PHP防火墙(作者:悠悠楠杉)
验证测试,链接后面加上?verify_cs=1后可以自行测试
文章来源:https://blog.csdn.net/u012241616/article/details/147191684
//复制保存zzwaf.php
$webscan = true;// 防火墙开关
$cache_type = 'file';// 缓存方式,redis或file,推荐使用redis并发效果更好
$redis_config = [
'host' => '127.0.0.1',// Redis地址
'port' => 6379,// Redis端口
'password' => '',// Redis密码
'prepix' => 'zzwaf_',// Redis键的前缀
'select' => 0,// Redis选择数据库
];// redis配置信息
$white_ip = [];// IP白名单
$white_directory = '';// 后台白名单,例如:admin,多个用|
$white_url = '';// URL白名单,例如:set.php,多个用|
$visits = 10;// 同一IP并发数,为0不限制
$max_visits = 500;// 同一网站每分钟最大访问数,为0不限制,超过设定数就会进行用户验证
$shield_time = 300;// 屏蔽时间,单位:秒,为0不限制
$shield_ua = [];// 过滤UA关键词
$webscan_post = true;// POST提交过滤
$webscan_get = true;// GET提交过滤
$webscan_cookie = true;// COOKIE提交过滤
$webscan_referrer = true;// REFERRER提交过滤
$rules = [
'\.\./', //禁用包含 ../ 的参数
'\<\?', //禁止php脚本出现
'\s*or\s+.*=.*', //匹配' or 1=1 ,防止sql注入
'select([\s\S]*?)(from|limit)', //防止sql注入
'(?:(union([\s\S]*?)select))', //防止sql注入
'having|updatexml|extractvalue', //防止sql注入
'sleep\((\s*)(\d*)(\s*)\)', //防止sql盲注
'benchmark\((.*)\,(.*)\)', //防止sql盲注
'base64_decode\(', //防止sql变种注入
'(?:from\W+information_schema\W)', //防止sql注入
'(?:(?:current_)user|database|schema|connection_id)\s*\(', //防止sql注入
'(?:etc\/\W*passwd)', //防止窥探linux用户信息
'into(\s+)+(?:dump|out)file\s*', //禁用mysql导出函数
'group\s+by.+\(', //防止sql注入
'(?:define|eval|file_get_contents|include|require|require_once|shell_exec|phpinfo|system|passthru|preg_\w+|execute|echo|print|print_r|var_dump|(fp)open|alert|showmodaldialog)\(', //禁用webshell相关某些函数
'(gopher|doc|php|glob|file|phar|zlib|ftp|ldap|dict|ogg|data)\:\/', //防止一些协议攻击
'\$_(GET|post|cookie|files|session|env|phplib|GLOBALS|SERVER)\[', //禁用一些内置变量,建议自行修改
'\<(iframe|script|body|img|layer|div|meta|style|base|object|input)', //防止xss标签植入
'(onmouseover|onerror|onload|onclick)\=', //防止xss事件植入
'\|\|.*(?:ls|pwd|whoami|ll|ifconfog|ipconfig|&&|chmod|cd|mkdir|rmdir|cp|mv)', //防止执行shell
'\s*and\s+.*=.*' //匹配 and 1=1
];// 提交过滤拦截规则
$error = false;
$verify = false;
$time_second = date('Y-m-d H:i:s');
$time_minute = date('Y-m-d H:i:00');
$realip = get_real_ip(true);
// echo $realip;
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$host = $_SERVER['HTTP_HOST'];
$requestUri = $_SERVER['REQUEST_URI'];
$currentUrl = $protocol . $host . $requestUri;
header('Access-Control-Allow-Origin: *');
if($cache_type == 'redis'){
try {
$cache = new Redis();
$cache->connect($redis_config['host'], $redis_config['port']);// Redis地址,Redis端口
$cache->auth($redis_config['password']);//Redis密码,设置、修改密码后需要重载配置
$cache->setOption(Redis::OPT_PREFIX, $redis_config['prepix']);// 设置键的前缀
$cache->select($redis_config['select']);
} catch (\Exception $e) {
echo('zzwaf:'.$e->getMessage());
}
}else{
include('Cache.class.php');
$cache = new Cache($_SERVER['DOCUMENT_ROOT'].'/cache');
}
// 验证安全码
if(!empty($_GET['act']) && $_GET['act'] === 'checkSlide'){
$arr = ['code' => 0,'msg' => '失败'];
if(empty($_POST['hashsalt'])){
$arr['msg'] = '安全码不能为空';
}else if(!$cache->get($_POST['hashsalt'])){
$arr['msg'] = '安全码错误,验证失败';
}else{
$cache->set($_POST['hashsalt'],'ok',3600);
setcookie('hashsalt',$_POST['hashsalt'],time()+3600,'/');
$arr['code'] = 1;
$arr['msg'] = '验证正确';
}
exit(json_encode($arr));
}
if($webscan && !in_array($realip,$white_ip) && ($white_directory && !preg_match('/\/('.str_replace('/','\/',$white_directory).')\//i',$requestUri) || !$white_directory) && ($white_url && !preg_match('/('.str_replace('/','\/',$white_url).')/i',$currentUrl) || !$white_url)){
// 限制IP并发
if($visits){
$arr = $cache->get($realip);
if($cache_type == 'redis'){
$arr = json_decode($arr,true);
}
if(!empty($arr['shield_time'])){
if(time() >= $arr['shield_time']){
$cache->delete($realip);
}else{
$error = true;
}
}else{
if(empty($arr[$time_second])){
$arr[$time_second] = 0;
}
$arr[$time_second] = $arr[$time_second]+1;
if($arr[$time_second] >= $visits){
$error = true;
$arr = ['shield_time' => time()+$shield_time];
}
foreach ($arr as $k => $v){
if($k !== 'shield_time' && time()-3600 >= strtotime($k)){// 只保留一个小时的数据
