aesecure comment crée une règle exception pour piwik

**messinmaisoui** · 23/10/2015, 07h29

Re : aesecure comment crée une règle exception pour piwik

Hello Fanfouet
ça a avancé de ton coté ?
Sinon donne ton .htaccess ...
En général je bloque plutôt les IP indésirables (deny from xxx.xxx.xxx.xxx)
que les autoriser ...

**Fanfouet** · 23/10/2015, 12h16

Re : aesecure comment crée une règle exception pour piwik

Merci de ton aide, non je n'ai pas vraiment avancé ..

Vlà mon htaccess... je voudrais juste que piwik puisse fonctionner

Merci encore

Code:

##################################################################################################
#
# aeSecure v2.0 (c) AVONTURE Christophe (http://www.aesecure.com/)
#
# !!! ---------------------------------------------------------------------------------------- !!!
# !!! DON'T MODIFIY THIS FILE MANUALLY.   IF YOU NEED TO ADD RULES IN IT, JUST USE YOUR        !!!
# !!! http://yoursite/aesecure/setup.php?YOUR_LONG_KEY PAGE INTERFACE AND GO TO OPTION 1.4     !!!
# !!! "Manual edit of your .htaccess"                                                          !!!
# !!! ---------------------------------------------------------------------------------------- !!!
#
# If the .htaccess file isn't working at all, check in your httpd.conf server file that
# AllowOverride variable is not set on None and in that case change the settings to All
#
# So change "AllowOveridde None" to "AllowOverride All" (without double-quote).  Restart then the Apache server.
#
##################################################################################################
#aeSecure 1.1

#AESECURE_BLOCKUSERAGENT_START
#AESECURE_BLOCKUSERAGENT_END
#AESECURE_BLOCKIP_START
#AESECURE_BLOCKIP_END
#AESECURE_BLOCKPARTURL_START
#AESECURE_BLOCKPARTURL_END
#AESECURE_BLOCKREFERRER_START
#AESECURE_BLOCKREFERRER_END

# Define the 403 - Access denied page
ErrorDocument 403 '<html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css" >body{color:#fff;background-color:#851507;font:14px/1.5 Helvetica,Arial,sans-serif};</style><title>Access denied</title></head><body><div style="margin:20px auto;width:700px;padding-top:50px"><img src="assets/aesecure_denied.png" style="float:right;" alt="aeSecure"/><h1>Access denied, unauthorized access.<br/><br/>If you think it"s an error, please inform the webmaster to help him to adjust his security rules.  Thank you.</h1><pre style="padding:20px;white-space:pre-line;border-radius:10px;background-color:#b34334">Code : 403 - Deny access</pre></div></body></html>'

# Force to mention index.html when trying to access f.i. to http://yoursite/images
<IfModule mod_autoindex.c>
 IndexIgnore *

 ##
 # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
 #
 # The line just below this section: 'Options +FollowSymLinks' may cause problems
 # with some server configurations.  It is required for use of mod_rewrite, but may already
 # be set by your server administrator in a way that dissallows changing it in
 # your .htaccess file.  If using it causes your server to error out, comment it out (add # to
 # beginning of line), reload your site in your browser and test your sef url's.  If they work,
 # it has been set by your server administrator and you do not need it set here.
 ##
 ## Can be commented out if causes errors, see notes above.
 Options +FollowSymLinks -Indexes
</IfModule>

# Define the default page ordering (first index.php if present, otherwise index.html)
DirectoryIndex index.php index.html

#AESECURE_MAINTENANCE_START
#AESECURE_MAINTENANCE_END

#AESECURE_COMPRESSION_START
#AESECURE_COMPRESSION_END

#Uncomment if want to force HTTPS and if your server can handle it
#RewriteCond %{HTTPS} off
#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# -------------------------------------------------------------------------
# -- Inclusion of the aeSecure Premium htaccess (only for Premium users) --

# -------------------------------------------------------------------------

# -------------------------------------------------------------------------
# ----------------------------- Site security -----------------------------
# -------------------------------------------------------------------------

# Activate PHP 5.4 which is more secure than older version
# Comment this line when php is no more executed but downloaded, it's the case on local webserver (localhost) or
# when your hosting company doesn't support php 5.4 yet
<IfModule mod_php5.c>
 #AddHandler application/x-httpd-php54 .php .php5 .php4 .php3.
</IfModule>

#AESECURE_FILEUPLOAD_START
#AESECURE_FILEUPLOAD_END

#AESECURE_ERRORREPORTING_START
#aeSecure 1.3
# Disable errors and warnings; don't allow the user to see them but redirect them into a logfile
<IfModule mod_php5.c>
 php_flag display_errors off
 php_flag log_errors on
 php_value track_errors on
 php_value error_log aesecure/logs/error.log
</IfModule>
#AESECURE_ERRORREPORTING_END

<IfModule mod_php5.c>

 # Be sure that these php.ini variables are correctly initialized
 php_value register_globals off

 # Disable magic_quotes (if not yet done in httpd.conf)
 php_flag magic_quotes_runtime off
 php_flag magic_quotes_sybase off

 # Set your default timezone.
 php_value date.timezone Europe/Brussels

 # Increase cookie security; reduce XSS attacks
 # http://www.php.net/manual/fr/session.configuration.php#ini.session.cookie-httponly
 # CAUSE PROBLEM WITH AUTHENTIFICATION IN JOOMLA!®  DON'T UNCOMMENT.
 #php_value session.cookie_secure true
 #php_value session.use_only_cookies true
 #php_value session.cookie_httponly true

 </IfModule>

# ------------------------------
# --- Block files/folders

<IfModule mod_rewrite.c>

 RewriteEngine On

 #AESECURE_BLOCKFILE_START
 #aesecure 1.7
 # Block direct access to these files : don't allow an url like f.i. http://yoursite/install.txt
 RewriteCond %{REQUEST_FILENAME} (boot.ini|changelog.php|changelog.txt|configuration.php|contributing.md|copyright.php|credits.php|htaccess.txt|httpd.conf|install.mysql)$ [NC,OR]
 RewriteCond %{QUERY_STRING} (boot.ini|changelog.php|changelog.txt|configuration.php|contributing.md|copyright.php|credits.php|htaccess.txt|httpd.conf|install.mysql).*$ [NC,OR]
 RewriteCond %{REQUEST_FILENAME} (install.pgsql|install.txt|joomla.xml|license.php|license.txt|maintainers.php|maintainers.txt|php.ini|phpinfo.php|readme.htm)$ [NC,OR]
 RewriteCond %{QUERY_STRING} (install.pgsql|install.txt|joomla.xml|license.php|license.txt|maintainers.php|maintainers.txt|php.ini|phpinfo.php|readme.htm).*$ [NC,OR]
 RewriteCond %{REQUEST_FILENAME} (readme.html|readme.txt|upgrade.php|upgrade.txt|web.config.txt|web.config|wp-config.php)$ [NC,OR]
 RewriteCond %{QUERY_STRING} (readme.html|readme.txt|upgrade.php|upgrade.txt|web.config.txt|web.config|wp-config.php).*$
 RewriteCond %{SCRIPT_FILENAME} -f
 RewriteRule .* /aefc/aesecure/accessdenied.php?s=148 [L]
 #AESECURE_BLOCKFILE_END

 # Never direct access to these files or folder (aesecure)
 # Block f.i. http://yoursite/.htaccess, http://yoursite/configuration.php, ...
 RewriteCond %{REQUEST_FILENAME} .*\.(phtm?l?|ash?x|aspx?|cfml?|cgi|pl|jsp|sql)$ [NC,OR]
 RewriteCond %{REQUEST_FILENAME} .*\.(bak|config|dll|exe|sql|ini|log|sh|inc|dist)$ [NC,OR]
 RewriteCond %{REQUEST_FILENAME} .*\.(htaccess|htaccess_old|htpasswd)$ [NC]
 RewriteCond %{SCRIPT_FILENAME} -f
 RewriteRule .* /aesecure/accessdenied.php?s=148 [L]

 # ------------------------------
 # --- Block fingerprint

 # Block &tp=1 or &tmpl=offline ...
 # Block f.i. http://yoursite/index.php?tmpl=offline
 RewriteCond %{QUERY_STRING} (^|&)tmpl=(system|offline) [NC]
 RewriteRule .* - [L]
 RewriteCond %{QUERY_STRING} (^|&)tp= [NC]
 RewriteRule .* - [F]

 # ------------------------------
 # --- Block specific querystring

 # PHP Easter Eggs
 # Block f.i. http://yoursite/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 but not if 
 # the request comes from the webserver himself (=allowed on localhost and serveur (since called by Joomla backend))
 RewriteCond %{REMOTE_ADDR} !127.0.0.1
 RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
 RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www\.med-innova\.ch [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=758 [L]

