aesecure comment crée une règle exception pour piwik

Réduire
X
 
  • Filtrer
  • Heure
  • Afficher
Tout effacer
nouveaux messages

  • [RÉGLÉ] aesecure comment crée une règle exception pour piwik

    Bonjour,

    Mon site est en joomla 3, suite à un hack, j'ai refait et installé la version gratuite de aesecure, (merci à Christophe au passage).. j'utilise piwik pour les stats..

    aesecure empêche piwik de se logger:

    Code:
    "2015-10-21 14:15:11",xx.xx.xxx.xxx,/piwik/piwik.php?url=http://example.com,782,"Tentative d'exécution d'une attaque dite xss",,,"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56",
    d'ou ma question :

    Comment puis-je crée une règle d'exception pour que aesecure permette piwik se logger ??

    Je suis conscient que le développeur ne peux pas me donner la solution..

    est-ce bien dans le htaccess qu'il faut que j'agisse ? Si une bonne âme voulait bien m'aiguiller celà m'ôterait une belle épine du pied

    Je vous remercie chaleureusement d'avance,
    fanfouet
    Dernière édition par Fanfouet à 23/10/2015, 14h50

  • #2
    Re : aesecure comment crée une règle exception pour piwik

    Hello Fanfouet
    ça a avancé de ton coté ?
    Sinon donne ton .htaccess ...
    En général je bloque plutôt les IP indésirables (deny from xxx.xxx.xxx.xxx)
    que les autoriser ...
    Solidaire avec les dinosaures

    Commentaire


    • #3
      Re : aesecure comment crée une règle exception pour piwik

      Merci de ton aide, non je n'ai pas vraiment avancé ..

      Vlà mon htaccess... je voudrais juste que piwik puisse fonctionner

      Merci encore

      Code:
      ##################################################################################################
      #
      # aeSecure v2.0 (c) AVONTURE Christophe (http://www.aesecure.com/)
      #
      # !!! ---------------------------------------------------------------------------------------- !!!
      # !!! DON'T MODIFIY THIS FILE MANUALLY.   IF YOU NEED TO ADD RULES IN IT, JUST USE YOUR        !!!
      # !!! http://yoursite/aesecure/setup.php?YOUR_LONG_KEY PAGE INTERFACE AND GO TO OPTION 1.4     !!!
      # !!! "Manual edit of your .htaccess"                                                          !!!
      # !!! ---------------------------------------------------------------------------------------- !!!
      #
      # If the .htaccess file isn't working at all, check in your httpd.conf server file that
      # AllowOverride variable is not set on None and in that case change the settings to All
      #
      # So change "AllowOveridde None" to "AllowOverride All" (without double-quote).  Restart then the Apache server.
      #
      ##################################################################################################
      #aeSecure 1.1
      
      #AESECURE_BLOCKUSERAGENT_START
      #AESECURE_BLOCKUSERAGENT_END
      #AESECURE_BLOCKIP_START
      #AESECURE_BLOCKIP_END
      #AESECURE_BLOCKPARTURL_START
      #AESECURE_BLOCKPARTURL_END
      #AESECURE_BLOCKREFERRER_START
      #AESECURE_BLOCKREFERRER_END
      
      # Define the 403 - Access denied page
      ErrorDocument 403 '<html xmlns="http://www.w3.org/1999/xhtml"><head><style type="text/css" >body{color:#fff;background-color:#851507;font:14px/1.5 Helvetica,Arial,sans-serif};</style><title>Access denied</title></head><body><div style="margin:20px auto;width:700px;padding-top:50px"><img src="assets/aesecure_denied.png" style="float:right;" alt="aeSecure"/><h1>Access denied, unauthorized access.<br/><br/>If you think it"s an error, please inform the webmaster to help him to adjust his security rules.  Thank you.</h1><pre style="padding:20px;white-space:pre-line;border-radius:10px;background-color:#b34334">Code : 403 - Deny access</pre></div></body></html>'
      
      # Force to mention index.html when trying to access f.i. to http://yoursite/images
      <IfModule mod_autoindex.c>
       IndexIgnore *
      
