Zur Navigation

Weiterleitung von daten htaccess

1 Jörg

Zitat von HTHorror

Hallo Leute, ich bin neu hier und leider nicht so Fit in Sachen Htaccess.
Da ich selber ein kleine Homepage betreibe für meinen Verein. Dachte ich
mir ich versuche es mit joomla. Mit ein eigenen Template bzw Style.
Leider hat die weiterleitung nicht ganz hin da in diesen Template auch
Warp7 verwendet wird. Und er mir Irgendwie keine änderungen übernimmt
die in Warp7 gemacht werden.
Genauso laufen auf der HP keine mp4 oder sonnst welche Videos.
(flv,mp3,mkv,avi,mpg,mpeg,mov,webm usw..)

Hier ein paar server Eckdaten.
Apache 2.4.41
Ubuntu 20.04.1 LTS focal
PHP 7.4.3
mysql 8.0.22

joomla 3.9.22

HTaccess Datei habe ich von
https://www.joomla-security.de/downloads.html und zwar die
Htacces für Joomla! 3.9.x Extended 3.9.x

mit ein paar Modifikationen! Und ich glaub darin liegt irgendwie der
Hund begraben.
Hierzu meine aktuellen dateien.

Und ein paar dragen zur php ini
Unter
doc_root = kommt das Homepage Verzeichnis oder? /var/www/html oder?
user_dir = /var/www/html oder?
sys_temp_dir = "/var/www/html/tmp oder?? root /tmp?

Ich weiss das ist viel zum durchsehen. Aber ich hänge echt fest.

Vielen dank für euren ernstgemeinten Antworten

HTACCESS

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\.meine-domain\.de$ [NC]
RewriteRule ^(.*)$ https://www.meine-domain.de/$1 [L,R=301]
RewriteCond %{SERVER_PORT} !^443$
</IfModule>

RewriteEngine On
ServerSignature Off
Options All -Indexes
IndexIgnore *
DirectoryIndex index.php index.html


########## Begin - RewriteBase
## Uncomment following line if your webserver's URL
## is not directly related to physical file paths.
## Update Your Joomla! Directory (just / for root)
# RewriteBase /
########## End - RewriteBase

########## Begin - Deny access to some files
RewriteRule ^(htaccess\.txt|configuration\.php(-dist)?|php\.ini)$ -
[R=404,L]
########## End - Deny access to some files

########## Begin - Disallow front-end access for certain Joomla! system
directories
RewriteRule ^(includes|language|libraries|logs|tmp)/ - [F]
########## End - Disallow front-end access for certain Joomla! system
directories

#################################################
##### 2. FILTERS                            #####
#################################################

########## FILTER REQUEST METHODS AND OTHER STUFF
RewriteCond %{REQUEST_METHOD}
^(connect|debug|delete|move|put|trace|track) [NC,OR]
RewriteCond %{THE_REQUEST} (\\r|\\n|%0A|%0D) [NC,OR]
RewriteCond %{HTTP_REFERER} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{HTTP_COOKIE} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC,OR]
RewriteCond %{REQUEST_URI} ^/(,|;|:|<|>|”>|”<|/|\\\.\.\\).{0,9999} [NC,OR]

########## Block mySQL injects
RewriteCond %{QUERY_STRING}
(;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark)
[NC,OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]

########## QUERY STRING EXPLOITS
RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} tag\= [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\:  [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%0|127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(\(|\)|<|>|'|"|\?|\*|%%|&%%|&"|").* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [NC]
RewriteRule ^(.*)$ - [R=404,L]

########## CHARACTER STRINGS
<IfModule mod_alias.c>
     ### BASIC CHARACTERS
     RedirectMatch 404 \:
     RedirectMatch 404 \@
     RedirectMatch 404 \[
     RedirectMatch 404 \]
     RedirectMatch 404 \^
     RedirectMatch 404 \`
     RedirectMatch 404 \{
     RedirectMatch 404 \}
     RedirectMatch 404 \~
     RedirectMatch 404 \"
     RedirectMatch 404 \$
     RedirectMatch 404 \<
     RedirectMatch 404 \>
     RedirectMatch 404 \|
     RedirectMatch 404 \.\.
     RedirectMatch 404 \/\/
     RedirectMatch 404 \%0
     RedirectMatch 404 \%22
     RedirectMatch 404 \%27
     RedirectMatch 404 \%28
     RedirectMatch 404 \%29
     RedirectMatch 404 \%3C
     RedirectMatch 404 \%3E
     RedirectMatch 404 \%3F
     RedirectMatch 404 \%5B
     RedirectMatch 404 \%5C
     RedirectMatch 404 \%5D
     RedirectMatch 404 \%7B
     RedirectMatch 404 \%7C
     RedirectMatch 404 \%7D

     ### COMMON PATTERNS
     RedirectMatch 404 \_vpi
     RedirectMatch 404 \.inc
     RedirectMatch 404 xAou6
     RedirectMatch 404 db\_name
     RedirectMatch 404 select\(
     RedirectMatch 404 convert\(
     RedirectMatch 404 \/query\/
     RedirectMatch 404 ImpEvData
     RedirectMatch 404 \.XMLHTTP
     RedirectMatch 404 proxydeny
     RedirectMatch 404 function\.
     RedirectMatch 404 remoteFile
     RedirectMatch 404 servername
     RedirectMatch 404 \&rptmode\=
     RedirectMatch 404 sys\_cpanel
     RedirectMatch 404 db\_connect
     RedirectMatch 404 doeditconfig
     RedirectMatch 404 check\_proxy
     RedirectMatch 404 system\_user
     RedirectMatch 404 \/\(null\)\/
     RedirectMatch 404 clientrequest
     RedirectMatch 404 option\_value
     RedirectMatch 404 ref\.outcontrol