 # Block out any script trying to modify a _REQUEST / PHP GLOBAL variables via URL
 # Block out any script trying to set a PHP GLOBALS variable via URL.
 # Block f.i. http://yoursite/index.php?GLOBALS=SuperMe
 RewriteCond %{QUERY_STRING} ((\?|&)GLOBALS(=|\[|\%[0-9A-Z]{0,2})?) [NC,OR]
 RewriteCond %{QUERY_STRING} ((\?|&)_REQUEST(=|\[|\%[0-9A-Z]{0,2})?) [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=654 [L]

 # Block out any script that includes a <script> tag in URL.
 # Block f.i. http://yoursite/index.php?%3Cscript%3Ealert%28%27Msg%27%29;%3C/script%3E
 # Block f.i. http://yoursite/index.php?%3Ctable%20background=%22javascript:alert()%22%3E%3C/table%3E
 RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
 RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
 RewriteCond %{QUERY_STRING} ((java)?script:).*(;).* [NC,OR]   
 RewriteCond %{QUERY_STRING} .*(\&lt;script).* [NC] 
 RewriteRule .* /aesecure/accessdenied.php?s=541 [L]

 #xss blocage  For instance, a parameter on the querystring is an url (http://...)
 RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
 # Exception : the http:// parameter has been set by the website himself.  This is the case with WordPress, f.i. 
 # because wp-admin makes a redirection to wp-login.  Allow the server IP and localhost
 RewriteCond %{REMOTE_ADDR} !127.0.0.1
 RewriteCond %{REMOTE_ADDR} !xxx.xx.xx.xx RewriteCond %{QUERY_STRING} !option=com_akeeba&view=backup(.*)$ [NC]
 RewriteCond %{QUERY_STRING} !(.*)http(s)?://(www\.)?www\.med-innova\.ch(.*)$ [NC]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(s|%73|%53)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(s|%73|%53)%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(f|%66|%46)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)%20(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)%20(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)%20(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
 RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)%20(t|%74|%54)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=782 [L]

 # Block out any script trying to base64_encode data within the URL.
 # Block f.i. http://yoursite/index.php?ImageName=base64_encode(%22I'm%20an%20hacker...%20Tadaaa%22)
 RewriteCond %{QUERY_STRING} .*base64_(de|en)code.* [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=345 [L]

 # Block querystring where "PHPSESSID" appears.
 RewriteCond %{QUERY_STRING} ^.*PHPSESSID.*$ [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=310 [L]

 # Redirect tentative to use the com_users standard component of Joomla and
 # redirect to Community Builder
 #RewriteCond %{QUERY_STRING} option=com_users&view=login [NC]
 #RewriteRule .* index.php?option=com_comprofiler&task=login [L]

 # Prevent use of specified methods in HTTP Request,  but allow opensiteexplorer.org to do so
 # http://bodvoc.com/index.php?option=com_content&view=article&id=43&catid=2&Itemid=3; see rule #1
 RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
 RewriteCond %{HTTP_REFERER} !(www\.)?opensiteexplorer\.org/ [NC]
 RewriteCond %{HTTP_REFERER} !(www\.)?uptimerobot\.com/ [NC]
 RewriteCond %{HTTP_REFERER} !http://validator\.w3\.org/ [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=651 [L]

 # Block out use of illegal or unsafe characters in the HTTP Request
 # Block urls having a carriage return or linefeed in it
 # Block also urls having "wwwroot" or "public_html" in it.  Can be an hacker trying to access to a localfile
 # Block urls having "alert(", "char(", "eval(", "function(" ... 
 RewriteCond %{QUERY_STRING} .*((alert|char|eval|function|load_file)\().* [NC,OR]
 RewriteCond %{QUERY_STRING} .*(\_vti\_|crossdomain|wwwroot|public_html).* [NC,OR]
 RewriteCond %{QUERY_STRING} .*(\\r|\\n|%0A|%0D).* [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=429 [L]

 # No carriage return, line feed, escape (%27), ... in the query string
 # Block f.i. http://yoursite/index.php?value=%27
 RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%25|%27|%3C|%3E|%00).* [NC,OR]
 RewriteCond %{QUERY_STRING} ^.*((\/\*)?\*\/).* [NC,OR]
 RewriteCond %{QUERY_STRING} ^.*\|\|.* [NC]
 RewriteCond %{QUERY_STRING} !option=com_akeeba(.*)$ [NC]   # exception for Akeeba backup
 RewriteRule .* /aesecure/accessdenied.php?s=271 [L]

