Demande d'avis sur notre nouveau site internet : BIW Agency

Réduire
X
 
  • Filtrer
  • Heure
  • Afficher
Tout effacer
nouveaux messages

  • Demande d'avis sur notre nouveau site internet : BIW Agency

    Bonjour,

    J'aimerai avoir l'avis de la communauté sur notre nouveau site web www.biw.agency
    • Version de Joomla 3.93
    • Template Helix Ultimate JoomShaper
    • Extensions Principalement Page Builder de JoomShaper, JD form + pas mal de plugins (JCH, SEO-simple, SEOFLI)
    • Hébergeur : SiteGround
    • Description : Agence Web SEO
    Pour la critique tout élément est bon a prendre ^_^
    • Seo
    • Optimisation
    • Lisibilité
    • Expérience utilisateur
    • Design
    N’hésiter pas à être dur avec nous ^_^
    Dernière édition par BIW Agency à 04/03/2019, 21h07

  • #2
    Bonjour,

    Il est utile de suivre les instructions suivantes pour présenter son site : https://forum.joomla.fr/forum/th%C3%...oposer-un-site
    Merci !
    "Patience et longueur de temps font plus que force ni que rage..." (La Fontaine : Le Lion et le Rat) - "Il n'y a pas de problèmes; il n'y a que des solutions" (André Gide).
    MoovJla et LazyDbBackup sur www.joomxtensions.com - FaQ sur www.fontanil.info - Site pro : www.robertg-conseil.fr chez PHPNET, sites perso chez PlanetHoster + sites gérés chez PHPNET, PlanetHoster, Ionos et OVH

    Commentaire


    • #3
      N’hésiter pas à être dur avec nous ^_^
      Site déplacé vers "sites non conformes" en attente de mise en conformité avec les règles du forum.
      Lorsque l'on se cogne la tête contre un pot et que cela sonne creux, ça n'est pas forcément le pot qui est vide.
      Confucius

      Commentaire


      • #4
        Bonsoir,
        en effet .. il faut nous en dire plus .... mais la première impression est TRES bonne .... aucun doute, un très joli site bien construit, bien pensé ... etc
        Ce forum, vous l'aimez ? il vous a sauvé la vie ? Vous y apprenez chaque jour ? Alors adhérez à l'AFUJ https://www.joomla.fr/association/adherer
        Cette année, le JoomlaDay FR a lieu à Bruxelles, les 20 et 21 mai 2022, plus d'infos et inscriptions : www.joomladay.fr

        Commentaire


        • #5
          Envoyé par RobertG Voir le message
          Bonjour,

          Il est utile de suivre les instructions suivantes pour présenter son site : https://forum.joomla.fr/forum/th%C3%...oposer-un-site
          Merci !
          Voilà je pense avoir fait tout le nécessaire ?

          Commentaire


          • #6
            Bonjour

            La page d'accueil est plutôt sexy.

            Pour ma part, j'ai juste tenter de tester un peu et très basiquement la sécurité : ai-je accès à la page /administrator (non), ai-je accès aux PHP Easter Eggs (non), ai-je accès à la version de Joomla (oui), ai-je accès à la version d'Akeeba Backup (oui).

            Je te suggère d'ajouter une petite couche de protection pour interdire l'accès aux fichiers .xml se trouvant dans ton administrator (exemple : https://www.biw.agency/administrator...les/joomla.xml). Cela se règle au travers d'un fichier .htaccess que tu déposes à la racine du site ou dans /administrator et où tu fais un deny des fichiers dont l'extension est .xml.

            Bonne journée.
            Christophe (cavo789)
            Mon blog, on y parle Docker, PHP, WSL, Markdown et plein d'autres choses : https://www.avonture.be
            Logiciel gratuit de scan antivirus : https://github.com/cavo789/aesecure_quickscan (plus de 45.000 virus détectés, 700.000 fichiers sur liste blanche)​

            Commentaire


            • #7
              Un grand merci pour ton aide surtout qu'il faut que je sécurise correctement mes sites, ça évite pas mal de problèmes.
              Surtout avec le rgpd maintenant toutes intrusions détecté devrait faire l'objet d'un rapport et d'informé les clients

              Les deny pour les ifram j'ai j'aimai réussit à les placer mais est-ce utile?