       ##
       # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
       #
       # The line just below this section: 'Options +FollowSymLinks' may cause problems
       # with some server configurations.  It is required for use of mod_rewrite, but may already
       # be set by your server administrator in a way that dissallows changing it in
       # your .htaccess file.  If using it causes your server to error out, comment it out (add # to
       # beginning of line), reload your site in your browser and test your sef url's.  If they work,
       # it has been set by your server administrator and you do not need it set here.
       ##
       ## Can be commented out if causes errors, see notes above.
       Options +FollowSymLinks -Indexes
      </IfModule>
      
      # Define the default page ordering (first index.php if present, otherwise index.html)
      DirectoryIndex index.php index.html
      
      #AESECURE_MAINTENANCE_START
      #AESECURE_MAINTENANCE_END
      
      #AESECURE_COMPRESSION_START
      #AESECURE_COMPRESSION_END
      
      #Uncomment if want to force HTTPS and if your server can handle it
      #RewriteCond %{HTTPS} off
      #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
      
      # -------------------------------------------------------------------------
      # -- Inclusion of the aeSecure Premium htaccess (only for Premium users) --
      
      # -------------------------------------------------------------------------
      
      # -------------------------------------------------------------------------
      # ----------------------------- Site security -----------------------------
      # -------------------------------------------------------------------------
      
      # Activate PHP 5.4 which is more secure than older version
      # Comment this line when php is no more executed but downloaded, it's the case on local webserver (localhost) or
      # when your hosting company doesn't support php 5.4 yet
      <IfModule mod_php5.c>
       #AddHandler application/x-httpd-php54 .php .php5 .php4 .php3.
      </IfModule>
      
      #AESECURE_FILEUPLOAD_START
      #AESECURE_FILEUPLOAD_END
      
      #AESECURE_ERRORREPORTING_START
      #aeSecure 1.3
      # Disable errors and warnings; don't allow the user to see them but redirect them into a logfile
      <IfModule mod_php5.c>
       php_flag display_errors off
       php_flag log_errors on
       php_value track_errors on
       php_value error_log aesecure/logs/error.log
      </IfModule>
      #AESECURE_ERRORREPORTING_END
      
      <IfModule mod_php5.c>
      
       # Be sure that these php.ini variables are correctly initialized
       php_value register_globals off
      
       # Disable magic_quotes (if not yet done in httpd.conf)
       php_flag magic_quotes_runtime off
       php_flag magic_quotes_sybase off
      
       # Set your default timezone.
       php_value date.timezone Europe/Brussels
      
       # Increase cookie security; reduce XSS attacks
       # http://www.php.net/manual/fr/session.configuration.php#ini.session.cookie-httponly
       # CAUSE PROBLEM WITH AUTHENTIFICATION IN JOOMLA!®  DON'T UNCOMMENT.
       #php_value session.cookie_secure true
       #php_value session.use_only_cookies true
       #php_value session.cookie_httponly true
      
       </IfModule>
      
      # ------------------------------
      # --- Block files/folders
      
      <IfModule mod_rewrite.c>
      
       RewriteEngine On
      
       #AESECURE_BLOCKFILE_START
       #aesecure 1.7
       # Block direct access to these files : don't allow an url like f.i. http://yoursite/install.txt
       RewriteCond %{REQUEST_FILENAME} (boot.ini|changelog.php|changelog.txt|configuration.php|contributing.md|copyright.php|credits.php|htaccess.txt|httpd.conf|install.mysql)$ [NC,OR]
       RewriteCond %{QUERY_STRING} (boot.ini|changelog.php|changelog.txt|configuration.php|contributing.md|copyright.php|credits.php|htaccess.txt|httpd.conf|install.mysql).*$ [NC,OR]
       RewriteCond %{REQUEST_FILENAME} (install.pgsql|install.txt|joomla.xml|license.php|license.txt|maintainers.php|maintainers.txt|php.ini|phpinfo.php|readme.htm)$ [NC,OR]
       RewriteCond %{QUERY_STRING} (install.pgsql|install.txt|joomla.xml|license.php|license.txt|maintainers.php|maintainers.txt|php.ini|phpinfo.php|readme.htm).*$ [NC,OR]
       RewriteCond %{REQUEST_FILENAME} (readme.html|readme.txt|upgrade.php|upgrade.txt|web.config.txt|web.config|wp-config.php)$ [NC,OR]
       RewriteCond %{QUERY_STRING} (readme.html|readme.txt|upgrade.php|upgrade.txt|web.config.txt|web.config|wp-config.php).*$
       RewriteCond %{SCRIPT_FILENAME} -f
       RewriteRule .* /aefc/aesecure/accessdenied.php?s=148 [L]
       #AESECURE_BLOCKFILE_END
      
