DEFENDER: Prevent PHP execution not working

Hi Support
We try to execute from Defender the

Prevent PHP execution

But it is not working it is always falling back to the same request again!

Kind regards
Andi

  • Andi

    Hi Kevin
    It is missing in all networks (4) but one is showing correct results.
    As it is missing in all should show correct results.
    The only settings done are actually the ones done by WPMUDEV plugins
    Reinstalling brings same files same results - how wonder as they got updated by wpmudev so I would suggest you need to check on the wpmudev site why they don't include the index.php file :wink:

    There gets nothing deleted here!

    Kind regards
    Andi

  • Andi
    ## WP Defender - Protect PHP Executed ##
    <Files *.php>
    Order allow,deny
    Deny from all
    </Files>
    ## WP Defender - End ##

    The files are there in all 4 multisites

    in root is .htccess as follow

    ## BEGIN All In One WP Security
    ## AIOWPS_BLOCK_WP_FILE_ACCESS_START
    <Files license.txt>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    <Files wp-config-sample.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    <Files readme.html>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_BLOCK_WP_FILE_ACCESS_END
    #AIOWPS_BASIC_HTACCESS_RULES_START
    <Files .htaccess>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    ServerSignature Off
    LimitRequestBody 10240000
    <Files wp-config.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_BASIC_HTACCESS_RULES_END
    #AIOWPS_PINGBACK_HTACCESS_RULES_START
    <Files xmlrpc.php>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_PINGBACK_HTACCESS_RULES_END
    #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_START
    <Files debug.log>
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>
    #AIOWPS_DEBUG_LOG_BLOCK_HTACCESS_RULES_END
    #AIOWPS_DISABLE_INDEX_VIEWS_START
    Options -Indexes
    #AIOWPS_DISABLE_INDEX_VIEWS_END
    #AIOWPS_DISABLE_TRACE_TRACK_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    </IfModule>
    #AIOWPS_DISABLE_TRACE_TRACK_END
    #AIOWPS_FORBID_PROXY_COMMENTS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} ^POST
    RewriteCond %{HTTP:VIA} !^$ [OR]
    RewriteCond %{HTTP:FORWARDED} !^$ [OR]
    RewriteCond %{HTTP:USERAGENT_VIA} !^$ [OR]
    RewriteCond %{HTTP:X_FORWARDED_FOR} !^$ [OR]
    RewriteCond %{HTTP:X_FORWARDED_HOST} !^$ [OR]
    RewriteCond %{HTTP:PROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:XPROXY_CONNECTION} !^$ [OR]
    RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
    RewriteCond %{HTTP:HTTP_CLIENT_IP} !^$
    RewriteRule wp-comments-post\.php - [F]
    </IfModule>
    #AIOWPS_FORBID_PROXY_COMMENTS_END
    #AIOWPS_DENY_BAD_QUERY_STRINGS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} ftp: [NC,OR]
    RewriteCond %{QUERY_STRING} http: [NC,OR]
    RewriteCond %{QUERY_STRING} https: [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(request|insert|union|declare|drop) [NC]
    RewriteRule ^(.*)$ - [F,L]
    </IfModule>
    #AIOWPS_DENY_BAD_QUERY_STRINGS_END
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_START
    <IfModule mod_alias.c>
    RedirectMatch 403 \,
    RedirectMatch 403 \:
    RedirectMatch 403 \;
    RedirectMatch 403 \=
    RedirectMatch 403 \[
    RedirectMatch 403 \]
    RedirectMatch 403 \^
    RedirectMatch 403 \`
    RedirectMatch 403 \{
    RedirectMatch 403 \}
    RedirectMatch 403 \~
    RedirectMatch 403 \"
    RedirectMatch 403 \$
    RedirectMatch 403 \<
    RedirectMatch 403 \>
    RedirectMatch 403 \|
    RedirectMatch 403 \.\.