              Sinon c'est bien ça que je dois rajouter sur serveur apache
              <Files ~ "\.xml$"> Order allow,deny Deny from all </Files>

              Commentaire


              • #8
                Parlant sécurité, j'ajouterai que les redirections vers https, www sont dans le mauvais ordre.

                Test de redirection web et réponses HTTP


                que le site la pas de CSP ni de réponses httpheaders.

                Le site en lui-même est très bien fait., agréable.

                These are the scan results for biw.agency which scored the grade B.

                Dernière édition par Eddy.vh à 06/03/2019, 06h55
                Cordialement.
                __
                Eddy !!!
                Tutoriels BreezingForms en Français : https://www.breezingforms.eddy-vh.com/

                Commentaire


                • #9
                  Merci, je vais essayé de faire ça ce soir pour pas tout faire sauté ^_^

                  Car moi les paramètres de sécurité, j'ai du mal à les comprendre c'est pas trop mon domaine de prédilection, je suis plus orienté commercial et SEO

                  F : ça me fait réfléchir pensais être plus sav que ça ^_^

                  Je reviens avec un feedback de la mise en place des différentes sécurités

                  Commentaire


                  • #10
                    J'ai tenté d'optimiser mon .htacess mais je cale complet erreur 403 sur erreur 403
                    en plus de ça vu que j'ai JCH qui remet une couche, j'y comprends rien
                    Pour la sécurisation des xml, j'ai 4 sites map bloqué, j'arrive pas à lui dire de pas les passer en erreur 500
                    Donc ça c'est le .htacess que j'ai tenté de bosser

                    # If you experience problems on your site then comment out the operations listed
                    # below by adding a # to the beginning of the line.
                    # This attempts to block the most common type of exploit `attempts` on Joomla!
                    #
                    # Block any script trying to base64_encode data within the URL.
                    RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
                    # Block any script that includes a <script> tag in URL.
                    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
                    # Block any script trying to set a PHP GLOBALS variable via URL.
                    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
                    # Block any script trying to modify a _REQUEST variable via URL.
                    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
                    # Return 403 Forbidden header and show the content of the root home page
                    RewriteRule .* index.php [F]
                    #
                    ## End - Rewrite rules to block out some common exploits.

                    ## Begin - Custom redirects
                    #
                    # If you need to redirect some pages, or set a canonical non-www to
                    # www redirect (or vice versa), place that code here. Ensure those
                    # redirects use the correct RewriteRule syntax and the [R=301,L] flags.
                    #
                    ## End - Custom redirects

                    ##
                    # Uncomment the following line if your webserver's URL
                    # is not directly related to physical file paths.
                    # Update Your Joomla! Directory (just / for root).
                    ##

                    # RewriteBase /

                    ## Begin - Joomla! core SEF Section.
                    #
                    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
                    #
                    # If the requested path and file is not /index.php and the request
                    # has not already been internally rewritten to the index.php script
                    RewriteCond %{REQUEST_URI} !^/index\.php
                    # and the requested path and file doesn't directly match a physical file
                    RewriteCond %{REQUEST_FILENAME} !-f
                    # and the requested path and file doesn't directly match a physical folder
                    RewriteCond %{REQUEST_FILENAME} !-d
                    # internally rewrite the request to the index.php script
                    RewriteRule .* index.php [L]
                    #
                    ## End - Joomla! core SEF Section.
                    <IfModule mod_headers.c>

                    # Add CSP (Content Security Policy)
                    Header set Protected-by "What-you-want-or-just-drop-this-line"

                    # Replace XXXXXXXXXXXXXX by your site name like www.yoursite.com
                    Header always set Feature-Policy "camera 'none'; fullscreen 'self'; microphone 'none'; payment 'none'; sync-xhr 'self' www.biw.agency"

                    # Blocks a request if the requested type is
                    # "style" and the MIME type is not "text/css", or
                    # "script" and the MIME type is not a JavaScript MIME type.
                    Header set X-Content-Type-Options "nosniff"