       # Never direct access to these files or folder (aesecure)
       # Block f.i. http://yoursite/.htaccess, http://yoursite/configuration.php, ...
       RewriteCond %{REQUEST_FILENAME} .*\.(phtm?l?|ash?x|aspx?|cfml?|cgi|pl|jsp|sql)$ [NC,OR]
       RewriteCond %{REQUEST_FILENAME} .*\.(bak|config|dll|exe|sql|ini|log|sh|inc|dist)$ [NC,OR]
       RewriteCond %{REQUEST_FILENAME} .*\.(htaccess|htaccess_old|htpasswd)$ [NC]
       RewriteCond %{SCRIPT_FILENAME} -f
       RewriteRule .* /aesecure/accessdenied.php?s=148 [L]
      
       # ------------------------------
       # --- Block fingerprint
      
       # Block &tp=1 or &tmpl=offline ...
       # Block f.i. http://yoursite/index.php?tmpl=offline
       RewriteCond %{QUERY_STRING} (^|&)tmpl=(system|offline) [NC]
       RewriteRule .* - [L]
       RewriteCond %{QUERY_STRING} (^|&)tp= [NC]
       RewriteRule .* - [F]
      
       # ------------------------------
       # --- Block specific querystring
      
       # PHP Easter Eggs
       # Block f.i. http://yoursite/index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 but not if 
       # the request comes from the webserver himself (=allowed on localhost and serveur (since called by Joomla backend))
       RewriteCond %{REMOTE_ADDR} !127.0.0.1
       RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
       RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?www\.med-innova\.ch [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=758 [L]
      
       # Block out any script trying to modify a _REQUEST / PHP GLOBAL variables via URL
       # Block out any script trying to set a PHP GLOBALS variable via URL.
       # Block f.i. http://yoursite/index.php?GLOBALS=SuperMe
       RewriteCond %{QUERY_STRING} ((\?|&)GLOBALS(=|\[|\%[0-9A-Z]{0,2})?) [NC,OR]
       RewriteCond %{QUERY_STRING} ((\?|&)_REQUEST(=|\[|\%[0-9A-Z]{0,2})?) [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=654 [L]
      
       # Block out any script that includes a <script> tag in URL.
       # Block f.i. http://yoursite/index.php?%3Cscript%3Ealert%28%27Msg%27%29;%3C/script%3E
       # Block f.i. http://yoursite/index.php?%3Ctable%20background=%22javascript:alert()%22%3E%3C/table%3E
       RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
       RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
       RewriteCond %{QUERY_STRING} ((java)?script:).*(;).* [NC,OR]   
       RewriteCond %{QUERY_STRING} .*(\&lt;script).* [NC] 
       RewriteRule .* /aesecure/accessdenied.php?s=541 [L]
      
       #xss blocage  For instance, a parameter on the querystring is an url (http://...)
       RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
       # Exception : the http:// parameter has been set by the website himself.  This is the case with WordPress, f.i. 
       # because wp-admin makes a redirection to wp-login.  Allow the server IP and localhost
       RewriteCond %{REMOTE_ADDR} !127.0.0.1
       RewriteCond %{REMOTE_ADDR} !xxx.xx.xx.xx RewriteCond %{QUERY_STRING} !option=com_akeeba&view=backup(.*)$ [NC]
       RewriteCond %{QUERY_STRING} !(.*)http(s)?://(www\.)?www\.med-innova\.ch(.*)$ [NC]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(s|%73|%53)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(s|%73|%53)%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)%3a(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(f|%66|%46)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)%20(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)%20(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)(t|%74|%54)(t|%74|%54)(p|%70|%50)%20(%3A|:)(/|%2F){2}(.*)$ [NC,OR]
       RewriteCond %{QUERY_STRING} ^(.*)(%3D|=|%3A|%09)(.*)(h|%68|%48)%20(t|%74|%54)(t|%74|%54)(p|%70|%50)(%3A|:)(/|%2F){2}(.*)$ [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=782 [L]
      