 # Block SQL injection tentatives
 # Block f.i. http://yoursite/index.php?%3CDROP%20TABLE%20jos_users%3E
 RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%25|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|declare|drop|update|md5|benchmark).* [NC,OR]
 RewriteCond %{QUERY_STRING} ^.*(%20)?([(])?(union|select|insert|cast|declare|group_concat|drop|update|md5|benchmark)%20.* [NC,OR] 
 RewriteCond %{QUERY_STRING} ^.*(%20|\+)(AND|OR)(%20|\+).* [NC,OR] 
 RewriteCond %{QUERY_STRING} ^.*(%20|\+)ORDER(%20|\+).* [NC,OR] 
 RewriteCond %{QUERY_STRING} ^.*%201\=1.* [NC] 
 RewriteRule .* /aesecure/accessdenied.php?s=682 [L]
 # Block urls trying to get access to the jos_ defaut prefix of Joomla 1.5
 RewriteCond %{QUERY_STRING} .*jos_.*  [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=682 [L]

 #Block functions in the querystring (f.i. String.fromCharCode)
 RewriteCond %{QUERY_STRING} ^.*string\.fromcharcode.* [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=352 [L]

 # Filter against shell attacks
 # Block f.i. http://yoursite/index.php?cmd=chmod or http://yoursite/index.php?act=tools&d=54
 # http://yoursite/index.php?page=../../../../proc/self/environ or http://yoursite/index.php?cmd=../../etc/passwd

 RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
 RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
 RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|uname|unzip|gunzip|grep|umask|telnet|ssh|ftp|mkmode|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
 RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
 RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
 RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
 RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
 RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
 RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
 RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
 RewriteCond %{QUERY_STRING} ^(.*)*etc(/|%2F)passwd* [OR]
 # Windows slashes \..
 RewriteCond %{QUERY_STRING} .*(((\\|%5C)\.\.\\)+).* [OR]
 # Unix slashes /..
 RewriteCond %{QUERY_STRING} .*(((\/|%2F)\.\.)+).* [OR]
 RewriteCond %{QUERY_STRING} ^(.*)*proc\/self\/environ* [NC]
 RewriteRule .* /aesecure/accessdenied.php?s=490 [L]
</IfModule>

#AESECURE_BLOCKHIDDENFOLDERS_START
#aesecure 2.6
# Block access to hidden files and directories.
# This includes directories used by version control systems such as Git and SVN.
<IfModule mod_rewrite.c>
 RewriteCond %{SCRIPT_FILENAME} -d [OR]
 RewriteCond %{SCRIPT_FILENAME} -f
 RewriteRule "(^|/)\." /aesecure/accessdenied.php?s=26 [L]
</IfModule>
#AESECURE_BLOCKHIDDENFOLDERS_END
#AESECURE_BLOCK_COM_USERS_START
#AESECURE_BLOCK_COM_USERS_END
#AESECURE_BADBOTS_START
#AESECURE_BADBOTS_END
#AESECURE_BLOCK_COMPONENTS_START
#AESECURE_BLOCK_COMPONENTS_END

# Disable Server Signature, be sure that PHP version number won't be transmitted
ServerSignature Off

# -------------------------------------------------------------------------
# -------------- IE aka Immonde Explorateur (Awful explorer)  -------------
# -------------------------------------------------------------------------

# Always force latest IE rendering engine (even in intranet) & Chrome Frame
# Read http://www.1stwebdesigner.com/design/snippets-html5-boilerplate/; X-UA-Compatible chapter
<IfModule mod_headers.c>
 <IfModule mod_setenvif.c>
    BrowserMatch MSIE ie
    Header set X-UA-Compatible "IE=Edge,chrome=1"
    # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
    <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff2?|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$" >
      Header unset X-UA-Compatible
    </FilesMatch>
 </IfModule>
</IfModule>

# -------------------------------------------------------------------------
# --------------------------- Site optimization ---------------------------
# -------------------------------------------------------------------------

#AESECURE_HOTLINKING_START
#AESECURE_HOTLINKING_END

<IfModule mod_rewrite.c>
 # Browsers trying to access to the site favicon from a bad locations...  This will generate 404 pages
 # and entries in logfiles; avoid this. Redirect to the good file
 #--- Commented because need to first verify if the querystring points to favicon or not.
 #--- need to verify too the existence of the /templates/favicon.ico file first
 #RewriteCond %{REQUEST_URI} !^/favicon\.ico [NC]
 #RewriteCond %{REQUEST_URI} favicon\.ico    [NC]
 #RewriteRule (.*) http://%{HTTP_HOST}/templates/favicon.ico [R=301,L]
</IfModule>