     ### SPECIFIC EXPLOITS
     RedirectMatch 404 errors\.
     RedirectMatch 404 include\.
     RedirectMatch 404 display\.
     RedirectMatch 404 password\.
     RedirectMatch 404 maincore\.
     RedirectMatch 404 authorize\.
     RedirectMatch 404 macromates\.
     RedirectMatch 404 head\_auth\.
     RedirectMatch 404 submit\_links\.
     RedirectMatch 404 change\_action\.
     RedirectMatch 404 com\_facileforms\/
     RedirectMatch 404 admin\_db\_utilities\.
     RedirectMatch 404 admin\.webring\.docs\.
     RedirectMatch 404 Table\/Latest\/index\.
</IfModule>

########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations
listed below
## This attempts to block the most common type of exploit `attempts` to
Joomla!
## Deny access to extension xml files (uncomment out to activate)
#<Files ~ "\.xml$">
#Order allow,deny
#Deny from all
#Satisfy all
#</Files>
## End of deny access to extension xml files

# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
########## End - Rewrite rules to block out some common exploits

########## Begin - ETag Optimization
FileETag MTime Size
########## End - ETag Optimization

########## Begin - Disallow PHP Easter Eggs by Nicholas K. Dionysopoulos
RewriteCond %{QUERY_STRING}
\=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
RewriteRule ^(.*)$ - [R=404,L]
########## End - Disallow PHP Easter Eggs

########## Begin - File injection protection by SigSiu.net
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=https:// [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
RewriteRule ^(.*)$ - [R=404,L]
########## End - File injection protection

########## Begin - Rewrite rules to block out some common exploits
# If the request query string contains /proc/self/environ (by SigSiu.net)
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode or base64_decode data
within the URL
RewriteCond %{QUERY_STRING} base64_(en|de)code[^(]*\([^)]*\) [OR]
## IMPORTANT: If the above line throws an HTTP 500 error, replace it
with these 2 lines:
# RewriteCond %{QUERY_STRING} base64_encode\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
########## End - Rewrite rules to block out some common exploits

########## Begin - SQLi first line of defense, thanks to Radek Suski
(SigSiu.net)
RewriteCond %{QUERY_STRING} concat[^\(]*\( [NC,OR]
RewriteCond %{QUERY_STRING} union([^s]*s)+elect [NC,OR]
RewriteCond %{QUERY_STRING} union([^a]*a)+ll([^s]*s)+elect [NC]
RewriteRule .* - [F]
########## End - SQLi first line of defense, thanks to Radek Suski
(SigSiu.net)

########## Begin - Akeeba
## Allow Admin Tools Joomla! updater to run
RewriteRule ^administrator/components/com_admintools/restore\.php$ - [L]
## Allow Akeeba Backup Professional's integrated restoration script to run
RewriteRule ^administrator/components/com_akeeba/restore\.php$ - [L]
## Allow Akeeba Kickstart
RewriteRule ^kickstart\.php$ - [L]
########## End - Akeeba

########## Begin - Allow Joomla Update
RewriteRule
^administrator/components/com_joomlaupdate/joomlaupdate\.php$ - [L]
RewriteRule ^administrator\/components\/com_joomlaupdate\/restore\.php$
- [L]
########## End - Allow Joomla Update


########## Begin - Advanced server protection - paths and files by
Nicholas K. Dionysopoulos
## Back-end protection
## This also blocks fingerprinting attacks browsing for XML and INI files
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/index[23]\.php$ - [L]
# RewriteRule
^administrator/(components|modules|templates|images|plugins)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$
- [L]
RewriteRule ^administrator/ - [F]


## Allow limited access for certain Joomla! system directories with
client-accessible content
# RewriteRule
^(components|images|media|modules|plugins|templates)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov|eot|ttf|woff|ico)$
- [L]
## Uncomment this line if you have extensions which require direct
access to their own custom index.php files. Note that this is UNSAFE and
the developer should be ashamed
## for being so lame, lazy and security unconscious.
RewriteRule ^templates\/kopiebiz/ - [L]
# RewriteRule
^(components|modules|plugins|templates)/([^/]+/)*(index\.php)?$ - [L]
## Uncomment the following line if your template requires direct access
to PHP files inside its directory, e.g. GZip compressed copies of its
CSS files
# RewriteRule ^templates/([^/]+/)*([^/.]+\.)+php$ - [L]
RewriteRule ^(components|images|media|modules|plugins|templates)/ - [F]

## Disallow access to rogue PHP files throughout the site, unless they
are explicitly allowed
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{REQUEST_FILENAME} !/index[23]?\.php$
## The next line is to explicitly allow the forum post
assistant(fpa-xx)script to run
RewriteCond %{REQUEST_FILENAME} !/fpa-[a-z]{2}\.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^([^/]+/)*([^/.]+\.)+php$ - [F]
########## End - Begin - Advanced server protection

########## Begin - Disallow visual fingerprinting
## Disallow visual fingerprinting of Joomla! sites (module position
dump)Initial idea by Brian Teeman and Ken Crowder, see:
## http://www.slideshare.net/brianteeman/hidden-joomla-secrets
## Improved by @nikosdion to work more efficiently and handle template
## and tmpl query parameters
###RewriteCond %{QUERY_STRING} (^|&)tmpl=(component|system) [NC]
###RewriteRule .* - [L]
###RewriteCond %{QUERY_STRING} (^|&)t(p|emplate|mpl)= [NC]
###RewriteRule .* - [F]
########## End - Disallow visual fingerprinting

#################################################
##### 3. BLOCK BAD USER AGENTS                #####
#################################################

RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget) [NC,OR]
RewriteCond %{HTTP_USER_AGENT}
(clshttp|archiver|loader|email|extract|grab|miner) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (curl|python|nikto|scan) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
RewriteRule ^(.*)$ - [R=404,L]

RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
## Note: The final RewriteCond must NOT use the [OR] flag.
## Return 403 Forbidden error.
RewriteRule .* - [F]

########## User-Agents with no privileges (mostly
spambots/spybots/offline downloaders that ignore robots.txt by
schwarzkuenstler.com)
<IfModule mod_setenvif.c>
     #SetEnvIfNoCase User-Agent "^Mozilla/??$" banned
     SetEnvIfNoCase User-Agent "^(google|i?explorer?\.exe|(MS)?IE(
[0-9.]+)?[ ]?(Compatible( Browser)?)?)$" banned
     SetEnvIfNoCase User-Agent "^(Mozilla( [0-9.]+)?[
]?\((Windows|Linux|(IE )?Compatible)\))$" banned
     SetEnvIfNoCase User-Agent "^[A-Z]+$" banned
     SetEnvIfNoCase User-Agent "^DA d.d+" banned
     SetEnvIfNoCase User-Agent "^Download" banned
     SetEnvIfNoCase User-Agent "^IE d.d Compatible.*Browser$" banned
     SetEnvIfNoCase User-Agent "^Internet Explore" banned
     SetEnvIfNoCase User-Agent "^Mozilla/.+[. ]+$" banned
     SetEnvIfNoCase User-Agent "^Mozilla/[0-9.]+ \(compatible; MSIE
[0-9.]+; Windows( NT)?( [0-9.]*)?;[0-9./ ]*\)?$" banned
     SetEnvIfNoCase User-Agent "^Mozilla/4.0$" banned
     SetEnvIfNoCase User-Agent "^Mozilla/5\.0 \(X11; U; Linux i686;
en-US; rv\:0\.9\.6\+\) Gecko/2001112$" banned
     SetEnvIfNoCase User-Agent "^MSIE\ 6\.0 \(compatible;" banned
     SetEnvIfNoCase User-Agent "^NG" banned
     SetEnvIfNoCase User-Agent "4\.0 Robot\) Microsoft.*$" banned
     SetEnvIfNoCase User-Agent "adressendeutschland.*$" banned
     SetEnvIfNoCase User-Agent "AmigaOs/MC680x0.*$" banned
     SetEnvIfNoCase User-Agent "anarchie" banned
     SetEnvIfNoCase User-Agent "Atomz" banned
     SetEnvIfNoCase User-Agent "biz-Spider_for.*$" banned
     SetEnvIfNoCase User-Agent "BlackWidow" banned
     SetEnvIfNoCase User-Agent "Bot\ mailto:craftbot@yahoo.com" banned
     SetEnvIfNoCase User-Agent "Check\&Get.*$" banned
     SetEnvIfNoCase User-Agent "cherry.?picker" banned
     SetEnvIfNoCase User-Agent "ChinaClaw" banned
     SetEnvIfNoCase User-Agent "Cobra Development.*$" banned
     SetEnvIfNoCase User-Agent "compatible ; MSIE 6.0?" banned
     SetEnvIfNoCase User-Agent "compatible; MSIE 4\.5; Windows.*$" banned
     SetEnvIfNoCase User-Agent "Crazy Browser" banned
     SetEnvIfNoCase User-Agent "crescent" banned
     SetEnvIfNoCase User-Agent "Custo" banned
     SetEnvIfNoCase User-Agent "DISCo" banned
     SetEnvIfNoCase User-Agent "Download\ Demon" banned
     SetEnvIfNoCase User-Agent "DTS Agent" banned
     SetEnvIfNoCase User-Agent
"e?mail.?(collector|magnet|reaper|siphon|sweeper|harvest|collect|wolf)"
banned
     SetEnvIfNoCase User-Agent "EasyDL/d.d+" banned
     SetEnvIfNoCase User-Agent "eCatch" banned
     SetEnvIfNoCase User-Agent "efp@gmx.net" banned
     SetEnvIfNoCase User-Agent "EirGrabber" banned
     SetEnvIfNoCase User-Agent "email" banned
     SetEnvIfNoCase User-Agent "EmailSiphon" banned
     SetEnvIfNoCase User-Agent "EmailWolf" banned
     SetEnvIfNoCase User-Agent "Enterprise_Search" banned
     SetEnvIfNoCase User-Agent "express" banned
     SetEnvIfNoCase User-Agent "Express\ WebPictures" banned
     SetEnvIfNoCase User-Agent "extractor" banned
     SetEnvIfNoCase User-Agent "ExtractorPro" banned
     SetEnvIfNoCase User-Agent "EyeNetIE" banned
     SetEnvIfNoCase User-Agent "fake\-agent" banned
     SetEnvIfNoCase User-Agent "Fetch API Request" banned
     SetEnvIfNoCase User-Agent "flashget" banned
     SetEnvIfNoCase User-Agent "FlickBot" banned
     SetEnvIfNoCase User-Agent "FrontPage" banned
     SetEnvIfNoCase User-Agent "getright" banned
     SetEnvIfNoCase User-Agent "GetWeb!" banned
     SetEnvIfNoCase User-Agent "Go-Ahead-Got-It" banned
     SetEnvIfNoCase User-Agent "Go!Zilla" banned
     SetEnvIfNoCase User-Agent "go.?zilla" banned
     SetEnvIfNoCase User-Agent "grabber" banned
     SetEnvIfNoCase User-Agent "GrabNet" banned
     SetEnvIfNoCase User-Agent "Grafula" banned
     SetEnvIfNoCase User-Agent "harvest" banned
     SetEnvIfNoCase User-Agent "HMView" banned
     SetEnvIfNoCase User-Agent "httrack" banned
     SetEnvIfNoCase User-Agent "Image\ Stripper" banned
     SetEnvIfNoCase User-Agent "Image\ Sucker" banned
     SetEnvIfNoCase User-Agent "imagefetch" banned
     SetEnvIfNoCase User-Agent "Indy\ Library" banned
     SetEnvIfNoCase User-Agent "InterGET" banned
     SetEnvIfNoCase User-Agent "Internet Explorer" banned