                    # Prevent from Clickjacking by allowing frame to be displayed only
                    # on the same origin as the page itself.
                    Header always set X-Frame-Options SAMEORIGIN

                    # Force HTTPS (don't use this if you're still on http)
                    # env=HTTPS didn't work... but while "expr=%{HTTPS} == 'on'" is well working
                    # see https://stackoverflow.com/questions/...32711_24145033
                    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" "expr=%{HTTPS} == 'on'"

                    # Enables XSS filtering. Rather than sanitizing the page, the browser
                    # will prevent rendering of the page if an attack is detected.
                    Header always set X-XSS-Protection "1; mode=block"

                    # The Referrer header will be omitted entirely. No referrer information is
                    # sent along with requests.
                    Header always set Referrer-Policy "no-referrer"

                    # CSP : define / whitelist domains where files can be loaded
                    # (f.i. fonts.googleapis.com, ...)
                    # This should be done for scripts, images, styles, frame, ...
                    # Replace XXXXXXXXXXXXXX by your site name like https://www.yoursite.com
                    # ----------------------------------------------------------------------
                    # UNCOMMENT THE FOLLOWING LINE ONLY IF YOU KNOW WHAT YOU'RE DOING.
                    # THIS LINE CAN BREAK YOUR SITE SO, ENABLE IT AND TEST YOUR SITE A LOT,
                    # ALL PAGES IF POSSIBLE.
                    # ----------------------------------------------------------------------
                    #Header set Content-Security-Policy: "default-src 'self'; base-uri 'self'; form-action 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://ajax.googleapis.com https://www.google.com https://www.google-analytics.com https://code.jquery.com https://www.gstatic.com https://maxcdn.bootstrapcdn.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com https://unpkg.com; font-src 'self' data: https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://fonts.googleapis.com https://cdnjs.cloudflare.com https://stackpath.bootstrapcdn.com; img-src 'self' data: https://www.paypal.com https://raw.githubusercontent.com; frame-src www.biw.agency https://www.google.com https://www.youtube.com; frame-ancestors 'none'"
                    </IfModule>
                    <FilesMatch "(file_1\.gif|file_2\.png)">
                    Order Allow,Deny
                    Deny from all
                    </FilesMatch>
                    RewriteCond %{REQUEST_FILENAME} !(.*)\.(bmp|css|eot|html?|icon?|jpe?g|js|gif|pdf|p ng|svg|te?xt|ttf|webp|woff2?|xml|zip)$
                    RewriteRule . - [F]

                    <IfModule mod_rewrite.c>
                    RewriteCond %{SCRIPT_FILENAME} -d [OR]
                    RewriteCond %{SCRIPT_FILENAME} -f
                    RewriteRule "(^|/)\." - [F]
                    </IfModule>

                    <FilesMatch "\.(tex|log|aux)$">
                    Header set Content-Type text/plain
                    </FilesMatch>

                    <FilesMatch "\.(pdf)$">
                    ForceType application/octet-stream
                    Header set Content-Disposition attachment
                    </FilesMatch>
                    <IfModule mod_rewrite.c>

                    # Rewrite the URL to force https and www.
                    RewriteEngine On

                    # Compliant with hstspreload.org : first redirect to https if needed
                    RewriteCond %{HTTPS} !=on
                    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

                    # then redirect to www. when the prefix wasn't mentionned
                    # hstspreload.org seems to not really like to make the two at once
                    RewriteCond %{HTTP_HOST} !^www\.biw\.agency
                    RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

                    </IfModule>

                    <IfModule mod_php5.c>
                    php_flag display_errors on
                    php_flag log_errors on
                    php_flag track_errors on
                    php_value error_log error.log
                    </IfModule>

