### @version $Id: htaccess.txt 4756 2006-08-25 16:07:11Z stingrey $# @package Joomla# @copyright Copyright (C) 2005 Open Source Matters. All rights reserved.# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL# Joomla! is Free Software##
###################################################### READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE## The line just below this section: 'Options FollowSymLinks' may cause problems# with some server configurations. It is required for use of mod_rewrite, but may already# be set by your server administrator in a way that dissallows changing it in# your .htaccess file. If using it causes your server to error out, comment it out (add # to # beginning of line), reload your site in your browser and test your sef url's. If they work,# it has been set by your server administrator and you do not need it set here. ## Only use one of the two SEF sections that follow. Lines that can be uncommented# (and thus used) have only one #. Lines with two #'s should not be uncommented# In the section that you don't use, all lines should start with ### For Standard SEF, use the standard SEF section. You can comment out# all of the RewriteCond lines and reduce your server's load if you# don't have directories in your root named 'component' or 'content'## If you are using a 3rd Party SEF or the Core SEF solution# uncomment all of the lines in the '3rd Party or Core SEF' section###################################################### ##### SOLVING PROBLEMS WITH COMPONENT URL's that don't work ###### SPECIAL NOTE FOR SMF USERS WHEN SMF IS INTEGRATED AND BRIDGED# OR ANY SITUATION WHERE A COMPONENT's URL's AREN't WORKING## In both the 'Standard SEF', and '3rd Party or Core SEF' sections the line:# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes### May need to be uncommented. If you are running your Joomla/Mambo from# a subdirectory the name of the subdirectory will need to be inserted into this# line. For example, if your Joomla/Mambo is in a subdirectory called '/test/',# change this:# RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes### to this:# RewriteCond %{REQUEST_URI} ^(/test/component/option,com) [NC,OR] ##optional - see notes########################################################
## Can be commented out if causes errors, see notes above.Options FollowSymLinks ## mod_rewrite in use RewriteEngine On
# Uncomment following line if your webserver's URL# is not directly related to physical file paths.# Update Your Joomla/MamboDirectory (just / for root) RewriteBase /RewriteCond %{REQUEST_URI} !^/tiexamorg/index.php ########## Begin - Joomla! core SEF Section############# Use this section if using ONLY Joomla! core SEF## ALL (RewriteCond) lines in this section are only required if you actually## have directories named 'content' or 'component' on your server## If you do not have directories with these names, comment them out.#RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes##RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]RewriteRule ^(content/|component/) index.php########### End - Joomla! core SEF Section
########## Begin - 3rd Party SEF Section############# Use this section if you are using a 3rd party (Non Joomla! core) SEF extension - e.g. OpenSEF, 404_SEF, 404SEFx, SEF Advance, etc#RewriteCond %{REQUEST_URI} ^(/component/option,com) [NC,OR] ##optional - see notes###RewriteCond %{REQUEST_URI} !^/tiexamorg/index.phpRewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$ [NC]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule (.*) index.php#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]########### End - 3rd Party SEF Section
########## Begin - Rewrite rules to block out some common exploits## If you experience problems on your site block out the operations listed below## This attempts to block the most common type of exploit `attempts` to Joomla! # # Block out any script trying to set a mosConfig value through the URLRewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]# Block out any script trying to base64_encode crap to send via URLRewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]# Block out any script that includes a <script> tag in URLRewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]# Block out any script trying to set a PHP GLOBALS variable via URLRewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]# Block out any script trying to modify a _REQUEST variable via URLRewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})# Send all blocked request to homepage with 403 Forbidden error!RewriteRule ^(.*)$ index.php [F,L]# ########## End - Rewrite rules to block out some common exploitsErrorDocument 404 /error.html