     SetEnvIfNoCase User-Agent "Internet\ Ninja" banned
     SetEnvIfNoCase User-Agent "JetCar" banned
     SetEnvIfNoCase User-Agent "JOC\ Web\ Spider" banned
     SetEnvIfNoCase User-Agent "larbin" banned
     SetEnvIfNoCase User-Agent "libwww-perl" banned
     SetEnvIfNoCase User-Agent "LeechFTP" banned
     SetEnvIfNoCase User-Agent "LinkExplore" banned
     SetEnvIfNoCase User-Agent "LINKS ARoMATIZED" banned
     SetEnvIfNoCase User-Agent "Mass\ Downloader" banned
     SetEnvIfNoCase User-Agent "Microsoft Data Access.*$" banned
     SetEnvIfNoCase User-Agent "Microsoft URL Control" banned
     SetEnvIfNoCase User-Agent "MIDown\ tool" banned
     SetEnvIfNoCase User-Agent "mister pix" banned
     SetEnvIfNoCase User-Agent "Mister\ PiX" banned
     SetEnvIfNoCase User-Agent "MSIECrawler" banned
     SetEnvIfNoCase User-Agent "Navroad" banned
     SetEnvIfNoCase User-Agent "NearSite" banned
     SetEnvIfNoCase User-Agent "net.?(ants|mechanic|spider|vampire|zip)"
banned
     SetEnvIfNoCase User-Agent "Net\ Vampire" banned
     SetEnvIfNoCase User-Agent "NetAnts" banned
     SetEnvIfNoCase User-Agent "NetSpider" banned
     SetEnvIfNoCase User-Agent "NetZIP" banned
     SetEnvIfNoCase User-Agent "nicerspro" banned
     SetEnvIfNoCase User-Agent "ninja" banned
     SetEnvIfNoCase User-Agent "NPBot" banned
     SetEnvIfNoCase User-Agent "Octopus" banned
     SetEnvIfNoCase User-Agent "offline" banned
     SetEnvIfNoCase User-Agent "Offline\ Explorer" banned
     SetEnvIfNoCase User-Agent "Offline\ Navigator" banned
     SetEnvIfNoCase User-Agent "PageGrabber" banned
     SetEnvIfNoCase User-Agent "Papa\ Foto" banned
     SetEnvIfNoCase User-Agent "pavuk" banned
     SetEnvIfNoCase User-Agent "pavuk/[0-9.]+" banned
     SetEnvIfNoCase User-Agent "pcBrowser" banned
     SetEnvIfNoCase User-Agent "pd02_[09.]+.*$" banned
     SetEnvIfNoCase User-Agent "PersonaPilot" banned
     SetEnvIfNoCase User-Agent "port-agent" banned
     SetEnvIfNoCase User-Agent "pranks4fun" banned
     SetEnvIfNoCase User-Agent "Program Shareware.*$" banned
     SetEnvIfNoCase User-Agent "Proxtrans" banned
     SetEnvIfNoCase User-Agent "RealDownload" banned
     SetEnvIfNoCase User-Agent "ReGet" banned
     SetEnvIfNoCase User-Agent "SAFEXPLORER TL.*$" banned
     SetEnvIfNoCase User-Agent "SiteSnagger" banned
     SetEnvIfNoCase User-Agent "SmartDownload" banned
     SetEnvIfNoCase User-Agent "snagger" banned
     SetEnvIfNoCase User-Agent "Snoopy_v" banned
     SetEnvIfNoCase User-Agent "Sqworm" banned
     SetEnvIfNoCase User-Agent "SuperBot" banned
     SetEnvIfNoCase User-Agent "SuperHTTP" banned
     SetEnvIfNoCase User-Agent "Surfbot" banned
     SetEnvIfNoCase User-Agent "SurveyBot" banned
     SetEnvIfNoCase User-Agent "tAkeOut" banned
     SetEnvIfNoCase User-Agent "tele(port|soft)" banned
     SetEnvIfNoCase User-Agent "Teleport\ Pro" banned
     SetEnvIfNoCase User-Agent "TurnitinBot" banned
     SetEnvIfNoCase User-Agent "vayala" banned
     SetEnvIfNoCase User-Agent "VoidEYE" banned
     SetEnvIfNoCase User-Agent
"web.?(auto|bandit|collector|copier|devil|downloader|fetch|hook|mole|miner|mirror|reaper|sauger|sucker|site|snake|stripper|weasel|zip)"
banned
     SetEnvIfNoCase User-Agent "Web\ Image\ Collector" banned
     SetEnvIfNoCase User-Agent "Web\ Sucker" banned
     SetEnvIfNoCase User-Agent "WebAuto" banned
     SetEnvIfNoCase User-Agent "WebCopier" banned
     SetEnvIfNoCase User-Agent "WebDAV" banned
     SetEnvIfNoCase User-Agent "WebFetch" banned
     SetEnvIfNoCase User-Agent "WebGo\ IS" banned
     SetEnvIfNoCase User-Agent "WebLeacher" banned
     SetEnvIfNoCase User-Agent "WebReaper" banned
     SetEnvIfNoCase User-Agent "WebSauger" banned
     SetEnvIfNoCase User-Agent "Website\ eXtractor" banned
     SetEnvIfNoCase User-Agent "Website\ Quester" banned
     SetEnvIfNoCase User-Agent "WebStripper" banned
     SetEnvIfNoCase User-Agent "WebWhacker" banned
     SetEnvIfNoCase User-Agent "WebZIP" banned
     SetEnvIfNoCase User-Agent "Wget" banned
     SetEnvIfNoCase User-Agent "Widow" banned
     SetEnvIfNoCase User-Agent "WinHttp\.WinHttpRequest.*$" banned
     SetEnvIfNoCase User-Agent "WWWOFFLE" banned
     SetEnvIfNoCase User-Agent "Xaldon\ WebSpider" banned
     SetEnvIfNoCase User-Agent "YANDEX.*$" banned
     SetEnvIfNoCase User-Agent "zeus" banned