       # Block out any script trying to base64_encode data within the URL.
       # Block f.i. http://yoursite/index.php?ImageName=base64_encode(%22I'm%20an%20hacker...%20Tadaaa%22)
       RewriteCond %{QUERY_STRING} .*base64_(de|en)code.* [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=345 [L]
      
       # Block querystring where "PHPSESSID" appears.
       RewriteCond %{QUERY_STRING} ^.*PHPSESSID.*$ [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=310 [L]
      
       # Redirect tentative to use the com_users standard component of Joomla and
       # redirect to Community Builder
       #RewriteCond %{QUERY_STRING} option=com_users&view=login [NC]
       #RewriteRule .* index.php?option=com_comprofiler&task=login [L]
      
       # Prevent use of specified methods in HTTP Request,  but allow opensiteexplorer.org to do so
       # http://bodvoc.com/index.php?option=com_content&view=article&id=43&catid=2&Itemid=3; see rule #1
       RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE|DELETE|TRACK) [NC]
       RewriteCond %{HTTP_REFERER} !(www\.)?opensiteexplorer\.org/ [NC]
       RewriteCond %{HTTP_REFERER} !(www\.)?uptimerobot\.com/ [NC]
       RewriteCond %{HTTP_REFERER} !http://validator\.w3\.org/ [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=651 [L]
      
       # Block out use of illegal or unsafe characters in the HTTP Request
       # Block urls having a carriage return or linefeed in it
       # Block also urls having "wwwroot" or "public_html" in it.  Can be an hacker trying to access to a localfile
       # Block urls having "alert(", "char(", "eval(", "function(" ... 
       RewriteCond %{QUERY_STRING} .*((alert|char|eval|function|load_file)\().* [NC,OR]
       RewriteCond %{QUERY_STRING} .*(\_vti\_|crossdomain|wwwroot|public_html).* [NC,OR]
       RewriteCond %{QUERY_STRING} .*(\\r|\\n|%0A|%0D).* [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=429 [L]
      
       # No carriage return, line feed, escape (%27), ... in the query string
       # Block f.i. http://yoursite/index.php?value=%27
       RewriteCond %{QUERY_STRING} ^.*(<|>|'|%0A|%0D|%25|%27|%3C|%3E|%00).* [NC,OR]
       RewriteCond %{QUERY_STRING} ^.*((\/\*)?\*\/).* [NC,OR]
       RewriteCond %{QUERY_STRING} ^.*\|\|.* [NC]
       RewriteCond %{QUERY_STRING} !option=com_akeeba(.*)$ [NC]   # exception for Akeeba backup
       RewriteRule .* /aesecure/accessdenied.php?s=271 [L]
      
       # Block SQL injection tentatives
       # Block f.i. http://yoursite/index.php?%3CDROP%20TABLE%20jos_users%3E
       RewriteCond %{QUERY_STRING} ^.*(;|<|>|'|"|\)|%0A|%0D|%22|%25|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|declare|drop|update|md5|benchmark).* [NC,OR]
       RewriteCond %{QUERY_STRING} ^.*(%20)?([(])?(union|select|insert|cast|declare|group_concat|drop|update|md5|benchmark)%20.* [NC,OR] 
       RewriteCond %{QUERY_STRING} ^.*(%20|\+)(AND|OR)(%20|\+).* [NC,OR] 
       RewriteCond %{QUERY_STRING} ^.*(%20|\+)ORDER(%20|\+).* [NC,OR] 
       RewriteCond %{QUERY_STRING} ^.*%201\=1.* [NC] 
       RewriteRule .* /aesecure/accessdenied.php?s=682 [L]
       # Block urls trying to get access to the jos_ defaut prefix of Joomla 1.5
       RewriteCond %{QUERY_STRING} .*jos_.*  [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=682 [L]
      
       #Block functions in the querystring (f.i. String.fromCharCode)
       RewriteCond %{QUERY_STRING} ^.*string\.fromcharcode.* [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=352 [L]
      
       # Filter against shell attacks
       # Block f.i. http://yoursite/index.php?cmd=chmod or http://yoursite/index.php?act=tools&d=54
       # http://yoursite/index.php?page=../../../../proc/self/environ or http://yoursite/index.php?cmd=../../etc/passwd
      
