Announcement

#1 2014-09-26 07:21:26

Serge D
Member
US
2014-07-15
372

Piwigo and htaccess - FAQ/Sample

I have compiled sample htaccess which I am using for my site and I hope it may help someone else as well
Full content is published here

If you have any corrections or would like to expand it, please comment on my blog

Last edited by Serge D (2014-09-26 07:21:40)

Offline

 

#2 2015-03-28 00:55:26

Erdei Kismalac
Guest

Re: Piwigo and htaccess - FAQ/Sample

Hi,

I have copied your file in the directory of my PIWIGO install however it does not work.
I need it because I have a sync error from lightroom and I would like to know the apache error report.

Would you be so kind as to help me changing the htaccess settings?

Thank you very much.

E.

-------------

This are the basic infos about my install:

------------------------------------
Piwigo-Version

        Piwigo 2.7.4
        Prüfen, ob eine neue Version verfügbar ist.
        Melde pistike040@gmail.com an für den Piwigo-Newsletter

Server-Umgebung

        Betriebssystem: Linux
        PHP: 5.4.38-nmm1 (Info anzeigen) [2015-03-28 00:52:18]
        MySQL: 5.5.40-nmm1-log [2015-03-28 00:52:18]
        Grafikbibliothek: ImageMagick 6.6.9-7

Datenbank

        31628 Fotos (erstes Foto am Freitag 20 Februar 2015 hinzugefügt)
        253 Alben inbegriffen, davon 3 physische und 250 virtuelle (155153 Elemente werden insgesamt angezeigt)
        367 Schlagwörter (161650 Elemente werden insgesamt angezeigt)
        14 Benutzer
        1 Gruppe
        0 Kommentar
        noch keine Bewertung
------------------------------------