     # Deny access to all with status "banned"
     # Nice trick.. => 301-Redirect to themself...
     RewriteCond %{ENV:banned} ^1$
     RewriteCond %{HTTP_REFERER} ^(.*)$
     RewriteRule ^(.*)$ %1 [R=301,L]
     # In any case => 403-Forbidden
     Order Deny,Allow
     Deny from env=banned
</IfModule>


#################################################
##### 4. REFERRER FILTERING FOR MEDIA FILES    #####
#################################################

#RewriteRule
^images/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [L]
#RewriteCond %{HTTP_REFERER} .
#RewriteCond %{HTTP_REFERER} !^https?://(wwww\.)?example\.com [NC]
#RewriteCond %{REQUEST_FILENAME} -f
#RewriteRule \.(jp(e?g|2)?|png|gif|bmp|css|js|swf|ico)$ - [F]

#### With ads on the referrer page
#RewriteCond %{HTTP_REFERER} !^$
#RewriteCond %{HTTP_REFERER} !^https://(www\.)?example.com(/)?.*$ [NC]
#RewriteCond %{HTTP_REFERER} !^http://(www\.)?example.com(/)?.*$ [NC]
#RewriteRule .*\.(gif|jpg|jpeg|png|bmp)$
http://404.example.com/traffic-klau.gif [R,NC]

#################################################
##### 5. SEO                                #####
#################################################

########## Begin - Redirect index.php to /
## Note: Change example.com to reflect your own domain name
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^index\.php$ http%2://www.meine-domain.de/$1 [R=301,L]
## If the above line throws a 500 error, change [R=301,L] to [R,L]
########## End - Redirect index.php to /

#################################################
##### 7. CACHE                                #####
#################################################
AddType x-font/woff .woff
<IfModule mod_expires.c>
     ExpiresActive on
     ExpiresDefault                                      "access plus 1
month"

   # CSS
     ExpiresByType text/css                              "access plus 1
year"

   # Data interchange
     ExpiresByType application/atom+xml                  "access plus 1
hour"
     ExpiresByType application/rdf+xml                   "access plus 1
hour"
     ExpiresByType application/rss+xml                   "access plus 1
hour"
     ExpiresByType application/json                      "access plus 0
seconds"
     ExpiresByType application/ld+json                   "access plus 0
seconds"
     ExpiresByType application/schema+json               "access plus 0
seconds"
     ExpiresByType application/vnd.geo+json              "access plus 0
seconds"
     ExpiresByType application/xml                       "access plus 0
seconds"
     ExpiresByType text/xml                              "access plus 0
seconds"

   # Favicon (cannot be renamed!) and cursor images
     ExpiresByType image/vnd.microsoft.icon              "access plus 1
week"
     ExpiresByType image/x-icon                          "access plus 1
week"
     ExpiresByType image/ico                                "access plus
1 week"
     ExpiresByType image/icon                            "access plus 1
week"
     ExpiresByType text/ico                                "access plus
1 week"
     ExpiresByType application/ico                        "access plus 1
week"

   # HTML
     ExpiresByType text/html                             "access plus 0
seconds"

   # JavaScript

     ExpiresByType application/javascript                "access plus 1
year"
     ExpiresByType application/x-javascript              "access plus 1
year"
     ExpiresByType text/javascript                       "access plus 1
year"

   # Manifest files
     ExpiresByType application/manifest+json             "access plus 1
week"
     ExpiresByType application/x-web-app-manifest+json   "access plus 0
seconds"
     ExpiresByType text/cache-manifest                   "access plus 0
seconds"

   # Media files
     ExpiresByType audio/basic                            "access plus 1
month"
     ExpiresByType audio/mid                                "access plus
1 month"
     ExpiresByType audio/midi                            "access plus 1
month"
     ExpiresByType audio/mpeg                            "access plus 1
month"
     ExpiresByType audio/ogg                             "access plus 1
month"
     ExpiresByType audio/x-wav                            "access plus 1
month"
     ExpiresByType image/bmp                             "access plus 1
month"
     ExpiresByType image/gif                             "access plus 1
month"
     ExpiresByType image/jpeg                            "access plus 1
month"
     ExpiresByType image/png                             "access plus 1
month"
     ExpiresByType image/svg+xml                         "access plus 1
month"
     ExpiresByType image/webp                            "access plus 1
month"
     ExpiresByType video/mpeg                            "access plus 1
month"
     ExpiresByType video/mp4                             "access plus 1
month"
     ExpiresByType video/ogg                             "access plus 1
month"
     ExpiresByType video/webm                            "access plus 1
month"


   # Web fonts
     # Embedded OpenType (EOT)
     ExpiresByType application/vnd.ms-fontobject         "access plus 1
month"
     ExpiresByType font/eot                              "access plus 1
month"

     # OpenType
     ExpiresByType font/opentype                         "access plus 1
month"

     # TrueType
     ExpiresByType application/x-font-ttf                "access plus 1
month"

     # Web Open Font Format (WOFF) 1.0
     ExpiresByType application/font-woff                 "access plus 1
month"
     ExpiresByType application/x-font-woff               "access plus 1
month"
     ExpiresByType font/woff                             "access plus 1
month"