                    <IfModule mod_deflate.c>
                    SetOutputFilter DEFLATE
                    <IfModule mod_filter.c>
                    AddOutputFilterByType DEFLATE application/font-otf application/font-ttf application/font-woff application/javascript application/json application/manifest+json application/rss+xml application/vnd.ms-fontobject application/xhtml+xml application/xml application/x-javascript image/svg+xml text/css text/csv text/html text/javascript text/plain text/xml
                    </IfModule>
                    </IfModule>
                    # On somes hosters, mod_deflate isn't installed but well mod_gzip.
                    <IfModule mod_gzip.c>
                    mod_gzip_on Yes
                    mod_gzip_dechunk Yes
                    mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
                    mod_gzip_item_include handler ^cgi-script$
                    mod_gzip_item_include mime ^text/.*
                    mod_gzip_item_include mime ^application/font-otf
                    mod_gzip_item_include mime ^application/font-ttf
                    mod_gzip_item_include mime ^application/font-woff
                    mod_gzip_item_include mime ^application/vnd.ms-fontobject
                    mod_gzip_item_include mime ^application/x-javascript.*
                    mod_gzip_item_exclude mime ^image/.*
                    mod_gzip_item_include mime ^image/svg+xml*
                    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
                    </IfModule>
                    <IfModule mod_headers.c>
                    # Keep the connection alive (not really related to expirations but really increase download speed
                    Header set Connection keep-alive
                    </IfModule>

                    <IfModule mod_expires.c>

                    ExpiresActive On

                    # Default expiration: 1 hour after request
                    ExpiresDefault "access plus 1 month"

                    # CSS and JS expiration
                    ExpiresByType text/css "access 1 month"
                    ExpiresByType text/javascript "access 1 month"
                    ExpiresByType application/javascript "access 1 month"
                    ExpiresByType application/x-javascript "access 1 month"

                    # webfonts
                    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
                    ExpiresByType application/x-font-woff "access 1 year"
                    ExpiresByType application/x-font-woff2 "access 1 year"
                    ExpiresByType font/eot "access plus 1 month"
                    ExpiresByType font/truetype "access 1 year"
                    ExpiresByType font/opentype "access 1 year"
                    ExpiresByType font/woff "access 1 year"
                    ExpiresByType image/svg+xml "access 1 year"
                    ExpiresByType application/vnd.ms-fontobject "access 1 year"
                    ExpiresByType application/font-otf "access 1 year"
                    ExpiresByType application/font-ttf "access 1 year"
                    ExpiresByType application/font-woff "access 1 year"
                    ExpiresByType application/x-font-ttf "access 1 year"

                    # Media
                    AddType image/vnd.microsoft.icon .cur
                    ExpiresByType application/ico "access 1 year"
                    ExpiresByType audio/ogg "access plus 1 month"
                    ExpiresByType image/bmp "access plus 1 month"
                    ExpiresByType image/gif "access 1 month"
                    ExpiresByType image/ico "access 1 year"
                    ExpiresByType image/icon "access 1 year"
                    ExpiresByType image/jpg "access 1 month"
                    ExpiresByType image/jpeg "access 1 month"
                    ExpiresByType image/png "access 1 month"
                    ExpiresByType image/svg+xml "access 1 month"
                    ExpiresByType image/vnd.microsoft.icon "access 1 year"
                    ExpiresByType image/webp "access 1 month"
                    ExpiresByType image/x-icon "access 1 year"
                    ExpiresByType text/ico "access 1 year"
                    ExpiresByType video/mp4 "access plus 1 month"
                    ExpiresByType video/ogg "access plus 1 month"
                    ExpiresByType video/webm "access plus 1 month"

                    # Flash
                    ExpiresByType application/x-shockwave-flash "access plus 2 months"
                    ExpiresByType image/swf "access plus 2592000 seconds"

                    # Files
                    ExpiresByType application/pdf "access 1 week"
                    ExpiresByType application/x-gzip "access 1 month"
                    ExpiresByType text/x-component "access 1 month"

                    # Data
                    ExpiresByType application/atom+xml "access plus 1 hour"
                    ExpiresByType application/rdf+xml "access plus 1 hour"
                    ExpiresByType application/rss+xml "access plus 1 hour"
                    ExpiresByType text/html "access plus 0 seconds"
                    ExpiresByType application/json "access plus 0 seconds"
                    ExpiresByType application/ld+json "access plus 0 seconds"
                    ExpiresByType application/schema+json "access plus 0 seconds"
                    ExpiresByType application/vnd.geo+json "access plus 0 seconds"
                    ExpiresByType application/xml "access plus 0 seconds"
                    ExpiresByType text/xml "access plus 0 seconds"
                    </IfModule>