       RewriteCond %{REQUEST_URI} .*((php|my)?shell|remview.*|phpremoteview.*|sshphp.*|pcom|nstview.*|c99|r57|webadmin.*|phpget.*|phpwriter.*|fileditor.*|locus7.*|storm7.*)\.(p?s?x?htm?l?|txt|aspx?|cfml?|cgi|pl|php[3-9]{0,1}|jsp?|sql|xml) [NC,OR]
       RewriteCond %{REQUEST_METHOD} (GET|POST) [NC]
       RewriteCond %{QUERY_STRING} ^(.*)([-_a-z]{1,15})=(chmod|chdir|mkdir|rmdir|clear|whoami|uname|unzip|gunzip|grep|umask|telnet|ssh|ftp|mkmode|logname|edit_file|search_text|find_text|php_eval|download_file|ftp_file_down|ftp_file_up|ftp_brute|mail_file|mysql_dump|db_query)([^a-zA-Z0-9].+)*$ [OR]
       RewriteCond %{QUERY_STRING} ^work_dir=.*$ [OR]
       RewriteCond %{QUERY_STRING} ^command=.*&output.*$ [OR]
       RewriteCond %{QUERY_STRING} ^nts_[a-z0-9_]{0,10}=.*$ [OR]
       RewriteCond %{QUERY_STRING} ^c=(t|setup|codes)$ [OR]
       RewriteCond %{QUERY_STRING} ^act=((about|cmd|selfremove|chbd|trojan|backc|massbrowsersploit|exploits|grablogins|upload.*)|((chmod|f)&f=.*))$ [OR]
       RewriteCond %{QUERY_STRING} ^act=(ls|search|fsbuff|encoder|tools|processes|ftpquickbrute|security|sql|eval|update|feedback|cmd|gofile|mkfile)&d=.*$ [OR]
       RewriteCond %{QUERY_STRING} ^&?c=(l?v?i?&d=|v&fnot=|setup&ref=|l&r=|d&d=|tree&d|t&d=|e&d=|i&d=|codes|md5crack).*$ [OR]
       RewriteCond %{QUERY_STRING} ^(.*)*etc(/|%2F)passwd* [OR]
       # Windows slashes \..
       RewriteCond %{QUERY_STRING} .*(((\\|%5C)\.\.\\)+).* [OR]
       # Unix slashes /..
       RewriteCond %{QUERY_STRING} .*(((\/|%2F)\.\.)+).* [OR]
       RewriteCond %{QUERY_STRING} ^(.*)*proc\/self\/environ* [NC]
       RewriteRule .* /aesecure/accessdenied.php?s=490 [L]
      </IfModule>
      
      #AESECURE_BLOCKHIDDENFOLDERS_START
      #aesecure 2.6
      # Block access to hidden files and directories.
      # This includes directories used by version control systems such as Git and SVN.
      <IfModule mod_rewrite.c>
       RewriteCond %{SCRIPT_FILENAME} -d [OR]
       RewriteCond %{SCRIPT_FILENAME} -f
       RewriteRule "(^|/)\." /aesecure/accessdenied.php?s=26 [L]
      </IfModule>
      #AESECURE_BLOCKHIDDENFOLDERS_END
      #AESECURE_BLOCK_COM_USERS_START
      #AESECURE_BLOCK_COM_USERS_END
      #AESECURE_BADBOTS_START
      #AESECURE_BADBOTS_END
      #AESECURE_BLOCK_COMPONENTS_START
      #AESECURE_BLOCK_COMPONENTS_END
      
      # Disable Server Signature, be sure that PHP version number won't be transmitted
      ServerSignature Off
      
      # -------------------------------------------------------------------------
      # -------------- IE aka Immonde Explorateur (Awful explorer)  -------------
      # -------------------------------------------------------------------------
      
      # Always force latest IE rendering engine (even in intranet) & Chrome Frame
      # Read http://www.1stwebdesigner.com/design/snippets-html5-boilerplate/; X-UA-Compatible chapter
      <IfModule mod_headers.c>
       <IfModule mod_setenvif.c>
          BrowserMatch MSIE ie
          Header set X-UA-Compatible "IE=Edge,chrome=1"
          # mod_headers can't match by content-type, but we don't want to send this header on *everything*...
          <FilesMatch "\.(js|css|gif|png|jpe?g|pdf|xml|oga|ogg|m4a|ogv|mp4|m4v|webm|svg|svgz|eot|ttf|otf|woff2?|ico|webp|appcache|manifest|htc|crx|xpi|safariextz|vcf)$" >
            Header unset X-UA-Compatible
          </FilesMatch>
       </IfModule>
      </IfModule>
      
