PDA

View Full Version : Hardcore Security for osCommerce HTACCESS



michael_s
01-01-2012, 07:01 PM
Hardcore Security for osCommerce HTACCESS

If you are familiar with editing .htaccess code then have a look through the example in the htaccess_code.txt.

To use it, copy and paste the entire contents appending to the end of your current .htaccess file in the root catalog shop directory.

If any 500 internal errors occur, try commenting out parts of the code. If all else fails, just be sure to use this addon here ( http://addons.oscommerce.com/info/8283 ) as it does what Hardcore Security for HTACCESS does plus more

If you are using both the ip address banning and email notification and notice that you are receiving dozens of notifications per hour then using the code examples in this htaccess file will help reduce the load on your server considerably.

Finally a warning about htaccess filtering.

This is hardcore request filtering and 'can' prevent legitimate requests from completing in odd circumstances for example where a site is heavily modified with custom code not a part of the osCommerce codeset.

Secondly, Hardcore Security for HTACCESS is about as good as it gets (or at least, it attempts to be...) with htaccess hardening in terms of blocking the usual hack attempts, although like any addon security script, it cannot block them all.

But what it does do is reach the limits of the potential of what can be achieved in blocking hack attempts using directives in htaccess.

Only add this to your root directory's .htaccess file if you are experienced in .htaccess code or else have an expert look at it and implement it on your behalf.

While this method is not as thorough as osC_Sec ( http://addons.oscommerce.com/info/8283 ) in blocking attack attempts, blocking a majority of attacks however before the php is executed is far less server intensive so therefore will at least lighten the load on your webserver if it receives a lot of attention from attackers.

Unlike other .htaccess addons, this one does not ban ip addresses. It does not have to because a blocked attempt is a blocked attempt.

I am leaving this addon open for others to develop as it needs work.

Taipo
[email protected]

More... (http://addons.oscommerce.com/info/8296)