unset($arr[$k]);
}
}
if($cache_type == 'redis'){
$arr = json_encode($arr);
}
$cache->set($realip,$arr,$shield_time);
}
}
// 限制同一网站访问
if($max_visits && !$error){
$arr = $cache->get($_SERVER['HTTP_HOST']);
if($cache_type == 'redis'){
$arr = json_decode($arr,true);
}
if(!empty($arr['shield_time'])){
if(time() >= $arr['shield_time']){
$cache->delete($_SERVER['HTTP_HOST']);
}else{
$verify = true;
}
}else{
if(empty($arr[$time_minute])){
$arr[$time_minute] = 0;
}
$arr[$time_minute] = $arr[$time_minute]+1;
if($arr[$time_minute] >= $max_visits){
$verify = true;
$arr = ['shield_time' => time()+$shield_time];
}
foreach ($arr as $k => $v){
if($k !== 'shield_time' && time()-3600 >= strtotime($k)){// 只保留一个小时的数据
unset($arr[$k]);
}
}
if($cache_type == 'redis'){
$arr = json_encode($arr);
}
$cache->set($_SERVER['HTTP_HOST'],$arr,$shield_time);
}
}
// 过滤UA
if($shield_ua && !$error && !$verify){
foreach ($shield_ua as $v){
if(stripos($_SERVER['HTTP_USER_AGENT'],$v) !== false){
$error = true;break;
}
}
}
// 提交过滤
foreach ($rules as $v){
if($webscan_post && !$error && !$verify){
$post = !empty($_POST) ? implode('&',$_POST) : file_get_contents("php://input");
if($post && preg_match('^'.$v.'^i',$post)){
$error = true;break;
}
}
if($webscan_get && !$error && !$verify){
$get = !empty($_GET) ? implode('&',$_GET) : file_get_contents("php://input");
if($get && preg_match('^'.$v.'^i',$get)){
$error = true;break;
}
}
if($webscan_cookie && !$error && !$verify){
$cookie = !empty($_COOKIE) ? implode('&',$_COOKIE) : '';
if($cookie && preg_match('^'.$v.'^i',$cookie)){
$error = true;break;
}
}
if($webscan_referrer && !$error && !$verify){
$referrer = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
if($referrer && preg_match('^'.$v.'^i',$referrer)){
$error = true;break;
}
}
}
// file缓存文件每天清理一次
if($cache_type != 'redis' && $cache->get('ip_data_add_time') !== date('Y-m-d')){
$cache->clear();
$cache->set('ip_data_add_time',date('Y-m-d'));
}
}
if(!empty($_GET['verify_cs'])){// 用户验证测试
$verify = true;
}
// 访问量过大用户验证
if($verify){
http_response_code(444);
include 'hieroglyphy.class.php';
$addsalt = md5(uniqid().time());
$cache->set($addsalt,time(),60);
$x = new hieroglyphy();
$addsalt_js = $x->hieroglyphyString($addsalt);
$ip_ceiling = false;
$cookie_hashsalt = !empty($_COOKIE['hashsalt']) ? $_COOKIE['hashsalt'] : '';
// echo $cookie_hashsalt;exit;
if($cache->get($cookie_hashsalt) === 'ok'){
$ceiling = $cache->get($cookie_hashsalt.'_ceiling');
// echo $ceiling;exit;
if(substr_count($ceiling,',') <= $visits){
if(strpos($ceiling,$realip) === false){
$ceiling .= $realip.',';
$cache->set($cookie_hashsalt.'_ceiling',$ceiling,60);
}
}else{
$ip_ceiling = true;
}
}
if($cache->get($cookie_hashsalt) !== 'ok' || $ip_ceiling){
include 'slide.min.html';exit;
}
}
// 屏蔽403页面
if($error){
http_response_code(403);
echo '<html>
<head><title>403 Not Found</title></head>
<body>
<center><h1>403 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>';
exit;
}
function get_real_ip($ipv6 = false)
{
static $realip = NULL;
if ($realip !== NULL) {
return $realip;
}
if (isset($_SERVER)) {
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$arr = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
foreach ($arr as $ip) {
$ip = trim($ip);
if ($ip != 'unknown') {
$realip = $ip;
break;
}
}
} else if (isset($_SERVER['REMOTE_ADDR'])) {
$realip = $_SERVER['REMOTE_ADDR'];
} else if (isset($_SERVER['HTTP_CLIENT_IP'])) {
$realip = $_SERVER['HTTP_CLIENT_IP'];
}
} else {
if (getenv('HTTP_X_FORWARDED_FOR')) {
$arr = explode(',', getenv('HTTP_X_FORWARDED_FOR'));
foreach ($arr as $ip) {
$ip = trim($ip);
if ($ip != 'unknown') {
$realip = $ip;
break;
}
}
} else if (getenv('REMOTE_ADDR')) {
$realip = getenv('REMOTE_ADDR');
} else if (getenv('HTTP_CLIENT_IP')) {
$realip = getenv('HTTP_CLIENT_IP');
}
}
if(!$ipv6){
preg_match("/[\d\.]{7,15}/", $realip, $onlineip);
$realip = !empty($onlineip[0]) ? $onlineip[0] : '0.0.0.0';
}
return $realip;
}
`
其他文件
`<?php
//复制保存hieroglyphy.class.php
class hieroglyphy{
private $characters;
