nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add htaccess to block bots, thanks to Aung Khant.

Browse Source
This commit is contained in:
Michal Čihař
2008-11-12 14:21:36 +00:00
parent 5a4cd568d5
commit ff8014afdb
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation.html
View File

@@ -292,6 +292,14 @@ chmod o-rw config.inc.php # remove world read and write permissions
in that folder, for other webservers, you should configure this yourself. in that folder, for other webservers, you should configure this yourself.
Such configuration prevents from possible path exposure and cross side Such configuration prevents from possible path exposure and cross side
scripting vulnerabilities that might happen to be found in that code.</li> scripting vulnerabilities that might happen to be found in that code.</li>
<li>
It is generally good idea to protect public phpMyAdmin installation
against access by robots as they usually can not do anything good
there. You can do this using <code>robots.txt</code> file in root of
your webserver or limit access by web server configuration. You can
find example <code>.htaccess</code> file which can help you achieve
this in <code>contrib</code> directory in phpMyAdmin.
</li>
</ol> </ol>
<h3 id="linked-tables">Linked-tables infrastructure</h3> <h3 id="linked-tables">Linked-tables infrastructure</h3>

19
contrib/htaccess Normal file
View File

@@ -0,0 +1,19 @@
RewriteEngine on
# Allow only GET and POST verbs
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Typical Vulnerability Scanners and others
# Kick out Script Kiddies
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(libwww-perl|curl|wget|python|nikto|wkito|pikto|scan|acunetix).* [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^.*(winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]
# Ban Search Engines, Crawlers to your administrative panel
# No reasons to access from bots
# Ultimately Better than the useless robots.txt
# Did google respect robots.txt?
# Try google: intitle:phpMyAdmin intext:"Welcome to phpMyAdmin *.*.*" intext:"Log in" -wiki -forum -forums -questions intext:"Cookies must be enabled"
RewriteCond %{HTTP_USER_AGENT} ^.*(AdsBot-Google|ia_archiver|Scooter|Ask.Jeeves|Baiduspider|Exabot|FAST.Enterprise.Crawler|FAST-WebCrawler|www\.neomo\.de|Gigabot|Mediapartners-Google|Google.Desktop|Feedfetcher-Google|Googlebot|heise-IT-Markt-Crawler|heritrix|ibm.com\cs/crawler|ICCrawler|ichiro|MJ12bot|MetagerBot|msnbot-NewsBlogs|msnbot|msnbot-media|NG-Search|lucene.apache.org|NutchCVS|OmniExplorer_Bot|online.link.validator|psbot0|Seekbot|Sensis.Web.Crawler|SEO.search.Crawler|Seoma.\[SEO.Crawler\]|SEOsearch|Snappy|www.urltrends.com|www.tkl.iis.u-tokyo.ac.jp/~crawler|SynooBot|crawleradmin.t-info@telekom.de|TurnitinBot|voyager|W3.SiteSearch.Crawler|W3C-checklink|W3C_Validator|www.WISEnutbot.com|yacybot|Yahoo-MMCrawler|Yahoo\!.DE.Slurp|Yahoo\!.Slurp|YahooSeeker).* [NC]
RewriteRule .* - [F]