    RedirectMatch 403 \%0
    RedirectMatch 403 \%A
    RedirectMatch 403 \%B
    RedirectMatch 403 \%C
    RedirectMatch 403 \%D
    RedirectMatch 403 \%E
    RedirectMatch 403 \%F
    RedirectMatch 403 \%22
    RedirectMatch 403 \%27
    RedirectMatch 403 \%28
    RedirectMatch 403 \%29
    RedirectMatch 403 \%3C
    RedirectMatch 403 \%3E
    RedirectMatch 403 \%3F
    RedirectMatch 403 \%5B
    RedirectMatch 403 \%5C
    RedirectMatch 403 \%5D
    RedirectMatch 403 \%7B
    RedirectMatch 403 \%7C
    RedirectMatch 403 \%7D
    # COMMON PATTERNS
    Redirectmatch 403 \_vpi
    RedirectMatch 403 \.inc
    Redirectmatch 403 xAou6
    Redirectmatch 403 db\_name
    Redirectmatch 403 select\(
    Redirectmatch 403 convert\(
    Redirectmatch 403 \/query\/
    RedirectMatch 403 ImpEvData
    Redirectmatch 403 \.XMLHTTP
    Redirectmatch 403 proxydeny
    RedirectMatch 403 function\.
    Redirectmatch 403 remoteFile
    Redirectmatch 403 servername
    Redirectmatch 403 \&rptmode\=
    Redirectmatch 403 sys\_cpanel
    RedirectMatch 403 db\_connect
    RedirectMatch 403 doeditconfig
    RedirectMatch 403 check\_proxy
    Redirectmatch 403 system\_user
    Redirectmatch 403 \/\(null\)\/
    Redirectmatch 403 clientrequest
    Redirectmatch 403 option\_value
    RedirectMatch 403 ref\.outcontrol
    # SPECIFIC EXPLOITS
    RedirectMatch 403 errors\.
    RedirectMatch 403 config\.
    RedirectMatch 403 include\.
    RedirectMatch 403 display\.
    RedirectMatch 403 register\.
    Redirectmatch 403 password\.
    RedirectMatch 403 maincore\.
    RedirectMatch 403 authorize\.
    Redirectmatch 403 macromates\.
    RedirectMatch 403 head\_auth\.
    RedirectMatch 403 submit\_links\.
    RedirectMatch 403 change\_action\.
    Redirectmatch 403 com\_facileforms\/
    RedirectMatch 403 admin\_db\_utilities\.
    RedirectMatch 403 admin\.webring\.docs\.
    Redirectmatch 403 Table\/Latest\/index\.
    </IfModule>
    #AIOWPS_ADVANCED_CHAR_STRING_FILTER_END
    #AIOWPS_SIX_G_BLACKLIST_START
    # 6G FIREWALL/BLACKLIST
    # @ https://perishablepress.com/6g/
    # 6G:[QUERY STRINGS]
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
    RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
    RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
    RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
    RewriteCond %{QUERY_STRING} ('|\")(.*)(drop|insert|md5|select|union) [NC]
    RewriteRule .* - [F]
    </IfModule>
    # 6G:[REQUEST METHOD]
    <IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
    RewriteRule .* - [F]
    </IfModule>
    # 6G:[REFERRERS]
    <IfModule mod_rewrite.c>
    RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
    RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
    RewriteRule .* - [F]
    </IfModule>
    # 6G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (?i)([a-z0-9]{2000,})
    RedirectMatch 403 (?i)(https?|ftp|php):/
    RedirectMatch 403 (?i)(base64_encode)(.*)(\()
    RedirectMatch 403 (?i)(=\'|=\%27|/\'/?)\.
    RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&?)/?$
    RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\"\\")
    RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\|\s|\{|\}|\[|\]|\|)
    RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|etc/passwd|muieblack)
    RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
    RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
    RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
    </IfModule>
    # 6G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
    SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot
    # Apache < 2.3
    <IfModule !mod_authz_core.c>
    Order Allow,Deny
    Allow from all
    Deny from env=bad_bot
    </IfModule>
    # Apache >= 2.3
    <IfModule mod_authz_core.c>
    <RequireAll>
    Require all Granted
    Require not env bad_bot
    </RequireAll>
    </IfModule>
    </IfModule>
    ###===============================
    ### AIOWPS_SIX_G_BLACKLIST_END ###
    ###===============================
    ##################################
    ### AIOWPS_FIVE_G_BLACKLIST_START
    ### 5G BLACKLIST/FIREWALL (2013)
    ### @ http://perishablepress.com/5g-blacklist-2013/
    ### 5G:[QUERY STRINGS]
    ##################################
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\\|\.\./|`|='$|=%27$) [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
    RewriteRule .* - [F]
    </IfModule>
    ### 5G:[USER AGENTS]
    <IfModule mod_setenvif.c>
    #SetEnvIfNoCase User-Agent ^$ keep_out
    SetEnvIfNoCase User-Agent (binlar|casper|cmsworldmap|comodo|diavol|dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|nutch|planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspider|zmeu) keep_out
    <limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    Deny from env=keep_out
    </limit>
    </IfModule>
    ### 5G:[REQUEST STRINGS]
    <IfModule mod_alias.c>
    RedirectMatch 403 (https?|ftp|php)\://
    RedirectMatch 403 /(https?|ima|ucp)/
    RedirectMatch 403 /(Permanent|Better)$
    RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
    RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
    RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
    RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
    RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
    RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
    RedirectMatch 403 \.well\-known/host\-meta
    RedirectMatch 403 /function\.array\-rand
    RedirectMatch 403 \)\;\$\(this\)\.html\(
    RedirectMatch 403 proc/self/environ
    RedirectMatch 403 msnbot\.htm\)\.\_
    RedirectMatch 403 /ref\.outcontrol
    RedirectMatch 403 com\_cropimage
    RedirectMatch 403 indonesia\.htm
    RedirectMatch 403 \{\$itemURL\}
    RedirectMatch 403 function\(\)
    RedirectMatch 403 labels\.rdf
    RedirectMatch 403 /playing.php
    RedirectMatch 403 muieblackcat
    </IfModule>
    ### 5G:[REQUEST METHOD]
    <ifModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
    </IfModule>
    #### AIOWPS_FIVE_G_BLACKLIST_END
    ### AIOWPS_BLOCK_SPAMBOTS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
    RewriteCond %{HTTP_REFERER} !^http(s)?://phuket\.click [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule .* http://127.0.0.1 [L]
    </IfModule>
    ### AIOWPS_BLOCK_SPAMBOTS_END
    ### AIOWPS_PREVENT_IMAGE_HOTLINKS_START
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP_REFERER} !^$
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g?|png)$ [NC]
    RewriteCond %{HTTP_REFERER} !^http(s)?://phuket\.click [NC]
    RewriteRule \.(gif|jpe?g?|png)$ - [F,NC,L]
    </IfModule>
    ###======================================
    ### AIOWPS_PREVENT_IMAGE_HOTLINKS_END ###
    ###======================================
    ###===============================
    ### END All In One WP Security ###
    ###===============================
    ###=========================
    ### PREVENT CLICKJACKING ###
    ###=========================
    #<ifModule mod_headers.c>
    #Header always append X-Frame-Options SAMEORIGIN
    #</ifModule>
    ###=====================
    ### END CLICKJACKING ###
    ###=====================
    ### Don't allow access to wp-config/allow access from specific IP
    <files wp-config.php>
    order allow,deny
    #order deny,allow
    ### allow access from my IP address - deactivate the first and last line
    #allow from 192.168.5.1
    deny from all
    </files>
    <Files wp-login.php>
    order deny,allow
    Deny from all
    ### allow access from my IP address
    #allow from 192.168.5.1
    </Files>
    <Files .htaccess>
    order allow,deny
    deny from all
    </Files>
    ### In the example below, you are telling search engines not to index
    ### anything inside folders that begin with the prefix /wp-
    ### Disallow: /wp-*
    ###===================
    ### END TOP ENTIES ###
    ###===================
    #########################################
    ### LisAndi 2016/6 WORDPRESS Settings ###
    ###--------------------------------------
    ### LisAndi Settings - START ###
    ###--------------------------------------
    ### http://www.askapache.com/htaccess/htaccess.html
    #########################################
    ### Don't use Mod_Pagespeed if active ###
    #########################################
    <IfModule mod_pagespeed.c>
    ModPagespeed unplugged
    </IfModule>
    #######################
    ### SPECIFY CHARSET ###
    #######################
    AddCharset UTF-8 .html
    AddDefaultCharset utf-8
    <IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .manifest .rdf .rss .vtt .webapp .webmanifest .xml