private $numbers;
private $unescape;
private $functionConstructor;
public function __construct(){
$this->precharacters();
}
private function precharacters(){
$this->numbers = array(
"+[]",
"+!![]",
"!+[]+!![]",
"!+[]+!![]+!![]",
"!+[]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]",
"!+[]+!![]+!![]+!![]+!![]+!![]+!![]+!![]+!![]"
);
$this->characters = array(
"0" => "(" . $this->numbers[0] . "+[])",
"1" => "(" . $this->numbers[1] . "+[])",
"2" => "(" . $this->numbers[2] . "+[])",
"3" => "(" . $this->numbers[3] . "+[])",
"4" => "(" . $this->numbers[4] . "+[])",
"5" => "(" . $this->numbers[5] . "+[])",
"6" => "(" . $this->numbers[6] . "+[])",
"7" => "(" . $this->numbers[7] . "+[])",
"8" => "(" . $this->numbers[8] . "+[])",
"9" => "(" . $this->numbers[9] . "+[])"
);
$_object_Object = "[]+{}";
$_NaN = "+{}+[]";
$_true = "!![]+[]";
$_false = "![]+[]";
$_undefined = "[][[]]+[]";
$this->characters[" "] = "(" . $_object_Object . ")[" . $this->numbers[7] . "]";
$this->characters["["] = "(" . $_object_Object . ")[" . $this->numbers[0] . "]";
$this->characters["]"] = "(" . $_object_Object . ")[" . $this->characters[1] . "+" . $this->characters[4] . "]";
$this->characters["a"] = "(" . $_NaN . ")[" . $this->numbers[1] . "]";
$this->characters["b"] = "(" . $_object_Object . ")[" . $this->numbers[2] . "]";
$this->characters["c"] = "(" . $_object_Object . ")[" . $this->numbers[5] . "]";
$this->characters["d"] = "(" . $_undefined . ")[" . $this->numbers[2] . "]";
$this->characters["e"] = "(" . $_undefined . ")[" . $this->numbers[3] . "]";
$this->characters["f"] = "(" . $_false . ")[" . $this->numbers[0] . "]";
$this->characters["i"] = "(" . $_undefined . ")[" . $this->numbers[5] . "]";
$this->characters["j"] = "(" . $_object_Object . ")[" . $this->numbers[3] . "]";
$this->characters["l"] = "(" . $_false . ")[" . $this->numbers[2] . "]";
$this->characters["n"] = "(" . $_undefined . ")[" . $this->numbers[1] . "]";
$this->characters["o"] = "(" . $_object_Object . ")[" . $this->numbers[1] . "]";
$this->characters["r"] = "(" . $_true . ")[" . $this->numbers[1] . "]";
$this->characters["s"] = "(" . $_false . ")[" . $this->numbers[3] . "]";
$this->characters["t"] = "(" . $_true . ")[" . $this->numbers[0] . "]";
$this->characters["u"] = "(" . $_undefined . ")[" . $this->numbers[0] ."]";
$this->characters["N"] = "(" . $_NaN . ")[" . $this->numbers[0] . "]";
$this->characters["O"] = "(" . $_object_Object . ")[" . $this->numbers[8] . "]";
$_Infinity = "+(" . $this->numbers[1] . "+" . $this->characters["e"] . "+" . $this->characters[1] . "+" . $this->characters[0] . "+" . $this->characters[0] . "+" . $this->characters[0] . ")+[]";
$this->characters["y"] = "(" . $_Infinity . ")[" . $this->numbers[7] . "]";
$this->characters["I"] = "(" . $_Infinity . ")[" . $this->numbers[0] . "]";
$_1e100 = "+(" . $this->numbers[1] . "+" . $this->characters["e"] . "+" . $this->characters[1] . "+" . $this->characters[0] . "+" . $this->characters[0] . ")+[]";
$this->characters["+"] = "(" . $_1e100 . ")[" . $this->numbers[2] . "]";
$this->functionConstructor = "[][" . $this->hieroglyphyString("sort") . "][" . $this->hieroglyphyString("constructor") . "]";
//Below $this->characters need target http(s) pages
$locationString = "[]+" . $this->hieroglyphyScript("return location");
$this->characters["h"] = "(" . $locationString . ")" . "[" . $this->numbers[0] . "]";
$this->characters["p"] = "(" . $locationString . ")" . "[" . $this->numbers[3] . "]";
$this->characters["/"] = "(" . $locationString . ")" . "[" . $this->numbers[6] . "]";
$this->unescape = $this->hieroglyphyScript("return unescape");
$escape = $this->hieroglyphyScript("return escape");
$this->characters["%"] = $escape . "(" . $this->hieroglyphyString("[") . ")[" . $this->numbers[0] . "]";
}
private function getHexaString ($number, $digits) {
$string = bin2hex($number);
while (strlen($string) < $digits) {
$string = "0" . $string;
}
return $string;
}
private function getUnescapeSequence ($charCode) {
return $this->unescape . "(" .