#AESECURE_WITHORNOTWWW_START
#AESECURE_WITHORNOTWWW_END

# Everything will be, by default, in utf-8, in French
AddDefaultCharset UTF-8
DefaultLanguage fr-FR

<IfModule mod_mime.c>
 AddType image/svg+xml .svg .svgz
 AddType application/x-gzip .gz .gzip .css.gz .js.gz
 AddCharset utf-8 .atom .css .js .json .rss .xml .css.gz .js.gz
</IfModule>

#AESECURE_PAGESPEED_START
#AESECURE_PAGESPEED_END
#AESECURE_EXPIREBYTYPE_START
#AESECURE_EXPIREBYTYPE_END
#AESECURE_MINIFY_START
#AESECURE_MINIFY_END
#AESECURE_BOTSNOARCHIVE_START
#AESECURE_BOTSNOARCHIVE_END
#AESECURE_BLOCKROBOTSTXT_START
#AESECURE_BLOCKROBOTSTXT_END

## force the latest IE version, in various cases when it may fall back to IE7 mode
## github.com/rails/rails/commit/123eb25#commitcomment-118920
## Use ChromeFrame if it's installed for a better experience for the poor IE folk
<IfModule mod_headers.c>

  # Just for the fun, doesn't have any impact.
  Header set Protected-by "aesecure (c) Christophe Avonture"

  # In case of, remove the X-Powered-By which reveal the PHP version number running on the server
  Header unset X-Powered-By

  # Disable ETags (French explanations : http://www.takeitweb.fr/blog/configurer-etags.html)
  Header unset ETag
  FileEtag None

</IfModule>

<IfModule mod_headers.c>
 ## Because X-UA-Compatible isn't sent to non-IE (to save header bytes),
 ## We need to inform proxies that content changes based on UA
 Header append Vary User-Agent
 ## Cache control is set only if mod_headers is enabled, so that's unncessary to declare
</IfModule>

#AESECURE_REDIRECTIONS_START
#AESECURE_REDIRECTIONS_END

# Include your manual changes here below
#AESECURE_OLDHTACCESS_START

##
# @package    Joomla
# @copyright  Copyright (C) 2005 - 2015 Open Source Matters. All rights reserved.
# @license    GNU General Public License version 2 or later; see LICENSE.txt
##

##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that disallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
##

## No directory listings
IndexIgnore *

## Can be commented out if causes errors, see notes above.
Options +FollowSymlinks
Options -Indexes

## Mod_rewrite in use.

RewriteEngine On

## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common expl0oits.

## Begin - Custom redirects

##rewrite non ww to www ##

RewriteEngine On
RewriteCond %{HTTP_HOST} ^med-innova.ch$
RewriteRule (.*) http://www.med-innova.ch//$1 [QSA,L,R=301]

##
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects

##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##

RewriteBase /

## Begin - Joomla! core SEF Section.
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.



#aeSecure 7.1
<IfModule mod_rewrite.c>

 RewriteEngine On

 # Joomla! core SEF Section
 # Workaround for HTTP authorization in CGI environment
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

 # If the requested path and file is not /index.php and the request
 # has not already been internally rewritten to the index.php script
 RewriteCond %{REQUEST_URI} !^/index\.php

 # and the request is for something within the component folder,
 # or for the site root, or for an extensionless URL, or the
 # requested URL ends with one of the listed extensions
 RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]

 # Never rewrite for existing files, directories and links
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME} !-l

 # internally rewrite the request to the index.php script
 RewriteRule .* index.php [L]

</IfModule>

#AESECURE_OLDHTACCESS_END

#AESECURE_REWRITE_START
#aeSecure 7.1
<IfModule mod_rewrite.c>

 RewriteEngine On

 # Joomla! core SEF Section
 # Workaround for HTTP authorization in CGI environment
 RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

 # If the requested path and file is not /index.php and the request
 # has not already been internally rewritten to the index.php script
 RewriteCond %{REQUEST_URI} !^/index\.php

 # and the request is for something within the component folder,
 # or for the site root, or for an extensionless URL, or the
 # requested URL ends with one of the listed extensions
 RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]

 # Never rewrite for existing files, directories and links
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME} !-l

 # internally rewrite the request to the index.php script
 RewriteRule .* index.php [L]

</IfModule>
#AESECURE_REWRITE_END

Envoyé par messinmaisoui Voir le message

Hello Fanfouet
ça a avancé de ton coté ?
Sinon donne ton .htaccess ...
En général je bloque plutôt les IP indésirables (deny from xxx.xxx.xxx.xxx)
que les autoriser ...