                    ---------------------------------------------

                    Là celui que j utilise qui est beugué un peu, enfin je crois

                    ##
                    # @package Joomla
                    # Copyright Copyright (C) 2005 - 2018 Open Source Matters. All rights reserved.
                    # @license GNU General Public License version 2 or later; see LICENSE.txt
                    ##

                    ##
                    # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
                    #
                    # The line 'Options +FollowSymLinks' may cause problems with some server configurations.
                    # It is required for the use of mod_rewrite, but it may have already been set by your
                    # server administrator in a way that disallows changing it in this .htaccess file.
                    # If using it causes your site to produce an error, comment it out (add # to the
                    # beginning of the line), reload your site in your browser and test your sef urls. If
                    # they work, then it has been set by your server administrator and you do not need to
                    # set it here.
                    ##

                    ## No directory listings
                    <IfModule autoindex>
                    IndexIgnore *
                    </IfModule>

                    ## Can be commented out if causes errors, see notes above.
                    Options +FollowSymlinks
                    Options -Indexes

                    ## Mod_rewrite in use.

                    RewriteEngine On

                    ## Begin - Rewrite rules to block out some common exploits.
                    # If you experience problems on your site then comment out the operations listed
                    # below by adding a # to the beginning of the line.
                    # This attempts to block the most common type of exploit `attempts` on Joomla!
                    #
                    # Block any script trying to base64_encode data within the URL.
                    # Block any script that includes a <script> tag in URL.
                    # Block any script trying to set a PHP GLOBALS variable via URL.
                    # Block any script trying to modify a _REQUEST variable via URL.
                    # Return 403 Forbidden header and show the content of the root home page
                    RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
                    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
                    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
                    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
                    RewriteRule .* index.php [F]
                    #
                    ## End - Rewrite rules to block out some common exploits.

                    ## Begin - Custom redirects
                    #
                    # If you need to redirect some pages, or set a canonical non-www to
                    # www redirect (or vice versa), place that code here. Ensure those
                    # redirects use the correct RewriteRule syntax and the [R=301,L] flags.
                    #
                    ## End - Custom redirects

                    ##
                    # Uncomment the following line if your webserver's URL
                    # is not directly related to physical file paths.
                    # Update Your Joomla! Directory (just / for root).
                    ##

                    # RewriteBase /

                    ## Begin - Joomla! core SEF Section.
                    #
                    #
                    # If the requested path and file is not /index.php and the request
                    # has not already been internally rewritten to the index.php script
                    # and the requested path and file doesn't directly match a physical file
                    # and the requested path and file doesn't directly match a physical folder
                    # internally rewrite the request to the index.php script
                    RewriteCond %{REQUEST_URI} !^/index\.php
                    RewriteCond %{REQUEST_FILENAME} !-f
                    RewriteCond %{REQUEST_FILENAME} !-d
                    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
                    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
                    RewriteRule .* index.php [L]
                    #
                    ## End - Joomla! core SEF Section.
                    AddHandler application/x-httpd-php73 .php .php5 .php4 .php3

                    ## BEGIN EXPIRES CACHING - JCH OPTIMIZE ##
                    <IfModule mod_expires.c>
                    ExpiresActive on

                    # Perhaps better to whitelist expires rules? Perhaps.
                    ExpiresDefault "access plus 1 year"

                    # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
                    ExpiresByType text/cache-manifest "access plus 0 seconds"

                    # Your document html
                    ExpiresByType text/html "access plus 0 seconds"

                    # Data
                    ExpiresByType text/xml "access plus 0 seconds"
                    ExpiresByType application/xml "access plus 0 seconds"
                    ExpiresByType application/json "access plus 0 seconds"

                    # Feed
                    ExpiresByType application/rss+xml "access plus 1 hour"
                    ExpiresByType application/atom+xml "access plus 1 hour"