$this->hieroglyphyString("%" . $this->getHexaString($charCode, 2)) . ")";
}
private function getHexaSequence ($charCode) {
return $this->hieroglyphyString("\\x" . $this->getHexaString($charCode, 2));
}
private function getUnicodeSequence ($charCode) {
return $this->hieroglyphyString("\\u" . $this->getHexaString($charCode, 4));
}
private function hieroglyphyCharacter ($char) {
$charCode = ord($char);
if (isset($this->characters[$char])) {
return $this->characters[$char];
}
if (($char == "\\") || ($char == "x")) {
//These chars must be handled appart becuase the others need them
$this->characters[$char] = $this->getUnescapeSequence($charCode);
return $this->characters[$char];
}
$shortestSequence = $this->getUnicodeSequence($charCode);
//ASCII $characters can be obtained with hexa and unscape sequences
if ($charCode < 128) {
$unescapeSequence = $this->getUnescapeSequence($charCode);
if (strlen($shortestSequence) > strlen($unescapeSequence)) {
$shortestSequence = $unescapeSequence;
}
$hexaSequence = $this->getHexaSequence($charCode);
if (strlen($shortestSequence) > strlen($hexaSequence)) {
$shortestSequence = $hexaSequence;
}
}
$this->characters[$char] = $shortestSequence;
return $shortestSequence;
}
public function hieroglyphyString ($str) {
$hieroglyphiedStr = "";
for ($i = 0; $i < strlen($str); $i++) {
$hieroglyphiedStr .= ($i > 0) ? "+" : "";
$hieroglyphiedStr .= $this->hieroglyphyCharacter($str[$i]);
}
return $hieroglyphiedStr;
}
public function hieroglyphyNumber ($n) {
$n = +$n;
if ($n <= 9) {
return $this->numbers[$n];
}
return "+(" . $this->hieroglyphyString(ord($n[10])) . ")";
}
public function hieroglyphyScript ($src) {
return $this->functionConstructor . "(" . $this->hieroglyphyString($src) . ")()";
}
}
防火墙缓存
//复制保存Cache.class.php
class Cache
{
/**
* 缓存目录
* @var
*/
private $cache_dir;
/**
* @param $cache_dir
* @throws Exception
*/
public function __construct($cache_dir)
{
$this->cache_dir = $cache_dir;
if (!is_dir($cache_dir)) {
$make_dir_result = mkdir($cache_dir, 0755, true);
if ($make_dir_result === false) throw new Exception('Cannot create the cache directory');
}
}
/**
* 根据key获取值,会判断是否过期
* @param $key
* @return mixed
*/
public function get($key)
{
$cache_data = $this->getItem($key);
if ($cache_data === false || !is_array($cache_data)) return false;
return $cache_data['data'];
}
/**
* 添加或覆盖一个key
* @param $key
* @param $value
* @param $expire
* @return mixed
*/
public function set($key, $value, $expire = 0)
{
return $this->setItem($key, $value, time(), $expire);
}
/**
* 设置包含元数据的信息
* @param $key
* @param $value
* @param $time
* @param $expire
* @return bool
*/
private function setItem($key, $value, $time, $expire)
{
$cache_file = $this->createCacheFile($key);
if ($cache_file === false) return false;
$cache_data = array('data' => $value, 'time' => $time, 'expire' => $expire);
$cache_data = json_encode($cache_data);
$put_result = file_put_contents($cache_file, $cache_data);
if ($put_result === false) return false;
return true;
}
/**
* 创建缓存文件
* @param $key
* @return bool|string
*/
private function createCacheFile($key)
{
$cache_file = $this->path($key);
if (!file_exists($cache_file)) {
$directory = dirname($cache_file);
if (!is_dir($directory)) {
$make_dir_result = mkdir($directory, 0755, true);
if ($make_dir_result === false) return false;
}
$create_result = touch($cache_file);
if ($create_result === false) return false;
}
return $cache_file;
}
/**
* 判断Key是否存在
* @param $key
* @return mixed
*/
public function has($key)
{
$value = $this->get($key);
if ($value === false) return false;
return true;
}
/**
* 加法递增
* @param $key
* @param int $value
* @return mixed
*/
public function increment($key, $value = 1)
{
$item = $this->getItem($key);
if ($item === false) {
$set_result = $this->set($key, $value);
if ($set_result === false) return false;
return $value;
}
$check_expire = $this->checkExpire($item);
if ($check_expire === false) return false;
$item['data'] += $value;
$result = $this->setItem($key, $item['data'], $item['time'], $item['expire']);
if ($result === false) return false;
return $item['data'];
}
/**
* 减法递增
* @param $key
* @param int $value
* @return mixed
*/
public function decrement($key, $value = 1)
{
$item = $this->getItem($key);
if ($item === false) {
$value = 0 - $value;
$set_result = $this->set($key, $value);
if ($set_result === false) return false;
return $value;
}
$check_expire = $this->checkExpire($item);
if ($check_expire === false) return false;
$item['data'] -= $value;
$result = $this->setItem($key, $item['data'], $item['time'], $item['expire']);
if ($result === false) return false;
return $item['data'];
}
/**
* 删除一个key,同时会删除缓存文件
