HTACCESS Securing

Posted at

1. Generating a country based blocked lists to put in your htaccess file.



2. blocking bad crawlers

# 5G:[USER AGENTS]

SetEnvIfNoCase User-Agent (curl|binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|outbrain|java|skygrid|sucker|turnit|vikspider|zmeu) keep_out

Order Allow,Deny
Allow from all
Deny from env=keep_out






3. using new headers ::: https://wiki.mozilla.org/Security/CSP/Specification


#https://wiki.mozilla.org/Security/CSP/Specification

Header set Vary "Accept-Encoding"

#prevent browser sniff mimetype from file content before downloading the file, using this- the declared mimetype will be used.
Header set X-Content-Type-Options "nosniff"

#activates Internet-Explorer's anti-XSS tools
Header set X-Xss-Protection "1; mode=block"

# CSRF protection - only friendly frames allows
Header set X-Frame-Options "SAMEORIGIN"