    </IfModule>
    ################
    ### DEFAULTS ###
    ################
    ### DefaultType: the default MIME type the server will use for a document. (deprecated and therefore deactivated)
    #DefaultType text/html
    ### Optionally add a line containing the server version and virtual host
    ### name to server-generated pages (internal error documents, FTP directory
    ### listings, mod_status and mod_info output etc., but not CGI generated
    ### documents or custom error documents).
    ### Set to "EMail" to also include a mailto: link to the ServerAdmin.
    ### Set to one of: On | Off | EMail
    ServerSignature Off
    ##################
    ### MIME TYPES ###
    ##################
    ### AddType allows you to add to or override the MIME configuration
    ### Make sure .htc files are served with the proper MIME type, which is critical
    ### for XP SP2. Un-comment if your host allows htaccess MIME type overrides.
    ### Proper MIME types for all files
    <IfModule mod_mime.c>
    # Data interchange
    AddType application/atom+xml atom
    AddType application/json json map topojson
    AddType application/ld+json jsonld
    AddType application/rdf+xml rdf
    AddType application/rss+xml rss
    AddType application/vnd.geo+json geojson
    AddType application/xml rdf xml
    AddType application/xhtml+xml xhtml xhtml.gz
    # JavaScript/css
    AddType application/javascript js
    AddType text/css css
    AddType text/javascript js
    # Manifest files
    AddType application/manifest+json webmanifest
    AddType application/x-web-app-manifest+json webapp
    AddType text/cache-manifest appcache
    # Media files
    AddType audio/mp4 f4a f4b m4a
    AddType audio/ogg oga ogg opus
    AddType image/bmp bmp
    AddType image/svg+xml svg svgz
    AddType image/webp webp
    AddType image/x-icon cur ico
    AddType video/mp4 f4v f4p m4v mp4
    AddType video/ogg ogv
    AddType video/webm webm
    AddType video/x-flv flv
    # Web fonts
    AddType application/font-woff woff
    AddType application/font-woff2 woff2
    AddType application/vnd.ms-fontobject eot
    AddType application/x-font-ttf ttc ttf
    AddType font/opentype otf
    # Other
    AddType application/octet-stream safariextz rar chm bz2 tgz msi pdf exe
    AddType application/x-bb-appworld bbaw
    AddType application/x-chrome-extension crx
    AddType application/x-opera-extension oex
    AddType application/x-xpinstall xpi
    AddType application/vnd.ms-excel csv
    AddType application/x-httpd-php-source phps
    AddType application/x-pilot prc pdb
    AddType application/x-shockwave-flash swf
    AddType application/xrds+xml xrdf
    AddType text/vcard vcard vcf
    AddType text/vnd.rim.location.xloc xloc
    AddType text/vtt vtt
    AddType text/x-component htc
    AddType text/html html
    AddType text/html html.gz
    AddType text/plain ini sh bsh bash awk nawk gawk csh var c in h asc md5 sha sha1
    </IfModule>
    ###################
    ### Apache/PHP: ###
    ###################
    ### Follow symbolic links in this directory.
    #Options +FollowSymLinksIfOwnerMatch
    ### Set the default handler.
    DirectoryIndex index.php index.html index.htm
    ###################
    ### COMPRESSION ###
    ###################
    ### Begin: Compression via TYPO3 ###
    ### Compressing resource files will save bandwidth and so improve loading speed
    ### especially for users with slower internet connections. TYPO3 can compress the .js
    ### and .css files for you.
    ### *) Uncomment the following lines and
    ### *) Set $TYPO3_CONF_VARS['BE']['compressionLevel'] = '9' for the Backend
    ### *) Set $TYPO3_CONF_VARS['FE']['compressionLevel'] = '9' together with the
    ### TypoScript properties - config.compressJs and config.compressCss for GZIP
    ### compression of Frontend JS and CSS files.
    ### In Drupal activate the compression in core OR module - advagg
    #################################
    ### GENERAL COMPRESSION RULES ###
    #################################
    <FilesMatch "\.js\.gzip$">
    AddType "text/javascript" .gzip
    </FilesMatch>
    <FilesMatch "\.css\.gzip$">
    AddType "text/css" .gzip
    </FilesMatch>
    <FilesMatch "\.woff\.gzip$">
    AddType "text/woff" .gzip
    </FilesMatch>
    <FilesMatch "\.ttf\.gzip$">
    AddType "text/ttf" .gzip
    </FilesMatch>
    ### AddEncoding allows you to have certain browsers uncompress information on the fly. Note: Not all browsers support this.