                    # Favicon (cannot be renamed)
                    ExpiresByType image/x-icon "access plus 1 week"

                    # Media: images, video, audio
                    ExpiresByType image/gif "access plus 1 year"
                    ExpiresByType image/png "access plus 1 year"
                    ExpiresByType image/jpg "access plus 1 year"
                    ExpiresByType image/jpeg "access plus 1 year"
                    ExpiresByType video/ogg "access plus 1 year"
                    ExpiresByType audio/ogg "access plus 1 year"
                    ExpiresByType video/mp4 "access plus 1 year"
                    ExpiresByType video/webm "access plus 1 year"
                    ExpiresByType video/webp "access plus 1 year"

                    # HTC files (css3pie)
                    ExpiresByType text/x-component "access plus 1 year"

                    # Webfonts
                    ExpiresByType application/font-ttf "access plus 1 year"
                    ExpiresByType font/opentype "access plus 1 year"
                    ExpiresByType application/font-woff "access plus 1 year"
                    ExpiresByType application/font-woff2 "access plus 1 year"
                    ExpiresByType image/svg+xml "access plus 1 year"
                    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"

                    # CSS and JavaScript
                    ExpiresByType text/css "access plus 1 year"
                    ExpiresByType application/javascript "access plus 1 year"

                    <IfModule mod_deflate.c>
                    AddOutputFilterByType DEFLATE text/html
                    AddOutputFilterByType DEFLATE text/css
                    AddOutputFilterByType DEFLATE text/javascript
                    AddOutputFilterByType DEFLATE text/xml
                    AddOutputFilterByType DEFLATE text/plain
                    AddOutputFilterByType DEFLATE image/x-icon
                    AddOutputFilterByType DEFLATE image/svg+xml
                    AddOutputFilterByType DEFLATE application/rss+xml
                    AddOutputFilterByType DEFLATE application/javascript
                    AddOutputFilterByType DEFLATE application/x-javascript
                    AddOutputFilterByType DEFLATE application/xml
                    AddOutputFilterByType DEFLATE application/xhtml+xml
                    AddOutputFilterByType DEFLATE application/font
                    AddOutputFilterByType DEFLATE application/font-truetype
                    AddOutputFilterByType DEFLATE application/font-ttf
                    AddOutputFilterByType DEFLATE application/font-otf
                    AddOutputFilterByType DEFLATE application/font-opentype
                    AddOutputFilterByType DEFLATE application/font-woff
                    AddOutputFilterByType DEFLATE application/font-woff2
                    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
                    AddOutputFilterByType DEFLATE font/ttf
                    AddOutputFilterByType DEFLATE font/otf
                    AddOutputFilterByType DEFLATE font/opentype
                    AddOutputFilterByType DEFLATE font/woff
                    AddOutputFilterByType DEFLATE font/woff2
                    # For Olders Browsers Which Can't Handle Compression
                    BrowserMatch ^Mozilla/4 gzip-only-text/html
                    BrowserMatch ^Mozilla/4\.0[678] no-gzip
                    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                    </IfModule>
                    ## END EXPIRES CACHING - JCH OPTIMIZE ##
                    RewriteCond %{HTTP_HOST} ^biw\.agency$
                    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
                    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
                    RewriteRule ^(.*)$ "https\:\/\/www\.biw\.agency\/$1" [R=301,L]

                    Commentaire


                    • #11
                      Bonjour.

                      Et si tu suivais la signature de cavo789 ? aeSecure protège tous les fichiers sensibles de ton site.
                      Cordialement.
                      __
                      Eddy !!!
                      Tutoriels BreezingForms en Français : https://www.breezingforms.eddy-vh.com/

                      Commentaire


                      • #12
                        Oki je vais tester ça j'avais tenté de suivre ces explication sur l'htacess mais vraiment difficile pour moi, je comprends pas trop

                        Commentaire


                        • #13
                          voilà j'ai monté la sécurité de F à B-
                          merci pour votre aide

                          The Mozilla Observatory is a project designed to help developers, system administrators, and security professionals configure their sites safely and securely.


                          Je comprends pas pour la redirection https : pouvez-vous m'aider?