* @param $key
* @return mixed
*/
public function delete($key)
{
$cache_file = $this->path($key);
if (file_exists($cache_file)) {
$unlink_result = unlink($cache_file);
if ($unlink_result === false) return false;
}
return true;
}
/**
* 清除所有缓存
* @return mixed
*/
public function clear()
{
return $this->delTree($this->cache_dir);
}
/**
* 递归删除目录
* @param $dir
* @return bool
*/
function delTree($dir)
{
$files = array_diff(scandir($dir), array('.', '..'));
foreach ($files as $file) {
is_dir("$dir/$file") ? $this->delTree("$dir/$file") : unlink("$dir/$file");
}
return rmdir($dir);
}
/**
* 根据key获取缓存文件路径
*
* @param string $key
* @return string
*/
protected function path($key)
{
$parts = array_slice(str_split($hash = md5($key), 2), 0, 2);
return $this->cache_dir . '/' . implode('/', $parts) . '/' . $hash;
}
/**
* 获取含有元数据的信息
* @param $key
* @return bool|mixed|string
*/
protected function getItem($key)
{
$cache_file = $this->path($key);
if (!file_exists($cache_file) || !is_readable($cache_file)) {
return false;
}
$cache_data = file_get_contents($cache_file);
if (empty($cache_data)) return false;
$cache_data = json_decode($cache_data, true);
if ($cache_data) {
$check_expire = $this->checkExpire($cache_data);
if ($check_expire === false) {
$this->delete($key);
return false;
}
}
return $cache_data;
}
/**
* 检查key是否过期
* @param $cache_data
* @return bool
*/
protected function checkExpire($cache_data)
{
$time = time();
$is_expire = intval($cache_data['expire']) !== 0 && (intval($cache_data['time']) + intval($cache_data['expire']) < $time);
if ($is_expire) return false;
return true;
}
}
html文件:
大楷截图
测试截图:
下面是搜集防火墙
.htaccess防火墙参考代码
# 8G FIREWALL
# https://perishablepress.com/8g-firewall/
# 8G:[CORE]
ServerSignature Off
Options -Indexes
RewriteEngine On
RewriteBase /
# 8G:[QUERY STRING]
<IfModule mod_rewrite.c>
RewriteCond %{QUERY_STRING} ^(%2d|-)[^=]+$ [NC,OR]
RewriteCond %{QUERY_STRING} ([a-z0-9]{4000,}) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)(:|%3a)(/|%2f) [NC,OR]
RewriteCond %{QUERY_STRING} (etc/(hosts|motd|shadow)) [NC,OR]
RewriteCond %{QUERY_STRING} (order(\s|%20)by(\s|%20)1--) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)(\*|%2a)(\*|%2a)(/|%2f) [NC,OR]
RewriteCond %{QUERY_STRING} (`|<|>|\^|\|\\|0x00|%00|%0d%0a) [NC,OR]
RewriteCond %{QUERY_STRING} (f?ckfinder|f?ckeditor|fullclick) [NC,OR]
RewriteCond %{QUERY_STRING} ((.*)header:|(.*)set-cookie:(.*)=) [NC,OR]
RewriteCond %{QUERY_STRING} (localhost|127(\.|%2e)0(\.|%2e)0(\.|%2e)1) [NC,OR]
RewriteCond %{QUERY_STRING} (cmd|command)(=|%3d)(chdir|mkdir)(.*)(x20) [NC,OR]
RewriteCond %{QUERY_STRING} (globals|mosconfig([a-z_]{1,22})|request)(=|\[) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)((wp-)?config)((\.|%2e)inc)?((\.|%2e)php) [NC,OR]
RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
RewriteCond %{QUERY_STRING} (absolute_|base|root_)(dir|path)(=|%3d)(ftp|https?) [NC,OR]
RewriteCond %{QUERY_STRING} (s)?(ftp|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
RewriteCond %{QUERY_STRING} (\.|20)(get|the)(_|%5f)(permalink|posts_page_url)(\(|%28) [NC,OR]
RewriteCond %{QUERY_STRING} ((boot|win)((\.|%2e)ini)|etc(/|%2f)passwd|self(/|%2f)environ) [NC,OR]
RewriteCond %{QUERY_STRING} (((/|%2f){3,3})|((\.|%2e){3,3})|((\.|%2e){2,2})(/|%2f|%u2215)) [NC,OR]
RewriteCond %{QUERY_STRING} (benchmark|char|exec|fopen|function|html)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
RewriteCond %{QUERY_STRING} (php)([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}) [NC,OR]
RewriteCond %{QUERY_STRING} (e|%65|%45)(v|%76|%56)(a|%61|%31)(l|%6c|%4c)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
RewriteCond %{QUERY_STRING} (/|%2f)(=|%3d|$&|_mm|cgi(\.|-)|inurl(:|%3a)(/|%2f)|(mod|path)(=|%3d)(\.|%2e)) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(e|%65|%45)(m|%6d|%4d)(b|%62|%42)(e|%65|%45)(d|%64|%44)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(i|%69|%49)(f|%66|%46)(r|%72|%52)(a|%61|%41)(m|%6d|%4d)(e|%65|%45)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(o|%4f|%6f)(b|%62|%42)(j|%4a|%6a)(e|%65|%45)(c|%63|%43)(t|%74|%54)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3c)(.*)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(.*)(>|%3e) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(d|%64|%44)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(i|%69|%49)(n|%6e|%4e)(s|%73|%53)(e|%65|%45)(r|%72|%52)(t|%74|%54)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(s|%73|%53)(e|%65|%45)(l|%6c|%4c)(e|%65|%45)(c|%63|%43)(t|%74|%54)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\+|%2b|%20)(u|%75|%55)(p|%70|%50)(d|%64|%44)(a|%61|%41)(t|%74|%54)(e|%65|%45)(\+|%2b|%20) [NC,OR]
RewriteCond %{QUERY_STRING} (\\x00|(\"|%22|\'|%27)?0(\"|%22|\'|%27)?(=|%3d)(\"|%22|\'|%27)?0|cast(\(|%28)0x|or%201(=|%3d)1) [NC,OR]
RewriteCond %{QUERY_STRING} (g|%67|%47)(l|%6c|%4c)(o|%6f|%4f)(b|%62|%42)(a|%61|%41)(l|%6c|%4c)(s|%73|%53)(=|\[|%[0-9A-Z]{0,2}) [NC,OR]
RewriteCond %{QUERY_STRING} (_|%5f)(r|%72|%52)(e|%65|%45)(q|%71|%51)(u|%75|%55)(e|%65|%45)(s|%73|%53)(t|%74|%54)(=|\[|%[0-9A-Z]{2,}) [NC,OR]
RewriteCond %{QUERY_STRING} (j|%6a|%4a)(a|%61|%41)(v|%76|%56)(a|%61|%31)(s|%73|%53)(c|%63|%43)(r|%72|%52)(i|%69|%49)(p|%70|%50)(t|%74|%54)(:|%3a)(.*)(;|%3b|\)|%29) [NC,OR]
RewriteCond %{QUERY_STRING} (b|%62|%42)(a|%61|%41)(s|%73|%53)(e|%65|%45)(6|%36)(4|%34)(_|%5f)(e|%65|%45|d|%64|%44)(e|%65|%45|n|%6e|%4e)(c|%63|%43)(o|%6f|%4f)(d|%64|%44)(e|%65|%45)(.*)(\()(.*)(\)) [NC,OR]
RewriteCond %{QUERY_STRING} (@copy|\$_(files|get|post)|allow_url_(fopen|include)|auto_prepend_file|blexbot|browsersploit|call_user_func_array|(php|web)shell|curl(_exec|test)|disable_functions?|document_root) [NC,OR]
RewriteCond %{QUERY_STRING} (elastix|encodeuricom|exploit|fclose|fgets|file_put_contents|fputs|fsbuff|fsockopen|gethostbyname|ghost|grablogin|hmei7|hubs_post-cta|input_file|invokefunction|(\b)load_file|open_basedir|outfile|p3dlite) [NC,OR]
RewriteCond %{QUERY_STRING} (pass(=|%3d)shell|passthru|phpinfo|phpshells|popen|proc_open|quickbrute|remoteview|root_path|safe_mode|shell_exec|site((.){0,2})copier|sp_executesql|sux0r|trojan|udtudt|user_func_array|wget|wp_insert_user|xertive) [NC,OR]
RewriteCond %{QUERY_STRING} (;|<|>|\'|\"|\)|%0a|%0d|%22|%27|%3c|%3e|%00)(.*)(/\*|alter|base64|benchmark|cast|concat|convert|create|encode|declare|delay|delete|drop|hex|insert|load|md5|null|replace|request|script|select|set|sleep|truncate|unhex|update) [NC,OR]
RewriteCond %{QUERY_STRING} ((\+|%2b)(concat|delete|get|select|union)(\+|%2b)) [NC,OR]
RewriteCond %{QUERY_STRING} (union)(.*)(select)(.*)(\(|%28) [NC,OR]
RewriteCond %{QUERY_STRING} (concat|eval)(.*)(\(|%28) [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_QUERY_STRING:%1___%2___%3]
</IfModule>
# 8G:[REQUEST URI]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_URI} (,,,) [NC,OR]
RewriteCond %{REQUEST_URI} (-------) [NC,OR]
RewriteCond %{REQUEST_URI} (\^|`|<|>|\\|\|) [NC,OR]
RewriteCond %{REQUEST_URI} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{REQUEST_URI} (=?\\(\'|%27)/?)(\.) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(\*|\"|\'|\.|,|&|&?)/?$ [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(php)(\()?([0-9]+)(\))?(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} /((.*)header:|(.*)set-cookie:(.*)=) [NC,OR]
RewriteCond %{REQUEST_URI} (\.(s?ftp-?)config|(s?ftp-?)config\.) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(f?ckfinder|fck/|f?ckeditor|fullclick) [NC,OR]
RewriteCond %{REQUEST_URI} (/)((force-)?download|framework/main)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (\{0\}|\"?0\"?=\"?0|\(/\(|\.\.\.|\+\+\+|\\\") [NC,OR]
RewriteCond %{REQUEST_URI} (/)(vbull(etin)?|boards|vbforum|vbweb|webvb)(/)? [NC,OR]
RewriteCond %{REQUEST_URI} (\.|20)(get|the)(_)(permalink|posts_page_url)(\() [NC,OR]
RewriteCond %{REQUEST_URI} (///|\?\?|/&&|/\*(.*)\*/|/:/|\\\\|0x00|%00|%0d%0a) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(cgi_?)?alfa(_?cgiapi|_?data|_?v[0-9]+)?(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (thumbs?(_editor|open)?|tim(thumbs?)?)((\.|%2e)php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)((boot)?_?admin(er|istrator|s)(_events)?)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/%7e)(root|ftp|bin|nobody|named|guest|logs|sshd)(/) [NC,OR]
RewriteCond %{REQUEST_URI} (archive|backup|db|master|sql|wp|www|wwwroot)\.(gz|zip) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(\.?mad|alpha|c99|php|web)?sh(3|e)ll([0-9]+|\w)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(admin-?|file-?)(upload)(bg|_?file|ify|svu|ye)?(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(etc|var)(/)(hidden|secret|shadow|ninja|passwd|tmp)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (s)?(ftp|http|inurl|php)(s)?(:(/|%2f|%u2215)(/|%2f|%u2215)) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(=|\$&?|&?(pws|rk)=0|_mm|_vti_|cgi(\.|-)?|(=|/|;|,)nt\.) [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(ds_store|htaccess|htpasswd|init?|mysql-select-db)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)(bin)(/)(cc|chmod|chsh|cpp|echo|id|kill|mail|nasm|perl|ping|ps|python|tclsh)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)(::[0-9999]|%3a%3a[0-9999]|127\.0\.0\.1|ccx|localhost|makefile|pingserver|wwwroot)(/)? [NC,OR]