     # Web Open Font Format (WOFF) 2.0
     ExpiresByType application/font-woff2                "access plus 1
month"


   # Other
     ExpiresByType text/x-cross-domain-policy            "access plus 1
week"

</IfModule>

<IfModule mod_deflate.c>
     # Insert filters / compress text, html, javascript, css, xml:
     AddOutputFilterByType DEFLATE text/plain
     AddOutputFilterByType DEFLATE text/html
     AddOutputFilterByType DEFLATE text/xml
     AddOutputFilterByType DEFLATE text/css
     AddOutputFilterByType DEFLATE text/javascript
     AddOutputFilterByType DEFLATE text/vtt
     AddOutputFilterByType DEFLATE text/x-component
     AddOutputFilterByType DEFLATE application/xml
     AddOutputFilterByType DEFLATE application/xhtml+xml
     AddOutputFilterByType DEFLATE application/rss+xml
     AddOutputFilterByType DEFLATE application/atom_xml
     AddOutputFilterByType DEFLATE application/js
     AddOutputFilterByType DEFLATE application/javascript
     AddOutputFilterByType DEFLATE application/x-javascript
     AddOutputFilterByType DEFLATE application/x-httpd-php
     AddOutputFilterByType DEFLATE application/x-httpd-fastphp
     AddOutputFilterByType DEFLATE application/x-shockwave-flash
     AddOutputFilterByType DEFLATE application/json
     AddOutputFilterByType DEFLATE application/ld+json
     AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
     AddOutputFilterByType DEFLATE application/x-font-ttf
     AddOutputFilterByType DEFLATE application/x-web-app-manifest+json
     AddOutputFilterByType DEFLATE font/opentype
     AddOutputFilterByType DEFLATE image/svg+xml
     AddOutputFilterByType DEFLATE image/x-icon
     AddOutputFilterByType DEFLATE font/ttf
     AddOutputFilterByType DEFLATE font/otf
     AddOutputFilterByType DEFLATE font/woff


     # Exception: Images
     SetEnvIfNoCase REQUEST_URI \.(?:gif|jpg|jpeg|png|svg)$ no-gzip
dont-vary

     # Drop problematic browsers
     BrowserMatch ^Mozilla/4 gzip-only-text/html
     BrowserMatch ^Mozilla/4\.0[678] no-gzip
     BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

     # Make sure proxies don't deliver the wrong content
     Header append Vary User-Agent env=!dont-vary
</IfModule>

     ########## Alternative caching using Apache's "mod_headers", if
it's installed. Caching of common files - ENABLED
     <IfModule mod_headers.c>
         <FilesMatch "\.(ico|pdf|flv|swf|js|css|gif|png|jpg|jpeg|txt)$">
         Header set Cache-Control "max-age=2592000, public"
     </FilesMatch>
</IfModule>

<IfModule mod_headers.c>
   <FilesMatch "\.(js|css|xml|gz)$">
     Header append Vary Accept-Encoding
   </FilesMatch>
</IfModule>

# Set Keep Alive Header
<IfModule mod_headers.c>
     Header set Connection keep-alive
</IfModule>


#################################################
##### 8. SPAM Filter                        #####
#################################################

########## Begin - Basic antispam Filter, by SigSiu.net
RewriteCond %{QUERY_STRING}
\b(ambien|blue\spill|cialis|cocaine|ejaculation|erectile)\b [NC,OR]
RewriteCond %{QUERY_STRING}
\b(erections|hoodia|huronriveracres|impotence|levitra|libido)\b [NC,OR]
RewriteCond %{QUERY_STRING}
\b(lipitor|phentermin|pro[sz]ac|sandyauer|tramadol|troyhamby)\b [NC,OR]
RewriteCond %{QUERY_STRING}
\b(ultram|unicauca|valium|viagra|vicodin|xanax|ypxaieo)\b [NC]
RewriteRule .* - [F]
########## End - Basic antispam Filter, by SigSiu.net

## SITE REFERRER BANNING
RewriteCond %{HTTP_REFERER} semalt.com [NC,OR]
RewriteCond %{HTTP_REFERER} buttons-for-website.com [NC,OR]
RewriteCond %{HTTP_REFERER} seoanalyses.com [NC]
RewriteRule .* - [F]

#################################################
##### 9. PHP SECURITY & FUNCTIONS            #####
#################################################

php_value short_open_tag 1

#################################################
##### 10. JOOMLA DEFAULT FUNCTIONS            #####
#################################################

<IfModule mod_headers.c>
     Header always set Permissions-Policy "geolocation 'self'
https://meine-domain.de; microphone 'none'; payment 'none'; sync-xhr
'self' https://meine-domain.de"
     Header set Content-Security-Policy "img-src *; object-src 'self'
https://meine-domain.de; media-src https://meine-domain.de; frame-src *;
connect-src 'self' *; report-uri https://meine-domain.de"
     Header add X-Content-Security-Policy "default-src 'self' "
     Header add X-Webkit-CSP "default-src 'self' "
     Header always set Expect-CT "max-age '86400'; enforce; report-uri
'https://meine-domain.de"
     Header edit Set-Cookie test "expr=-z
%{req:Cookie};lang=de_DE;__Host-id=1; Secure; Path=/;
Domain=meine-domain.de"

     Header always set Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload" env=HTTPS

     Header onsuccess unset Referrer-Policy
     Header always set Referrer-Policy "no-referrer"

     Header onsuccess unset X-Content-Type-Options
     Header always set X-Content-Type-Options "nosniff"

     Header onsuccess unset X-Download-Options
     Header always set X-Download-Options "noopen"

     Header onsuccess unset X-Frame-Options
     Header always set X-Frame-Options "SAMEORIGIN"

     Header onsuccess unset X-Permitted-Cross-Domain-Policies
     Header always set X-Permitted-Cross-Domain-Policies "none"

     Header onsuccess unset X-Robots-Tag
     Header always set X-Robots-Tag "none"

     Header onsuccess unset X-XSS-Protection
     Header always set X-XSS-Protection "1; mode=block"