                          voic mon htacces

                          ##
                          # @package Joomla
                          # Copyright Copyright (C) 2005 - 2018 Open Source Matters. All rights reserved.
                          # @license GNU General Public License version 2 or later; see LICENSE.txt
                          ##

                          ##
                          # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
                          #
                          # The line 'Options +FollowSymLinks' may cause problems with some server configurations.
                          # It is required for the use of mod_rewrite, but it may have already been set by your
                          # server administrator in a way that disallows changing it in this .htaccess file.
                          # If using it causes your site to produce an error, comment it out (add # to the
                          # beginning of the line), reload your site in your browser and test your sef urls. If
                          # they work, then it has been set by your server administrator and you do not need to
                          # set it here.
                          ##

                          ## No directory listings
                          <IfModule autoindex>
                          IndexIgnore *
                          </IfModule>

                          ## Can be commented out if causes errors, see notes above.
                          Options +FollowSymlinks
                          Options -Indexes

                          ## Mod_rewrite in use.

                          RewriteEngine On
                          # This will enable the Rewrite capabilities

                          ## Begin - Rewrite rules to block out some common exploits.
                          # If you experience problems on your site then comment out the operations listed
                          # below by adding a # to the beginning of the line.
                          # This attempts to block the most common type of exploit `attempts` on Joomla!
                          #
                          # Block any script trying to base64_encode data within the URL.
                          # Block any script that includes a <script> tag in URL.
                          # Block any script trying to set a PHP GLOBALS variable via URL.
                          # Block any script trying to modify a _REQUEST variable via URL.
                          # Return 403 Forbidden header and show the content of the root home page
                          RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
                          RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
                          RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
                          RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
                          RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
                          RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
                          RewriteRule .* index.php [F]
                          #
                          ## End - Rewrite rules to block out some common exploits.

                          ## Begin - Custom redirects
                          #
                          # If you need to redirect some pages, or set a canonical non-www to
                          # www redirect (or vice versa), place that code here. Ensure those
                          # redirects use the correct RewriteRule syntax and the [R=301,L] flags.
                          #
                          ## End - Custom redirects

                          ##
                          # Uncomment the following line if your webserver's URL
                          # is not directly related to physical file paths.
                          # Update Your Joomla! Directory (just / for root).
                          ##

                          # RewriteBase /

                          ## Begin - Joomla! core SEF Section.
                          #
                          #
                          # If the requested path and file is not /index.php and the request
                          # has not already been internally rewritten to the index.php script
                          # and the requested path and file doesn't directly match a physical file
                          # and the requested path and file doesn't directly match a physical folder
                          # internally rewrite the request to the index.php script
                          RewriteCond %{REQUEST_URI} !^/index\.php
                          RewriteCond %{REQUEST_FILENAME} !-f
                          RewriteCond %{REQUEST_FILENAME} !-d
                          RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
                          RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
                          RewriteRule .* index.php [L]
                          #
                          ## End - Joomla! core SEF Section.
                          AddHandler application/x-httpd-php73 .php .php5 .php4 .php3
                          RewriteCond %{HTTP_HOST} ^biw\.agency$
                          RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
                          RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
                          RewriteRule ^/?$ "https\:\/\/www\.biw\.agency\/" [R=301,L]


                          ## BEGIN EXPIRES CACHING - JCH OPTIMIZE ##
                          <IfModule mod_expires.c>
                          ExpiresActive on

                          # Perhaps better to whitelist expires rules? Perhaps.
                          ExpiresDefault "access plus 1 year"

                          # cache.appcache needs re-requests in FF 3.6 (thanks Remy ~Introducing HTML5)
                          ExpiresByType text/cache-manifest "access plus 0 seconds"

                          # Your document html
                          ExpiresByType text/html "access plus 0 seconds"

                          # Data
                          ExpiresByType text/xml "access plus 0 seconds"
                          ExpiresByType application/xml "access plus 0 seconds"
                          ExpiresByType application/json "access plus 0 seconds"

                          # Feed
                          ExpiresByType application/rss+xml "access plus 1 hour"
                          ExpiresByType application/atom+xml "access plus 1 hour"