      # -------------------------------------------------------------------------
      # --------------------------- Site optimization ---------------------------
      # -------------------------------------------------------------------------
      
      #AESECURE_HOTLINKING_START
      #AESECURE_HOTLINKING_END
      
      <IfModule mod_rewrite.c>
       # Browsers trying to access to the site favicon from a bad locations...  This will generate 404 pages
       # and entries in logfiles; avoid this. Redirect to the good file
       #--- Commented because need to first verify if the querystring points to favicon or not.
       #--- need to verify too the existence of the /templates/favicon.ico file first
       #RewriteCond %{REQUEST_URI} !^/favicon\.ico [NC]
       #RewriteCond %{REQUEST_URI} favicon\.ico    [NC]
       #RewriteRule (.*) http://%{HTTP_HOST}/templates/favicon.ico [R=301,L]
      </IfModule>
      
      #AESECURE_WITHORNOTWWW_START
      #AESECURE_WITHORNOTWWW_END
      
      # Everything will be, by default, in utf-8, in French
      AddDefaultCharset UTF-8
      DefaultLanguage fr-FR
      
      <IfModule mod_mime.c>
       AddType image/svg+xml .svg .svgz
       AddType application/x-gzip .gz .gzip .css.gz .js.gz
       AddCharset utf-8 .atom .css .js .json .rss .xml .css.gz .js.gz
      </IfModule>
      
      #AESECURE_PAGESPEED_START
      #AESECURE_PAGESPEED_END
      #AESECURE_EXPIREBYTYPE_START
      #AESECURE_EXPIREBYTYPE_END
      #AESECURE_MINIFY_START
      #AESECURE_MINIFY_END
      #AESECURE_BOTSNOARCHIVE_START
      #AESECURE_BOTSNOARCHIVE_END
      #AESECURE_BLOCKROBOTSTXT_START
      #AESECURE_BLOCKROBOTSTXT_END
      
      ## force the latest IE version, in various cases when it may fall back to IE7 mode
      ## github.com/rails/rails/commit/123eb25#commitcomment-118920
      ## Use ChromeFrame if it's installed for a better experience for the poor IE folk
      <IfModule mod_headers.c>
      
        # Just for the fun, doesn't have any impact.
        Header set Protected-by "aesecure (c) Christophe Avonture"
      
        # In case of, remove the X-Powered-By which reveal the PHP version number running on the server
        Header unset X-Powered-By
      
        # Disable ETags (French explanations : http://www.takeitweb.fr/blog/configurer-etags.html)
        Header unset ETag
        FileEtag None
      
      </IfModule>
      
      <IfModule mod_headers.c>
       ## Because X-UA-Compatible isn't sent to non-IE (to save header bytes),
       ## We need to inform proxies that content changes based on UA
       Header append Vary User-Agent
       ## Cache control is set only if mod_headers is enabled, so that's unncessary to declare
      </IfModule>
      
      #AESECURE_REDIRECTIONS_START
      #AESECURE_REDIRECTIONS_END
      
      # Include your manual changes here below
      #AESECURE_OLDHTACCESS_START
      
      ##
      # @package    Joomla
      # @copyright  Copyright (C) 2005 - 2015 Open Source Matters. All rights reserved.
      # @license    GNU General Public License version 2 or later; see LICENSE.txt
      ##
      
      ##
      # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
      #
      # The line just below this section: 'Options +FollowSymLinks' may cause problems
      # with some server configurations.  It is required for use of mod_rewrite, but may already
      # be set by your server administrator in a way that disallows changing it in
      # your .htaccess file.  If using it causes your server to error out, comment it out (add # to
      # beginning of line), reload your site in your browser and test your sef url's.  If they work,
      # it has been set by your server administrator and you do not need it set here.
      ##
      
      ## No directory listings
      IndexIgnore *
      
      ## Can be commented out if causes errors, see notes above.
      Options +FollowSymlinks
      Options -Indexes
      
      ## Mod_rewrite in use.
      
      RewriteEngine On
      
      ## Begin - Rewrite rules to block out some common exploits.
      # If you experience problems on your site block out the operations listed below
      # This attempts to block the most common type of exploit `attempts` to Joomla!
      #
      # Block out any script trying to base64_encode data within the URL.
      RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
      # Block out any script that includes a <script> tag in URL.
      RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
      # Block out any script trying to set a PHP GLOBALS variable via URL.
      RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
      # Block out any script trying to modify a _REQUEST variable via URL.
      RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
      # Return 403 Forbidden header and show the content of the root homepage
      RewriteRule .* index.php [F]
      #
      ## End - Rewrite rules to block out some common expl0oits.
      
