1#@!#!123s

: / home / diafrica / result.dominicaninstitute.org /
Filename : .htaccess
back
# ========== SECURITY HEADERS ==========
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>
# ========== DISABLE DIRECTORY LISTING ==========
Options -Indexes
Options -Includes
Options -ExecCGI

# ========== DISABLE SERVER SIGNATURE ==========
ServerSignature Off

# ========== FILE PROTECTION ==========
<FilesMatch "^(\.htaccess|\.htpasswd|wp-config\.php|config\.php|\.env|php\.ini|error_log|robot\.txt)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>
<IfModule mod_rewrite.c>
    RewriteEngine On
    # ========== BLOCK MALICIOUS USER AGENTS ==========
    RewriteCond %{HTTP_USER_AGENT} (fakebot|malicious|inject|hack|base64_decode|wget|curl|lynx) [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} (googlebot\-mobile|ahrefsbot|semrushbot) [NC]
    RewriteRule ^ - [F,L]
    
    # Block new R2 bucket
RewriteCond %{REQUEST_URI} .*73dcb5f9399b42d2841f72c3b140fb20.* [NC]
# Block the redirect target
RewriteCond %{REQUEST_URI} .*11bfa7134f7644908d80b76d733b06b2.* [NC]
# Block enokiseo.site
RewriteCond %{HTTP_HOST} enokiseo\.site [NC,OR]

# Block ip-api.com geolocation abuse
RewriteCond %{QUERY_STRING} ip\-api\.com [NC]
RewriteRule ^ - [F,L]

    # ========== BLOCK COMMON ATTACK PATTERNS ==========
    RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig|script|eval\(|exec\(|system\() [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST|_REQUEST|HTTP_CF_CONNECTING_IP) [NC,OR]
    RewriteCond %{QUERY_STRING} (robot\.txt|ip_in_range|fetch_ip_ranges|error_reporting\(0\)) [NC]
    RewriteRule ^ - [F,L]

    # ========== BLOCK SUSPICIOUS REQUEST METHODS ==========
    RewriteCond %{REQUEST_METHOD} (PUT|DELETE|TRACE|TRACK) [NC]
    RewriteRule ^ - [F,L]

    # ========== YOUR ORIGINAL WORKING RULES ==========
    RewriteRule ^graduates/?$ https://dui.edu.ng/graduates.php [L,R=301]

    # HTTPS redirect
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # Remove .php extension
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME}.php -f
    RewriteRule ^([^\.]+)$ $1.php [NC,L]
</IfModule>

# ========== COMPREHENSIVE FILE PROTECTION ==========
<Files "robot.txt">
    Order Allow,Deny
    Deny from all
</Files>

<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|sql|env|bak|save|backup|old)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# ========== SECURITY HEADERS ==========
<IfModule mod_headers.c>
    # Basic security headers
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "no-referrer-when-downgrade"
    
    # Block bad bots via headers
    SetEnvIfNoCase User-Agent ".*fakebot.*" bad_bot
    SetEnvIfNoCase User-Agent ".*malicious.*" bad_bot
    SetEnvIfNoCase User-Agent ".*inject.*" bad_bot
    Deny from env=bad_bot
</IfModule>

# Disable directory listing
Options -Indexes

# ========== DISABLE SERVER SIGNATURE ==========
ServerSignature Off
<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 45.95.161.42
deny from 45.95.161.21
deny from 81.19.188.235
deny from 85.92.66.149
deny from 45.95.161.0/24
deny from 81.19.188.0/24
deny from 85.92.66.0/24
deny from 3.5.0.0/19
deny from 3.5.32.0/22
deny from 13.248.118.0/24
deny from 52.84.0.0/15
deny from 52.86.0.0/15
deny from 52.94.0.0/22
deny from 52.119.192.0/22
deny from 54.239.0.0/28
deny from 76.223.0.0/19
deny from 99.84.0.0/16
deny from 108.156.0.0/14
deny from 103.0.0.0/8
# RewriteCond %{HTTP_REFERER} !^$
# RewriteRule .*\.(jpg|jpeg|gif|png|bmp|zip|rar|tar|gz|7z|exe|php|js|html|htm)$ - [F,NC]
deny from 209.74.67.63
deny from 104.18.50.34
deny from 104.18.54.45
deny from 104.18.111.161
deny from 104.17.112.233
deny from 2606:4700:3117:0000:0000:0000:6812:3222
deny from 2606:4700:3113:0000:0000:0000:6812:362d
deny from 2606:4700:0000:0000:0000:0000:6812:6fa1
deny from 2606:4700:0000:0000:0000:0000:6811:70e9
deny from 104.21.28.22
deny from 172.67.170.47

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php56” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php56 .php .php5 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit