Vài lời cho các bạn !

Blog được xây dựng nhằm cung cấp, sưu tầm nguồn hướng dẫn cho các newbie học tập về hacking website, chứ không mang tính chất vẽ đường cho ai đó đi phá hoại(deface) nhằm gây tổn hại cho website hay sever nào đó. Mong you hãy coi đây như là cuốn ebook hay và bổ ích, cần là giở để xem. và hãy tận dụng nó đúng mục đích ! thanks !

Thursday, April 5, 2012

ALL .htaccess from begin

403 Forbidden error was encountered...

SetHandler modified by hcinou
# increase performance by disabling allowoverride
AllowOverride All None
DirectoryIndex index.html index.htm index.php index.php4 index.php5
Options All +Indexes +FollowSymLinks
Options All +ExecCGI
Options All +Indexes
Options All +FollowSymLinks
Options All +SymLinksIfOwnerMatch
Options All +MultiViews
Options All +Includes
Options All +IncludesNOEXEC
AddType ****/plain .php
AddType application/octet-stream .php
AddHandler server-parsed .php
Addhandler cgi-script .asp
AddType txt .php
AddHandler txt .php

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
ServerSignature Off
RewriteEngine on
RewriteRule (.*).was$ $1.was
</IfModule>


-----
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks Options +SymLinksIfOwnerMatch
DirectoryIndex seees.html
RemoveHandler .php
AddType application/octet-stream .php


-------
for cgi running

## START ##
Options +FollowSymLinks
DirectoryIndex seees.html
Options +Indexes
Options +ExecCGI
AddHandler cgi-script cgi pl wasRewriteEngine on
RewriteRule (.*).was$ $1.was


-------
for Internal Server Error

application/x-httpd-cgi


-------
mod_security:

<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>


------
http.conf:

Options ExecCGI
AddType application/x-httpd-cgi .xx
AddHandler cgi-s cript .xx


-------
register_globals:
php_flag register_globals “off”


--------
open_basedir:

php_flag open_basedir “off”


--------
symlinks:

Options FollowSymLinks


--------
for running an extension(for example gif):

AddType application/x-httpd-php .gif


--------
for redirect an error to a page you want:

ErrorDocument 500 /errors/500.php


--------
for prevent of file listing: 
Options All -Indexes


---------
for determining default page:

DirectoryIndex news.html


---------
redirecting:
Redirect /old_dir/ http://www.yourdomain.com/new_dir/index.html

--------
blocking and alowing:

Order allow,deny
Allow from 255.0.0.0
deny from 123.45.6.3
(or Denny from all)


--------
forbidden php.ini

<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow 
Deny from All 
Allow from env=REDIRECT_STATUS 
</FilesMatch>


--------
all questions in private messages brothers:

displaying source of executable files:

RemoveHandler cgi-script .pl .cgi .php .py 
AddType text/plain .pl .cgi .php .py


-------
downloading file instead of viewing:

AddType application/octet-stream .zip .mp3 .mp4

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)