      ## Begin - Custom redirects
      
      ##rewrite non ww to www ##
      
      RewriteEngine On
      RewriteCond %{HTTP_HOST} ^med-innova.ch$
      RewriteRule (.*) http://www.med-innova.ch//$1 [QSA,L,R=301]
      
      ##
      # If you need to redirect some pages, or set a canonical non-www to
      # www redirect (or vice versa), place that code here. Ensure those
      # redirects use the correct RewriteRule syntax and the [R=301,L] flags.
      #
      ## End - Custom redirects
      
      ##
      # Uncomment following line if your webserver's URL
      # is not directly related to physical file paths.
      # Update Your Joomla! Directory (just / for root).
      ##
      
      RewriteBase /
      
      ## Begin - Joomla! core SEF Section.
      #
      RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
      #
      # If the requested path and file is not /index.php and the request
      # has not already been internally rewritten to the index.php script
      RewriteCond %{REQUEST_URI} !^/index\.php
      # and the requested path and file doesn't directly match a physical file
      RewriteCond %{REQUEST_FILENAME} !-f
      # and the requested path and file doesn't directly match a physical folder
      RewriteCond %{REQUEST_FILENAME} !-d
      # internally rewrite the request to the index.php script
      RewriteRule .* index.php [L]
      #
      ## End - Joomla! core SEF Section.
      
      
      
      #aeSecure 7.1
      <IfModule mod_rewrite.c>
      
       RewriteEngine On
      
       # Joomla! core SEF Section
       # Workaround for HTTP authorization in CGI environment
       RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
      
       # If the requested path and file is not /index.php and the request
       # has not already been internally rewritten to the index.php script
       RewriteCond %{REQUEST_URI} !^/index\.php
      
       # and the request is for something within the component folder,
       # or for the site root, or for an extensionless URL, or the
       # requested URL ends with one of the listed extensions
       RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
      
       # Never rewrite for existing files, directories and links
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-l
      
       # internally rewrite the request to the index.php script
       RewriteRule .* index.php [L]
      
      </IfModule>
      
      #AESECURE_OLDHTACCESS_END
      
      #AESECURE_REWRITE_START
      #aeSecure 7.1
      <IfModule mod_rewrite.c>
      
       RewriteEngine On
      
       # Joomla! core SEF Section
       # Workaround for HTTP authorization in CGI environment
       RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
      
       # If the requested path and file is not /index.php and the request
       # has not already been internally rewritten to the index.php script
       RewriteCond %{REQUEST_URI} !^/index\.php
      
       # and the request is for something within the component folder,
       # or for the site root, or for an extensionless URL, or the
       # requested URL ends with one of the listed extensions
       RewriteCond %{REQUEST_URI} /component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
      
       # Never rewrite for existing files, directories and links
       RewriteCond %{REQUEST_FILENAME} !-f
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-l
      
       # internally rewrite the request to the index.php script
       RewriteRule .* index.php [L]
      
      </IfModule>
      #AESECURE_REWRITE_END


      Envoyé par messinmaisoui Voir le message
      Hello Fanfouet
      ça a avancé de ton coté ?
      Sinon donne ton .htaccess ...
      En général je bloque plutôt les IP indésirables (deny from xxx.xxx.xxx.xxx)
      que les autoriser ...
      Dernière édition par Fanfouet à 23/10/2015, 12h58

      Commentaire


      • #4
        Re : aesecure comment crée une règle exception pour piwik

        .htaccess à sauvegarder impérativement d'abord !
        Si tu ne sais pas faire, laisse tomber ...