    AddEncoding gzip .gzip
    AddEncoding x-compress .Z
    AddEncoding x-gzip .gz .tgz
    ### SET Compressed Content
    <FilesMatch "\.gz\.(js|css|woff|ttf)">
    <IfModule mod_headers.c>
    Header set Content-Encoding gzip
    </IfModule>
    </FilesMatch>
    ###==================================
    ### GENERAL COMPRESSION RULES END ###
    ###==================================
    ###############
    ### DEFLATE ###
    ###############
    <IfModule mod_deflate.c>
    <FilesMatch "\\.(html|css|js|xml|php|txt|woff|ttf)$">
    SetOutputFilter DEFLATE
    </FilesMatch>
    ### The following line is enough for .js and .css
    AddOutputFilter DEFLATE js css
    ### The following line also enables compression by file content type,
    ### for the following list of Content-Type:s
    AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript
    ### The following directives stop screen flicker in IE on CSS rollovers. If
    ### needed, un-comment the following rules. When they're in place, you may have
    ### to do a force-refresh in order to see changes in your designs.
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    ### Force compression for mangled
    Accept-Encoding request headers
    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
    SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
    RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
    </IfModule>
    </IfModule>
    ### Compress all output labeled with one of the following media types
    <IfModule mod_filter.c>
    AddOutputFilterByType DEFLATE application/atom+xml \
    application/javascript \
    application/json \
    application/ld+json \
    application/manifest+json \
    application/rdf+xml \
    application/rss+xml \
    application/schema+json \
    application/vnd.geo+json \
    application/vnd.ms-fontobject \
    application/x-font-ttf \
    application/x-javascript \
    application/x-web-app-manifest+json \
    application/xhtml+xml \
    application/xml \
    font/eot \
    font/opentype \
    image/bmp \
    image/svg+xml \
    image/vnd.microsoft.icon \
    image/x-icon \
    text/cache-manifest \
    text/css \
    text/html \
    text/javascript \
    text/plain \
    text/vcard \
    text/vnd.rim.location.xloc \
    text/vtt \
    text/x-component \
    text/x-cross-domain-policy \
    text/xml
    </IfModule>
    <IfModule mod_mime.c>
    AddEncoding gzip svgz
    </IfModule>
    </IfModule>
    ###================
    ### DEFLATE END ###
    ###================
    ###====================
    ### COMPRESSION END ###
    ###====================
    #############################
    ### VARY: ACCEPT-ENCODING ###
    #############################
    <IfModule mod_headers.c>
    <FilesMatch "\.(js|css|woff|ttf|xml|gz)$">
    Header append Vary: Accept-Encoding
    Header append Vary User-Agent env=!dont-vary
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
    Header set Connection keep-alive
    </FilesMatch>
    </IfModule>
    ### The following directives stop screen flicker in IE on CSS rollovers. If
    ### needed, un-comment the following rules. When they're in place, you may have
    ### to do a force-refresh in order to see changes in your designs.
    BrowserMatch "MSIE" brokenvary=1
    BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1
    BrowserMatch "Opera" !brokenvary
    SetEnvIf brokenvary 1 force-no-vary
    ###==============================
    ### VARY: ACCEPT-ENCODING END ###
    ###==============================
    ####################
    ### CROSS ORIGIN ###
    ####################
    # Send the CORS header for images when browsers request it.
    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
    <FilesMatch "\.(bmp|cur|gif|ico|jpe?g|png|svgz?|webp)$">
    SetEnvIf Origin ":" IS_CORS
    Header set Access-Control-Allow-Origin "*" env=IS_CORS
    </FilesMatch>
    </IfModule>
    </IfModule>
