This subject really doesn't have a proper place on this forum so I'm jamming it into here.
One of the most overlooked aspects of security, especially with vBulletin and hosting your on servers, is the .htaccess file.
This only applies for those running an Apache based server.
I am not going to go into details about what it is. For that there are plenty of internet resources.
Suffice to say, if you host your own server, and it is Apache based, then you really should know this file as it controls a lot of security and when set up properly can defeat a great amount of exploitation of poorly coded PHP.
This .htaccess file has been configuted to work with vB5.x running on a secure Apache server.
Note 1: The code block in orange instructs the server to direct ALL non-secure requests to a secure URL. That is to say, all HTTP gets sent to HTTPS.
If you are NOT running a secure server, you must delete that data.
If you are running a secure server, you need to enter your sites address in the blue highlighted sections.
Note 2: The .htaccess file is located in the servers root folder, htdocs, and is a plain text file. vB will create a most basic one when first installed.
Note 3: The data in green is the only vB specific code. All the rest is common to any well defined .htaccess file.
If you have made any modifications to the existing .htaccess file, you will want to transfer them.
Note 4: The data in purple, SetEnvIfNoCase Referer, has URL entries (website addresses) which can access specific files. If the site is not there, the data is blocked. This is for tools such as PHPMyAdmin, local host access, et c. Be sure to set these or it will cause no end of annoyances.
Note 5: Always back up your existing .htaccess file prior to making alterations!
PS Note: Due to the limited amount of text which can be posted in this forum, I am forced to split up the code
One of the most overlooked aspects of security, especially with vBulletin and hosting your on servers, is the .htaccess file.
This only applies for those running an Apache based server.
I am not going to go into details about what it is. For that there are plenty of internet resources.
Suffice to say, if you host your own server, and it is Apache based, then you really should know this file as it controls a lot of security and when set up properly can defeat a great amount of exploitation of poorly coded PHP.
This .htaccess file has been configuted to work with vB5.x running on a secure Apache server.
Note 1: The code block in orange instructs the server to direct ALL non-secure requests to a secure URL. That is to say, all HTTP gets sent to HTTPS.
If you are NOT running a secure server, you must delete that data.
If you are running a secure server, you need to enter your sites address in the blue highlighted sections.
Note 2: The .htaccess file is located in the servers root folder, htdocs, and is a plain text file. vB will create a most basic one when first installed.
Note 3: The data in green is the only vB specific code. All the rest is common to any well defined .htaccess file.
If you have made any modifications to the existing .htaccess file, you will want to transfer them.
Note 4: The data in purple, SetEnvIfNoCase Referer, has URL entries (website addresses) which can access specific files. If the site is not there, the data is blocked. This is for tools such as PHPMyAdmin, local host access, et c. Be sure to set these or it will cause no end of annoyances.
Note 5: Always back up your existing .htaccess file prior to making alterations!
PS Note: Due to the limited amount of text which can be posted in this forum, I am forced to split up the code
Comment