     SetEnv modHeadersAvailable true
</IfModule>

########## Begin - Joomla! core SEF Section
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the component folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI}
/component/|(/[^.]*|\.(php|html?|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
########## End - Joomla! core SEF Section

########## Begin - Error documents
#
ErrorDocument 401 "404 Not Found!
ErrorDocument 403 "404 Not Found!
ErrorDocument 404 "404 Not Found!
ErrorDocument 500 "Internal Server Error!
#
########## End - Error documents


APACHE

ServerSignature Off
ServerTokens Prod
TraceEnable Off
HostnameLookups Off
EnableSendfile Off
ServerAdmin root@localhost
ServerName www.meine-domain.de:80
UseCanonicalName Off
#ServerRoot "/etc/apache2"

<IfModule mod_rewrite.c>
     RewriteEngine On
     RewriteCond %{HTTPS} !=on
     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>

DefaultRuntimeDir ${APACHE_RUN_DIR}

PidFile ${APACHE_PID_FILE}

Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5

User ${APACHE_RUN_USER}
Group ${APACHE_RUN_GROUP}

HostnameLookups Off

ErrorLog ${APACHE_LOG_DIR}/error.log

LogLevel warn

IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

Include ports.conf

<Directory />
     Options FollowSymLinks
     AllowOverride None
     Require all denied
</Directory>

<Directory /usr/share>
     AllowOverride None
     Require all granted
</Directory>

<Directory /var/www/>
     Options Indexes FollowSymLinks
     AllowOverride None
     Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
     Require all denied
</FilesMatch>

#LoadModule mime_magic_module mod_mime_magic.so
#LoadModule mime_module mod_mime.so
#AddModule mod_mime_magic.c
#AddModule mod_mime.c


LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\"
\"%{User-Agent}i\"" vhost_combined
LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\""
combined
LogFormat "%h %l %u %t \"%r\" %>s %O" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent

IncludeOptional conf-enabled/*.conf

IncludeOptional sites-enabled/*.conf


<Directory /var/www/html>
AllowOverride All
</Directory>

14.11.2020 08:02

2 Jörg

Leider hat die weiterleitung nicht ganz hin da in diesen Template auch
Warp7 verwendet wird.

Welche Weiterleitung - die ganz am Anfang? Da hängt diese (überflüssige) Bedingung ohne folgende RewriteRule in der Luft:

RewriteCond %{SERVER_PORT} !^443$

14.11.2020 08:45 | geändert: 14.11.2020 08:46

3 HTHorror

Erstmal Vielen Dank für deine schnelle Antwort.
Für die Weiterleitung zum port 443 zwegs ssl.
Denn ssl geht ohne Probleme.
Wie schon gesagt ich bin in Sachen htaccess ein totaler Anfänger.
Und bevor ich da ein groben Fehler mache der unter Umständen die ganze Server Sicherheit aushebelt frag ich da lieber. Und bin für jede Hilfe dankbar.

Ich bin sowas von beeindruckt wie freundlich und entgegenkommend mir geholfen wird. Das ist heutzutage leider nicht mehr oft der Fall.
Wenn ich mich revanchieren kann bin ich zu stelle :)

Ich glaub das meine Probleme ab
########## Begin - Advanced server protection - paths and files by
Nicholas K. Dionysopoulos
## Back-end protection

Los gehen. Denn er ldatet mir nicht das template nach. Egal ob ich eingeloggt bin oder nicht.
Denke mal das irgendwo der Zugriff auf die Unterverzeichnisse hängt.

Update:
Füge ich unter

## for being so lame, lazy and security unconscious.
RewriteRule ^templates\/kopiebiz/ - [L]

ein. Läd er mir das Verzeichnis nach. Aber die frage ist macht er das auch dann für die Unterverzeichnisse??

## Back-end protection
## This also blocks fingerprinting attacks browsing for XML and INI files
RewriteRule ^administrator/?$ - [L]
RewriteRule ^administrator/index\.(php|html?)$ - [L]
RewriteRule ^administrator/index[23]\.php$ - [L]
RewriteRule ^administrator/(components|modules|templates|images|plugins)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov)$ - [L]
RewriteRule ^administrator/ - [F]

 
## Allow limited access for certain Joomla! system directories with client-accessible content
RewriteRule ^(components|images|media|modules|plugins|templates)/([^/]+/)*([^/.]+\.)+(jp(e?g|2)?|png|gif|bmp|css|js|swf|html?|mp(eg?|[34])|avi|wav|og[gv]|xlsx?|docx?|pptx?|zip|rar|pdf|xps|txt|7z|svg|od[tsp]|flv|mov|eot|ttf|woff|ico)$ - [L]
## Uncomment this line if you have extensions which require direct access to their own custom index.php files. Note that this is UNSAFE and the developer should be ashamed
## for being so lame, lazy and security unconscious.
#RewriteRule ^templates\/kopiebiz/ - [L]  
RewriteRule ^(components|modules|plugins|templates)/([^/]+/)*(index\.php)?$ - [L]
## Uncomment the following line if your template requires direct access to PHP files inside its directory, e.g. GZip compressed copies of its CSS files
RewriteRule ^templates/([^/]+/)*([^/.]+\.)+php$ - [L]
RewriteRule ^(components|images|media|modules|plugins|templates)/ - [F]
 
## Disallow access to rogue PHP files throughout the site, unless they are explicitly allowed
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{REQUEST_FILENAME} !/index[23]?\.php$
## The next line is to explicitly allow the forum post assistant(fpa-xx)script to run
RewriteCond %{REQUEST_FILENAME} !/fpa-[a-z]{2}\.php
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^([^/]+/)*([^/.]+\.)+php$ - [F]
########## End - Begin - Advanced server protection

14.11.2020 12:48 | geändert: 14.11.2020 13:38

4 Jörg

Für die Weiterleitung zum port 443 zwegs ssl.