RewriteCond %{REQUEST_URI} ^(/)(123|backup|bak|beta|bkp|default|demo|dev(new|old)?|home|new-?site|null|old|old_files|old1)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)?j((\s)+)?a((\s)+)?v((\s)+)?a((\s)+)?s((\s)+)?c((\s)+)?r((\s)+)?i((\s)+)?p((\s)+)?t((\s)+)?(%3a|:) [NC,OR]
RewriteCond %{REQUEST_URI} ^(/)(old-?site(back)?|old(web)?site(here)?|sites?|staging|undefined|wordpress([0-9]+)|wordpress-old)(/)?$ [NC,OR]
RewriteCond %{REQUEST_URI} (/)(filemanager|htdocs|httpdocs|https?|login|mailman|mailto|msoffice|undefined|usage|var|vhosts|webmaster|www)(/) [NC,OR]
RewriteCond %{REQUEST_URI} (\(null\)|\{\$itemURL\}|cast\(0x|echo(.*)kae|etc/passwd|eval\(|null(.*)null|open_basedir|self/environ|\+union\+all\+select) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(db-?|j-?|my(sql)?-?|setup-?|web-?|wp-?)?(admin-?)?(setup-?)?(conf\b|conf(ig)?)(uration)?(\.?bak|\.inc)?(\.inc|\.old|\.php|\.txt) [NC,OR]
RewriteCond %{REQUEST_URI} (/)((.*)crlf-?injection|(.*)xss-?protection|__(inc|jsc)|administrator|author-panel|cgi-bin|database|downloader|(db|mysql)-?admin)(/) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(haders|head|hello|helpear|incahe|includes?|indo(sec)?|infos?|install|ioptimizes?|jmail|js|king|kiss|kodox|kro|legion|libsoft)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(awstats|document_root|dologin\.action|error.log|extension/ext|htaccess\.|lib/php|listinfo|phpunit/php|remoteview|server/php|www\.root\.) [NC,OR]
RewriteCond %{REQUEST_URI} (base64_(en|de)code|benchmark|curl_exec|e?chr|eval|function|fwrite|(f|p)open|html|leak|passthru|p?fsockopen|phpinfo)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
RewriteCond %{REQUEST_URI} (posix_(kill|mkfifo|setpgid|setsid|setuid)|(child|proc)_(close|get_status|nice|open|terminate)|(shell_)?exec|system)(.*)(\(|%28)(.*)(\)|%29) [NC,OR]
RewriteCond %{REQUEST_URI} (/)((c99|php|web)?shell|crossdomain|fileditor|locus7|nstview|php(get|remoteview|writer)|r57|remview|sshphp|storm7|webadmin)(.*)(\.|%2e|\(|%28) [NC,OR]
RewriteCond %{REQUEST_URI} /((wp-)((201\d|202\d|[0-9]{2})|ad|admin(fx|rss|setup)|booking|confirm|crons|data|file|mail|one|plugins?|readindex|reset|setups?|story))(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(^$|-|\!|\w|\.(.*)|100|123|([^iI])?ndex|index\.php/index|3xp|777|7yn|90sec|99|active|aill|ajs\.delivery|al277|alexuse?|ali|allwrite)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(analyser|apache|apikey|apismtp|authenticat(e|ing)|autoload_classmap|backup(_index)?|bakup|bkht|black|bogel|bookmark|bypass|cachee?)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(clean|cm(d|s)|con|connector\.minimal|contexmini|contral|curl(test)?|data(base)?|db|db-cache|db-safe-mode|defau11|defau1t|dompdf|dst)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(elements|emails?|error.log|ecscache|edit-form|eval-stdin|export|evil|fbrrchive|filemga|filenetworks?|f0x|gank(\.php)?|gass|gel|guide)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(logo_img|lufix|mage|marg|mass|mide|moon|mssqli|mybak|myshe|mysql|mytag_js?|nasgor|newfile|news|nf_?tracking|nginx|ngoi|ohayo|old-?index)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(olux|owl|pekok|petx|php-?info|phpping|popup-pomo|priv|r3x|radio|rahma|randominit|readindex|readmy|reads|repair-?bak|robot(s\.txt)?|root)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(router|savepng|semayan|shell|shootme|sky|socket(c|i|iasrgasf)ontrol|sql(bak|_?dump)?|support|sym403|sys|system_log|test|tmp-?(uploads)?)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)(traffic-advice|u2p|udd|ukauka|up__uzegp|up14|upa?|upxx?|vega|vip|vu(ln)?(\w)?|webroot|weki|wikindex|wordpress|wp_logns?|wp_wrong_datlib)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (/)((wp-?)?install(ation)?|wp(3|4|5|6)|wpfootes|wpzip|ws0|wsdl|wso(\w)?|www|(uploads|wp-admin)?xleet(-shell)?|xmlsrpc|xup|xxu|xxx|zibi|zipy)(\.php) [NC,OR]
RewriteCond %{REQUEST_URI} (bkv74|cachedsimilar|core-stab|crgrvnkb|ctivrc|deadcode|deathshop|dkiz|e7xue|eqxafaj90zir|exploits|ffmkpcal|filellli7|(fox|sid)wso|gel4y|goog1es|gvqqpinc) [NC,OR]
RewriteCond %{REQUEST_URI} (@md5|00.temp00|0byte|0d4y|0day|0xor|wso1337|1h6j5|3xp|40dd1d|4price|70bex?|a57bze893|abbrevsprl|abruzi|adminer|aqbmkwwx|archivarix|backdoor|beez5|bgvzc29) [NC,OR]
RewriteCond %{REQUEST_URI} (handler_to_code|hax(0|o)r|hmei7|hnap1|home_url=|ibqyiove|icxbsx|indoxploi|jahat|jijle3|kcrew|keywordspy|laobiao|lock360|longdog|marijuan|mod_(aratic|ariimag)) [NC,OR]
RewriteCond %{REQUEST_URI} (mobiquo|muiebl|nessus|osbxamip|phpunit|priv8|qcmpecgy|r3vn330|racrew|raiz0|reportserver|r00t|respectmus|rom2823|roseleif|sh3ll|site((.){0,2})copier|sqlpatch|sux0r) [NC,OR]