    # Allow cross-origin access to web fonts.
    <IfModule mod_headers.c>
    <FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">
    Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
    </IfModule>
    ###=====================
    ### CROSS ORIGIN END ###
    ###=====================
    #############
    ### E-TAG ###
    #############
    ### ETag removal
    <IfModule mod_headers.c>
    Header unset ETag
    </IfModule>
    FileETag None
    ### FileETag MTime Size
    <FilesMatch "(?i)^.*\.(flv|gif|jpg|jpeg|png|swf|css|js|ico)$">
    Header unset Last-Modified
    Header set Cache-Control "public, no-transform"
    </FilesMatch>
    ###==============
    ### E-TAG END ###
    ###==============
    #############################
    ### CACHE CONTROL HEADERS ###
    #############################
    ### 480 weeks
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
    Header unset Last-Modified
    Header set Cache-Control "max-age=290304000, public, no-transform"
    </FilesMatch>
    ### 2 DAYS
    <FilesMatch "\.(xml|txt)$">
    Header set Cache-Control "max-age=172800, public, must-revalidate"
    </FilesMatch>
    ### 2 HOURS
    <FilesMatch "\.(html|htm|xml)$">
    Header set Cache-Control "max-age=7200"
    </FilesMatch>
    <FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$">
    Header unset Cache-Control
    </FilesMatch>
    ###==============================
    ### CACHE CONTROL HEADERS END ###
    ###==============================
    ###############
    ### CACHING ###
    ###############
    ### Requires mod_expires to be enabled.
    <IfModule mod_expires.c>
    ### Enable expirations
    ExpiresActive On
    ### Cache all files for 2 weeks after access (A).
    #ExpiresDefault A1209600
    ExpiresByType application/atom+xml "access plus 1 hour"
    ExpiresByType application/x-font-ttf "access plus 1 month"
    ExpiresByType application/font-woff "access plus 1 month"
    ExpiresByType application/x-font-woff "access plus 1 month"
    ExpiresByType application/font-woff2 "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType application/json "access plus 0 seconds"
    ExpiresByType application/ld+json "access plus 0 seconds"
    ExpiresByType application/manifest+json "access plus 1 week"
    ExpiresByType application/pdf "access plus 1 year"
    ExpiresByType application/rdf+xml "access plus 1 hour"
    ExpiresByType application/rss+xml "access plus 1 hour"
    ExpiresByType application/schema+json "access plus 0 seconds"
    ExpiresByType application/x-shockwave-flash "access plus 1 year"
    ExpiresByType application/shockwave-flash "access plus 1 year"
    ExpiresByType application/vnd.geo+json "access plus 0 seconds"
    ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
    ExpiresByType application/xml "access plus 0 seconds"
    ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
    ExpiresByType audio/ogg "access plus 1 month"
    ExpiresByType font/eot "access plus 1 month"
    ExpiresByType font/opentype "access plus 1 month"
    ExpiresByType font/woff "access plus 1 month"
    ExpiresByType image/bmp "access plus 1 year"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType text/cache-manifest "access plus 0 seconds"
    ExpiresByType text/css "access plus 1 year"
    ExpiresByType text/html "access plus 1 days"
    ExpiresByType text/javascript "access plus 1 year"
    ExpiresByType text/js "access plus 1 second"
    ExpiresByType text/php "access plus 1 second"
    ExpiresByType text/x-component "access plus 1 month"
    ExpiresByType text/x-cross-domain-policy "access plus 1 week"
    ExpiresByType text/x-javascript "access plus 1 month"
    ExpiresByType text/xml "access plus 0 seconds"
    ExpiresByType video/mp4 "access plus 1 month"
    ExpiresByType video/ogg "access plus 1 month"
    ExpiresByType video/webm "access plus 1 month"
    ExpiresDefault "access plus 1 month"