        Sinon rajouter 2 lignes
        dans ce passage après la ligne 180

        # Exception : the http:// parameter has been set by the website himself. This is the case with WordPress, f.i.
        # because wp-admin makes a redirection to wp-login. Allow the server IP and localhost
        RewriteCond %{REMOTE_ADDR} !127.0.0.1
        pour obtenir ceci

        # Exception : the http:// parameter has been set by the website himself. This is the case with WordPress, f.i.
        # because wp-admin makes a redirection to wp-login. Allow the server IP and localhost
        # Allow kiwi
        RewriteCond %{REMOTE_ADDR} !46.14.126.250

        RewriteCond %{REMOTE_ADDR} !127.0.0.1
        Si plus de message parfait !
        Sinon un coup dans l'eau ...
        dans ce cas, remettre comme avant et attendre de nouvelles réponses ...
        Dernière édition par messinmaisoui à 23/10/2015, 13h08
        Solidaire avec les dinosaures

        Commentaire


        • #5
          Re : aesecure comment crée une règle exception pour piwik

          Non ce n'est pas mon ip, j'ai enlever quand même..

          tu as une idée de comment autoriser piwik a se logger ?

          Commentaire


          • #6
            Re : aesecure comment crée une règle exception pour piwik

            Non ce n'est pas mon ip, je vais enlever quand même..

            tu as une idée de comment autoriser piwik a se logger ?
            j vois bien ou on peut bloqur des ip.. mais pas oú on peut les autoriser

            Commentaire


            • #7
              Re : aesecure comment crée une règle exception pour piwik

              Voir mon message précédent Fanfouet ...
              Solidaire avec les dinosaures

              Commentaire


              • #8
                Re : aesecure comment crée une règle exception pour piwik

                Bonjour

                Comme vous le savez, je n'interviens pas pour du support sur aeSecure ailleurs que sur mon forum (pour Premium+ et Pro). Je vais faire une exception ici car la règle a été implémentée dans la prochaine version; toujours en cours de développement (mon temps est surtout pris par mon antivirus pour l'instant).

                Le truc : aeSecure bloque une URL qui contient une URL.
                Donc http tonsite/quelquechose?http tonsite est bloqué puisqu'il y a une nouvelle URL comme paramètre.

                Toutefois, avec une exception, on peut autoriser tonsite à utiliser une URL contenant tonsite.

                Ce qu'il faut faire :

                0. Prends un backup du fichier .htaccess, au cas où

                1. Cherche cette ligne dans ton .htaccess
                Code:
                #xss blocage  For instance, a parameter on the querystring is an url (http://...)
                2. Tu vas trouver un bloc composé de plusieurs lignes; repère celle-ci :
                Code:
                RewriteCond %{REMOTE_ADDR} !127.0.0.1
                Elle se trouve au début du bloc

                3. Ajoute une nouvelle ligne juste en dessous et copie-colle ceci
                Code:
                RewriteCond %{QUERY_STRING} !(.*)https?(://|%3A%2F%2F)TONSITE\.com(.*)$
                Et change "TONSITE" par ton nom de domaine et, au besoin le .com final par, p.ex., .fr

                Sauve ton .htaccess en prenant soin de bien utiliser le format UTF8 NoBom.

                Bonne journée.
                Christophe (cavo789)
                Mon blog, on y parle Docker, PHP, WSL, Markdown et plein d'autres choses : https://www.avonture.be
                Logiciel gratuit de scan antivirus : https://github.com/cavo789/aesecure_quickscan (plus de 45.000 virus détectés, 700.000 fichiers sur liste blanche)​

                Commentaire


                • #9
                  Re : aesecure comment crée une règle exception pour piwik

                  Je te remercie infinniment Christophe & messinmaisoui...

                  Très bonne journée à vous

                  Commentaire


                  • #10
                    Re : aesecure comment crée une règle exception pour piwik

                    Envoyé par messinmaisoui Voir le message
                    .htaccess à sauvegarder impérativement d'abord !
                    Si tu ne sais pas faire, laisse tomber ...

                    Sinon rajouter 2 lignes
                    dans ce passage après la ligne 180



                    pour obtenir ceci



                    Si plus de message parfait !
                    Sinon un coup dans l'eau ...
                    dans ce cas, remettre comme avant et attendre de nouvelles réponses ...
                    Si jamais ta soluce a marché pour moi également

                    Commentaire

                    Annonce

                    Réduire
                    Aucune annonce pour le moment.

                    Partenaire de l'association

                    Réduire

                    Hébergeur Web PlanetHoster
                    Travaille ...
                    X