                          # Favicon (cannot be renamed)
                          ExpiresByType image/x-icon "access plus 1 week"

                          # Media: images, video, audio
                          ExpiresByType image/gif "access plus 1 year"
                          ExpiresByType image/png "access plus 1 year"
                          ExpiresByType image/jpg "access plus 1 year"
                          ExpiresByType image/jpeg "access plus 1 year"
                          ExpiresByType video/ogg "access plus 1 year"
                          ExpiresByType audio/ogg "access plus 1 year"
                          ExpiresByType video/mp4 "access plus 1 year"
                          ExpiresByType video/webm "access plus 1 year"
                          ExpiresByType video/webp "access plus 1 year"

                          # HTC files (css3pie)
                          ExpiresByType text/x-component "access plus 1 year"

                          # Webfonts
                          ExpiresByType application/font-ttf "access plus 1 year"
                          ExpiresByType font/opentype "access plus 1 year"
                          ExpiresByType application/font-woff "access plus 1 year"
                          ExpiresByType application/font-woff2 "access plus 1 year"
                          ExpiresByType image/svg+xml "access plus 1 year"
                          ExpiresByType application/vnd.ms-fontobject "access plus 1 year"

                          # CSS and JavaScript
                          ExpiresByType text/css "access plus 1 year"
                          ExpiresByType application/javascript "access plus 1 year"

                          <IfModule mod_headers.c>
                          Header append Cache-Control "public"
                          <FilesMatch ".(js|css|xml|gz|html)$">
                          Header append Vary: Accept-Encoding
                          </FilesMatch>
                          </IfModule>

                          </IfModule>

                          <IfModule mod_deflate.c>
                          AddOutputFilterByType DEFLATE text/html
                          AddOutputFilterByType DEFLATE text/css
                          AddOutputFilterByType DEFLATE text/javascript
                          AddOutputFilterByType DEFLATE text/xml
                          AddOutputFilterByType DEFLATE text/plain
                          AddOutputFilterByType DEFLATE image/x-icon
                          AddOutputFilterByType DEFLATE image/svg+xml
                          AddOutputFilterByType DEFLATE application/rss+xml
                          AddOutputFilterByType DEFLATE application/javascript
                          AddOutputFilterByType DEFLATE application/x-javascript
                          AddOutputFilterByType DEFLATE application/xml
                          AddOutputFilterByType DEFLATE application/xhtml+xml
                          AddOutputFilterByType DEFLATE application/font
                          AddOutputFilterByType DEFLATE application/font-truetype
                          AddOutputFilterByType DEFLATE application/font-ttf
                          AddOutputFilterByType DEFLATE application/font-otf
                          AddOutputFilterByType DEFLATE application/font-opentype
                          AddOutputFilterByType DEFLATE application/font-woff
                          AddOutputFilterByType DEFLATE application/font-woff2
                          AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
                          AddOutputFilterByType DEFLATE font/ttf
                          AddOutputFilterByType DEFLATE font/otf
                          AddOutputFilterByType DEFLATE font/opentype
                          AddOutputFilterByType DEFLATE font/woff
                          AddOutputFilterByType DEFLATE font/woff2
                          # For Olders Browsers Which Can't Handle Compression
                          BrowserMatch ^Mozilla/4 gzip-only-text/html
                          BrowserMatch ^Mozilla/4\.0[678] no-gzip
                          BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
                          </IfModule>
                          ## END EXPIRES CACHING - JCH OPTIMIZE ##


                          Commentaire


                          • #14
                            J'adore la page d'accueil le design est très beau, bien construit et très jolie
                            BIW Agency aime ceci.

                            Commentaire


                            • #15
                              Merci on va mettre en place un peu d’animation en svg d'ici peu, ça sera encore mieux

                              Sinon la sécurité encore 2 trucs à réglé mais j'y arrive pas...

                              Politique de contenu que j'aimerai surtout bien régler

                              Commentaire

                              Annonce

                              Réduire
                              Aucune annonce pour le moment.

                              Partenaire de l'association

                              Réduire

                              Hébergeur Web PlanetHoster
                              Travaille ...
                              X