---------------------
# Set some reasonable defaults for PHP.  Most of these cannot be set
# inside the script itself.  For hosts that don't have .htaccess
# support but do support per-dir php.ini files, these settings are
# mirrored in php.ini
#
<IfModule mod_php5.c>
php_flag short_open_tag            On
php_flag magic_quotes_gpc          Off
php_flag magic_quotes_sybase       Off
php_flag magic_quotes_runtime      Off
php_flag register_globals          Off
php_flag session.auto_start        Off
php_flag suhosin.session.encrypt   Off
php_value upload_max_filesize   20M
php_value post_max_size     100M
php_value memory_limit 256M
</IfModule></code>
AcceptPathInfo on
############ disable directory browsing, includes, etc
#
Options +MultiViews -ExecCGI -Includes -Indexes FollowSymLinks
IndexIgnore *
############ Set default character set, turn off server signature, set server admin email, enable MP4 support
#
SetEnv TZ America/New_York
SetEnv SERVER_ADMIN webmaster@yoursite.com
ServerSignature off
AddDefaultCharset UTF-8
DefaultLanguage en-US
AddType audio/mp4 m4a
#
#
#supress php errors
php_flag display_startup_errors off
php_flag display_errors off
php_flag html_errors off
#
#enable PHP error logging
php_flag log_errors on
php_value error_log /logs/PHP_errors.log
#
#prevent access to PHP error log
<Files PHP_errors.log>
Order allow,deny
Deny from all
Satisfy All
</Files>
#
# Disallow script execution
AddHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi
<FilesMatch "^php5?\.(ini|cgi)$">
Order Deny,Allow
Deny from All
Allow from env=REDIRECT_STATUS
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
# Safe Request Methods
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]
RewriteRule .* - [F,NS,L]
# Bogus Graphics Exploit
RewriteCond %{HTTP:Content-Disposition} \.php [NC]
RewriteCond %{HTTP:Content-Type} image/.+ [NC]
RewriteRule .* - [F,NS,L]
# Trackback Spam
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP_USER_AGENT} ^.*(opera|mozilla|firefox|msie|safari).*$ [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.+/trackback/?\ HTTP/ [NC]
RewriteRule .* - [F,NS,L]
</IfModule>
# Increase security by uncommenting this block.  It keeps browsers
# from seeing support files that they shouldn't have access to.  We
# comment this out because Apache2 requires some minor configuration
# in order for you to use it.  You must specify "AllowOverride Limit"
# in your Apache2 config file before you uncomment this block or
# you'll get an "Internal Server Error".
<FilesMatch "(\.(class|fla|gitignore|inc|ini|sql|txt)|(README|LICENSE|.build_number))$">
Order deny,allow
Deny from all
</FilesMatch>
<FilesMatch "robots.txt">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_deflate.c>
# compress the files
AddOutputFilter DEFLATE js css php
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/x-httpd-php
# removes some bugs
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
<IfModule mod_gzip.c>
#
# http://www.schroepl.net/projekte/mod_gzip/config.htm
mod_gzip_on                   Yes
mod_gzip_can_negotiate        Yes
mod_gzip_static_suffix        .gz
AddEncoding              gzip .gz
mod_gzip_update_static        No
mod_gzip_command_version      '/mod_gzip_status'
mod_gzip_keep_workfiles       No
mod_gzip_minimum_file_size    500
mod_gzip_maximum_file_size    500000
mod_gzip_maximum_inmem_size   60000
mod_gzip_min_http             1000
mod_gzip_handle_methods       GET POST
mod_gzip_item_exclude         reqheader  "User-agent: Mozilla/4.0[678]"
mod_gzip_dechunk              Yes
mod_gzip_item_include         file       \.css$
mod_gzip_item_include         file       \.js$
</IfModule>
# Improve performance by uncommenting this block.  It tells the
# browser that your images don't change very often so it won't keep
# asking for them.  If you get an error after uncommenting this, make
# sure you specify "AuthConfig Indexes" in your Apache config file.
#
<IfModule mod_expires.c>
# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# Set up caching on media files for 1 year (forever?)
<FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|m4a)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
</FilesMatch>
# Set up caching on media files for 1 month
<FilesMatch "\.(jpg|jpeg|png|gif|swf)$">
ExpiresDefault A2678400
Header append Cache-Control "public"
</FilesMatch>
# Set up 2 Hour caching on commonly updated files
<FilesMatch "\.(xml|txt|html|js|css)$">
ExpiresDefault A7200
Header append Cache-Control "proxy-revalidate"
</FilesMatch>
# Force no caching for dynamic files
<FilesMatch "\.(php|cgi|pl|htm|html)$">
ExpiresActive Off
Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
</IfModule>
####################### BEGIN Url Rewrite section
#
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
########## Error Documents
#
#ErrorDocument 400 /error400.php
#ErrorDocument 401 /error401.php
#ErrorDocument 403 /error403.php
#ErrorDocument 404 /error404.php
#ErrorDocument 500 /error500.php
#
############################################
########## Site protection logic
#
########## SEF Section
#
#  RewriteCond %{REQUEST_URI} (/|\.htm|\.php|\.html|/[^.]*)$  [NC]
#  RewriteCond %{REQUEST_FILENAME} !-f
#  RewriteCond %{REQUEST_FILENAME} !-d
#  RewriteRule (.*) /error404.php
#
############################################
########## Stop hot linking
#
#  RewriteCond %{HTTP_REFERER} !^$
#  RewriteCond %{HTTP_REFERER} !^http://(*\.)?yoursite.com/.*$ [NC]
#  RewriteRule \.(gif|jpg|png|js|css|flv|swf)$ - [F]
#
############################################
########## Rewrite rules to block out some common exploits
#
# Block out any script trying to set a mosConfig value through the URL
#  RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
#  RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
#  RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
#  RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
#  RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
#  RewriteRule ^(.*)$ index.php [F,L]
#
############################################
########## Block PHP injection attempts
#
RewriteCond %{QUERY_STRING} ^(.*)=http: [NC]
RewriteRule ^(.*)$ - [F,L]
#
############################################
########## Remove Query_String. May conflict with some plugins and logic
#
#  RewriteCond %{THE_REQUEST} ^GET\ /.*\;.*\ HTTP/
#  RewriteCond %{QUERY_STRING} !^$
#  RewriteRule .* http://yoursite.com%{REQUEST_URI}? [R=301,L]
#
############################################
########## From evil bots
# Update this list from http://www.invision-graphics.com/robotstxt_badbots.html
#
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey\ Bait\ &\ Tackle/v1.01 [OR]
RewriteCond %{HTTP_USER_AGENT} ^RepoMonkey [or]
RewriteCond %{HTTP_USER_AGENT} ^Zeus\ 32297\ Webster\ Pro\ V2.9\ Win32\ [or]
RewriteCond %{HTTP_USER_AGENT} ^Webster\ Pro [or]
RewriteCond %{HTTP_USER_AGENT} ^EroCrawler [or]
RewriteCond %{HTTP_USER_AGENT} ^LinkScan/8.1a\ Unix [or]
RewriteCond %{HTTP_USER_AGENT} ^Keyword\ Density/0.9 [or]
RewriteCond %{HTTP_USER_AGENT} ^Kenjin\ Spider [or]
RewriteCond %{HTTP_USER_AGENT} ^Cegbfeieh
RewriteRule ^.* - [F,L]
#
############################################
####################### END Url Rewrite section
</IfModule>
<files .htaccess>
########## Begin - Deny access (firewall)
order allow,deny
deny from all
########## End - Deny access (firewall)
</files>
###################Do not have any whitespace/empty lines after this line#################

 

#3 2015-03-28 01:50:26

piwigoisti
Member
2015-03-04
3

Re: Piwigo and htaccess - FAQ/Sample

Now I have registered :-)

So if I activate this htaccess, I get the error as follows:

------------------------------------
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, xxxxxxxxxxxxxxxxxxxxxxxxxxxxx and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.
------------------------------------

There is unfortunately no error log without HTACCESS.

Regards,

E.

Offline

 

Board footer

Powered by FluxBB

github twitter newsletter Donate Piwigo.org © 2002-2022 · Contact