RewriteCond %{REQUEST_URI} (sym403|telerik|uddatasql|utchiha|visualfrontend|w0rm|wangdafa|wpyii2|wsoyanzo|x5cv|xattack|xbaner|xertive|xiaolei|xltavrat|xorz|xsamxad|xsvip|xxxs?s?|zabbix|zebda) [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(7z|ab4|ace|afm|alfa|as(h|m)x?|aspx?|aws|axd|bash|ba?k?|bat|bin|bz2|cfg|cfml?|cgi|cms|conf\b|config|ctl|dat|db|dist|dll|eml|eng(ine)?|env|et2|exe|fec|fla|git(ignore)?)$ [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(hg|idea|inc|index|ini|inv|jar|jspa?|lib|local|log|lqd|make|mbf|mdb|mmw|mny|mod(ule)?|msi|old|one|orig|out|passwd|pdb|php\.(php|suspect(ed)?)|php([^\/])|phtml?|pl|profiles?)$ [NC,OR]
RewriteCond %{REQUEST_URI} (\.)(psd|pst|ptdb|production|pwd|py|qbb|qdf|rar|rdf|remote|save|sdb|sql|sh|soa|svn|swf|swl|swo|swp|stx|tar|tax|tgz?|theme|tls|tmb|tmd|wok|wow|xsd|xtmpl|xz|ya?ml|za|zlib)$ [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_REQUEST_URI:%1___%2___%3]
</IfModule>
# 8G:[USER AGENT]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_USER_AGENT} ([a-z0-9]{2000,}) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|%0a|%0d|%27|%3c|%3e|%00|0x00|\\\x22) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (ahrefs|archiver|curl|libwww-perl|pycurl|scan) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (oppo\sa33|(c99|php|web)shell|site((.){0,2})copier) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (base64_decode|bin/bash|disconnect|eval|unserializ) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (acapbot|acoonbot|alexibot|asterias|attackbot|awario|backdor|becomebot|binlar|blackwidow|blekkobot|blex|blowfish|bullseye|bunnys|butterfly|careerbot|casper) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (checkpriv|cheesebot|cherrypick|chinaclaw|choppy|clshttp|cmsworld|copernic|copyrightcheck|cosmos|crescent|datacha|(\b)demon(\b)|diavol|discobot|dittospyder) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (dotbot|dotnetdotcom|dumbot|econtext|emailcollector|emailsiphon|emailwolf|eolasbot|eventures|extract|eyenetie|feedfinder|flaming|flashget|flicky|foobot|fuck) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (g00g1e|getright|gigabot|go-ahead-got|gozilla|grabnet|grafula|harvest|heritrix|httracks?|icarus6j|jetbot|jetcar|jikespider|kmccrew|leechftp|libweb|liebaofast) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (linkscan|linkwalker|loader|lwp-download|majestic|masscan|miner|mechanize|mj12bot|morfeus|moveoverbot|netmechanic|netspider|nicerspro|nikto|ninja|nominet|nutch) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (octopus|pagegrabber|petalbot|planetwork|postrank|proximic|purebot|queryn|queryseeker|radian6|radiation|realdownload|remoteview|rogerbot|scan|scooter|seekerspid) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (semalt|siclab|sindice|sistrix|sitebot|siteexplorer|sitesnagger|skygrid|smartdownload|snoopy|sosospider|spankbot|spbot|sqlmap|stackrambler|stripper|sucker|surftbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (sux0r|suzukacz|suzuran|takeout|teleport|telesoft|true_robots|turingos|turnit|vampire|vikspider|voideye|webleacher|webreaper|webstripper|webvac|webviewer|webwhacker) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (winhttp|wwwoffle|woxbot|xaldon|xxxyy|yamanalab|yioopbot|youda|zeus|zmeu|zune|zyborg) [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_USER_AGENT:%1]
</IfModule>
# 8G:[REMOTE HOST]
<IfModule mod_rewrite.c>
RewriteCond %{REMOTE_HOST} (163data|amazonaws|colocrossing|crimea|g00g1e|justhost|kanagawa|loopia|masterhost|onlinehome|poneytel|sprintdatacenter|reverse.softlayer|safenet|ttnet|woodpecker|wowrack) [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_REMOTE_HOST:%1]
</IfModule>
# 8G:[HTTP REFERRER]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_REFERER} (order(\s|%20)by(\s|%20)1--) [NC,OR]
RewriteCond %{HTTP_REFERER} (@unlink|assert\(|print_r\(|x00|xbshell) [NC,OR]
RewriteCond %{HTTP_REFERER} (100dollars|best-seo|blue\spill|cocaine|ejaculat|erectile|erections|hoodia|huronriveracres|impotence|levitra|libido|lipitor|mopub\.com|phentermin) [NC,OR]
RewriteCond %{HTTP_REFERER} (pornhelm|pro[sz]ac|sandyauer|semalt\.com|social-buttions|todaperfeita|tramadol|troyhamby|ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo) [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_HTTP_REFERRER:%1]
</IfModule>
# 8G:[HTTP COOKIE]
<IfModule mod_rewrite.c>
RewriteCond %{HTTP_COOKIE} (<|>|\'|%0A|%0D|%27|%3C|%3E|%00) [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_HTTP_COOKIE:%1]
</IfModule>
# 8G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|trace|track) [NC]
RewriteRule .* - [F]
# RewriteRule .* /nG_log.php?log [END,NE,E=nG_REQUEST_METHOD:%1]
</IfModule>
