HTACCESS Securing

1. Generating a country based blocked lists to put in your htaccess file.

2. blocking bad crawlers

# 5G:[USER AGENTS]

	SetEnvIfNoCase User-Agent (curl|binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|outbrain|java|skygrid|sucker|turnit|vikspider|zmeu) keep_out
	
		Order Allow,Deny
		Allow from all
		Deny from env=keep_out
	

3. using new headers ::: https://wiki.mozilla.org/Security/CSP/Specification


#https://wiki.mozilla.org/Security/CSP/Specification

  Header set Vary "Accept-Encoding"

  #prevent browser sniff mimetype from file content before downloading the file, using this- the declared mimetype will be used.
  Header set X-Content-Type-Options "nosniff"

  #activates Internet-Explorer's anti-XSS tools
  Header set X-Xss-Protection "1; mode=block"

  # CSRF protection - only friendly frames allows
  Header set X-Frame-Options "SAMEORIGIN"

Leave a Reply