**messinmaisoui** · 23/10/2015, 12h43

Re : aesecure comment crée une règle exception pour piwik

.htaccess à sauvegarder impérativement d'abord !
Si tu ne sais pas faire, laisse tomber ...

Sinon rajouter 2 lignes
dans ce passage après la ligne 180

# Exception : the http:// parameter has been set by the website himself. This is the case with WordPress, f.i.
# because wp-admin makes a redirection to wp-login. Allow the server IP and localhost
RewriteCond %{REMOTE_ADDR} !127.0.0.1

pour obtenir ceci

# Exception : the http:// parameter has been set by the website himself. This is the case with WordPress, f.i.
# because wp-admin makes a redirection to wp-login. Allow the server IP and localhost
# Allow kiwi
RewriteCond %{REMOTE_ADDR} !46.14.126.250
RewriteCond %{REMOTE_ADDR} !127.0.0.1

Si plus de message parfait !
Sinon un coup dans l'eau ...
dans ce cas, remettre comme avant et attendre de nouvelles réponses ...

**Fanfouet** · 23/10/2015, 13h00

Re : aesecure comment crée une règle exception pour piwik

Non ce n'est pas mon ip, j'ai enlever quand même..

tu as une idée de comment autoriser piwik a se logger ?

**Fanfouet** · 23/10/2015, 13h02

Re : aesecure comment crée une règle exception pour piwik

Non ce n'est pas mon ip, je vais enlever quand même..

tu as une idée de comment autoriser piwik a se logger ?
j vois bien ou on peut bloqur des ip.. mais pas oú on peut les autoriser

**messinmaisoui** · 23/10/2015, 13h13

Re : aesecure comment crée une règle exception pour piwik

Voir mon message précédent Fanfouet ...

**cavo789** · 23/10/2015, 13h16

Re : aesecure comment crée une règle exception pour piwik

Bonjour

Comme vous le savez, je n'interviens pas pour du support sur aeSecure ailleurs que sur mon forum (pour Premium+ et Pro). Je vais faire une exception ici car la règle a été implémentée dans la prochaine version; toujours en cours de développement (mon temps est surtout pris par mon antivirus pour l'instant).

Le truc : aeSecure bloque une URL qui contient une URL.
Donc http tonsite/quelquechose?http tonsite est bloqué puisqu'il y a une nouvelle URL comme paramètre.

Toutefois, avec une exception, on peut autoriser tonsite à utiliser une URL contenant tonsite.

Ce qu'il faut faire :

0. Prends un backup du fichier .htaccess, au cas où

1. Cherche cette ligne dans ton .htaccess

Code:

#xss blocage  For instance, a parameter on the querystring is an url (http://...)

2. Tu vas trouver un bloc composé de plusieurs lignes; repère celle-ci :

Code:

RewriteCond %{REMOTE_ADDR} !127.0.0.1

Elle se trouve au début du bloc

3. Ajoute une nouvelle ligne juste en dessous et copie-colle ceci

Code:

RewriteCond %{QUERY_STRING} !(.*)https?(://|%3A%2F%2F)TONSITE\.com(.*)$

Et change "TONSITE" par ton nom de domaine et, au besoin le .com final par, p.ex., .fr

Sauve ton .htaccess en prenant soin de bien utiliser le format UTF8 NoBom.

Bonne journée.

**Fanfouet** · 23/10/2015, 13h39

Re : aesecure comment crée une règle exception pour piwik

Je te remercie infinniment Christophe & messinmaisoui...

Très bonne journée à vous

**Fanfouet** · 23/10/2015, 14h01

Re : aesecure comment crée une règle exception pour piwik

Envoyé par messinmaisoui Voir le message

.htaccess à sauvegarder impérativement d'abord !
Si tu ne sais pas faire, laisse tomber ...

Sinon rajouter 2 lignes
dans ce passage après la ligne 180

pour obtenir ceci

Si plus de message parfait !
Sinon un coup dans l'eau ...
dans ce cas, remettre comme avant et attendre de nouvelles réponses ...

Si jamais ta soluce a marché pour moi également

aesecure comment crée une règle exception pour piwik

[RÉGLÉ] aesecure comment crée une règle exception pour piwik

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Commentaire

Annonce

Partenaire de l'association