Dazu fehlt aber noch die passende RewriteRule! eine RewriteCond bezieht sich immer auf die nächstfolgende RewriteRule. Ich würde diese Zeile schlichtweg löschen, da du hier bereits nach https:// weiterleitest:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Da musst du nicht zusätzlich noch den Port bemühen.

Füge ich unter

## for being so lame, lazy and security unconscious.
RewriteRule ^templates\/kopiebiz/ - [L]

ein. Läd er mir das Verzeichnis nach. Aber die frage ist macht er das auch dann für die Unterverzeichnisse??

Ja, sollte es. Das Muster "^templates\/kopiebiz/" hat hinten kein Begrenzungszeichen "$", ist also nach hinten offen.

14.11.2020 17:56

5 HTHorror

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Hab den port schon drunter gelöscht.

## for being so lame, lazy and security unconscious.
RewriteRule ^templates\/kopiebiz/ - [L]

Ist es egal an welcher stelle die Weiterleitung reinkann?
Nicht das dann das Verzeichnis komplett offen ist?

Ja, sollte es. Das Muster "^templates\/kopiebiz/" hat hinten kein Begrenzungszeichen "$", ist also nach hinten offen.

Vielen dank für den hinweis. :)

Ach, ich hab leider auch Probleme mit den Abspielen von Medien (mp4,avi,mov,flv,webm usw.) Inhalten.

Ich vermute mal das liegt irden wo da unten wo ich die RewriteRule eingetragen hab. Nur bin ich immer sehr Vorsichtig was mit Weiterleitungen zu tun hat. Und fummel da nicht einfach was rein ;)

15.11.2020 13:30

6 Jörg

Zitat von HTHorror
## for being so lame, lazy and security unconscious.
RewriteRule ^templates\/kopiebiz/ - [L]

Ist es egal an welcher stelle die Weiterleitung reinkann?
Nicht das dann das Verzeichnis komplett offen ist?

Das ist keine Weiterleitung, sondern eine Regel, die verhindert, dass alle nachfolgenden Regeln zur Ausführung kommen. Du kannst ja ausprobieren, wieweit du sie nach unten schieben kannst, so dass das Template noch korrekt angezeigt wird

Ach, ich hab leider auch Probleme mit den Abspielen von Medien (mp4,avi,mov,flv,webm usw.) Inhalten.

Und wie äußert sich dieses Problem genau? was für eine URL haben diese Dateien beispielsweise?

Die ExpiresByType-Direktiven sorgen lediglich dafür, dass ein Browser angehalten ist, die betreffende Datei einen Monat lang aus seinem Cache zu holen.

16.11.2020 11:35

7 HTHorror

Also mir ist aufgefallen das am ende jeder "Regel?" immer ein [L]
Nur die am schluss nicht. Die hat [F]
Springt er dann quasi zum nächsten Abschnitt? Und schließt damit diesen "Regel Abschnitt" ab?

Zum Medien Problem:
Also die einziegen Lings die auch als Link dargestellt werden sind die von die mp4 dateien.
Sie werden auch ganz Normal in Backend angezeigt als Link. Klicke ich drauf erscheint auch ein Popup Fenster in den eigendlich das Movie angezeit werden sollte.
Es erscheint aber :Vorschau
Video Player
Error loading this resource

Nun ich dachte da zuerst das die Rechte nicht passen. Aber die sind Korrekt eingetragen. Ganz normale lese rechte 644.
Der Link zur datei scheint mir aber etwas seltsam.
Und da könnte der Hund begraben sein.

images/Video%2Fvideo1.mp4
Richtig müsste er sein: /images/Video/video1.mp4

16.11.2020 21:31 | geändert: 16.11.2020 21:42

8 Jörg

Also mir ist aufgefallen das am ende jeder "Regel?" immer ein [L]
Nur die am schluss nicht. Die hat [F]

Das L steht für "Last Rule" und F für "Forbidden". Das ginge auch beides zusammen: [F,L]

Der Link zur datei scheint mir aber etwas seltsam.
Und da könnte der Hund begraben sein.

images/Video%2Fvideo1.mp4
Richtig müsste er sein: /images/Video/video1.mp4

Das "/" ist urlcodiert. Steht die Link-URL mit dem "%2F" auch in der Quelltextansicht des Browsers? wenn ja, wird der Fehler wohl schon innerhalb des CMS produziert.

17.11.2020 11:06

9 HTHorror

Jörg. Also erstmal Danke nochmal für deine mühen!
Find ich Super das du mir da helfen tust.

Also ich hab mal den link ohne urlcodierung in Browser geladen.
/images/video/video1.mp4
Das seltsame ist das so ein lade Symbol in ein Player kommt. Nur läd er mir nicht die datei.
Wenn ich images/video%2Fvideo1.mp4 versuche dann kommt 404 denke mal das ist richtig so.
Und das mit den [L,F] da hab ich wieder was gelernt! Und das mit 50 ;)

17.11.2020 13:20

10 Jörg

Und was steht im HTML-Quelltext, wenn du diesen im Browser aufrufst (Strg + U) - die URL mit "/" oder mit "%2F"?

Also ich hab mal den link ohne urlcodierung in Browser geladen.
/images/video/video1.mp4
Das seltsame ist das so ein lade Symbol in ein Player kommt. Nur läd er mir nicht die datei.

Er lädt vielleicht schon, aber spielt die Datei erst ab, wenn sie vollständig geladen ist? Damit die Datei schon am Beginn abgespielt, d.h. gestreamt wird, müssen darin entsprechende Metadaten vorangestellt sein. Mit den Suchbegriffen "mp4 faststart" kannst du weitergehende Infos hierzu finden

17.11.2020 16:42 | geändert: 17.11.2020 16:42