options de réécriture dans Joomla et dans le .htaccess, j'ai même mis une RewriteRule forcée, mais rien à faire, l'url n'est pas simplifiée.

Est-ce que vous savez pourquoi? Est-ce qu'il y a une astuce?

Merci.

Erreurs après mise à jour 2.5.28 vers 3.x

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Annonce

Partenaire de l'association