    <FilesMatch "\.(pl|php$|cgi|spl|scgi|fcgi)$">
    ### Do not allow PHP scripts to be cached unless they explicitly send cache
    ### headers themselves. Otherwise all scripts would have to overwrite the
    ### headers set by mod_expires if they want another caching behavior. This may
    ### fail if an error occurs early in the bootstrap process, and it may cause
    ### problems if a non-Drupal PHP file is installed in a subdirectory.
    ExpiresActive Off
    </FilesMatch>
    ### It will allow you not only to pass the Googleicon PageSpeed Leverage browser
    ### caching test, but most importantly to speed up your website access time.
    <FilesMatch "\.(gif¦jpe?g¦png¦ico¦css¦js¦swf)$">
    Header set Cache-Control "public"
    </FilesMatch>
    ### Hummingbird
    <FilesMatch "\.(txt|xml|js)$">
    ExpiresDefault A691200
    </FilesMatch>
    <FilesMatch "\.(css)$">
    ExpiresDefault A691200
    </FilesMatch>
    <FilesMatch "\.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$">
    ExpiresDefault A691200
    </FilesMatch>
    <FilesMatch "\.(jpg|jpeg|png|gif|swf|webp)$">
    ExpiresDefault A691200
    </FilesMatch>
    </IfModule>
    <IfModule mod_headers.c>
    ### 604800 Seconds = 7 days
    <FilesMatch "\.(css|txt|xml|js|flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg|jpg|jpeg|png|gif|swf|webp)$">
    Header set Cache-Control "max-age=604800"
    </FilesMatch>
    ### Force IE to render pages in the highest available mode
    Header set X-UA-Compatible "IE=edge"
    <FilesMatch "\.(appcache|crx|css|eot|gif|htc|ico|jpe?g|js|m4a|m4v|manifest|mp4|oex|oga|ogg|ogv|otf|pdf|png|safariextz|svgz?|ttf|vcf|webapp|webm|webp|woff2?|xml|xpi)$">
    Header unset X-UA-Compatible
    </FilesMatch>
    # Reducing MIME type security risks
    Header set X-Content-Type-Options "nosniff"
    </IfModule>
    #Header set Cache-Control 'private, no-cache, no-store, proxy-revalidate, no-transform'
    #Header set Pragma 'no-cache'
    ###================
    ### CACHING END ###
    ###================
    ##############
    ### ACCESS ###
    ##############
    # Access block for files
    <FilesMatch "(?i:^\.|^#.*#|^(?:ChangeLog|ToDo|Readme|License)(?:\.md|\.txt)?|^composer\.(?:json|lock)|^ext_conf_template\.txt|^ext_typoscript_constants\.txt|^ext_typoscript_setup\.txt|flexform[^.]*\.xml|locallang[^.]*\.(?:xml|xlf)|\.(?:bak|co?nf|cfg|ya?ml|ts|dist|fla|in[ci]|log|sh|sql(?:\..*)?|sw[op]|git.*)|.*(?:~|rc))$">
    ### Apache < 2.3
    <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
    Satisfy All
    </IfModule>
    ### Apache ? 2.3
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    </FilesMatch>
    ### Block access to vcs directories
    <IfModule mod_alias.c>
    RedirectMatch 404 /\.(?:git|svn|hg)/
    </IfModule>
    ###===============
    ### ACCESS END ###
    ###===============
    ################
    ### SECURITY ###
    ################
    ### BASIC PASSWORD PROTECTION
    #AuthType basic
    #AuthName "prompt"
    #AuthUserFile /.htpasswd
    #AuthGroupFile /dev/null
    #Require valid-user
    ### Protect files and directories from prying eyes.
    <FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(|~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
    #Order allow,deny
    Require all granted
    </FilesMatch>
    ### PROTECT FILES
    <FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
    #Order Allow,Deny
    #Deny from all
    Require all denied
    </FilesMatch>
    ### PREVENT HOTLINKING
    SetEnvIfNoCase Referer "^http://phuket.click/" good
    SetEnvIfNoCase Referer "^$" good
    <FilesMatch "\.(png|jpg|jpeg|gif|bmp|swf|flv)$">
    #Order Deny,Allow
    #Deny from all
    Require all granted
    #Allow from env=good
    ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif
    ErrorDocument 403 /images/you_bad_hotlinker.gif
    </FilesMatch>
    ### LIMIT UPLOAD FILE SIZE TO PROTECT AGAINST DOS ATTACK
    ### bytes, 0-2147483647(2GB)
    LimitRequestBody 10240000
    ### Don't show directory listings for URLs which map to a directory.
    Options -Indexes
    ###=================
    ### SECURITY END ###
    ###=================
    ###################
    ### ERROR PAGES ###
    ###################
    ErrorDocument 404 /index.php
    ###====================
    ### ERROR PAGES END ###
    ###====================
    #############
    ### OTHER ###
    #############
    # 404 error prevention for non-existing redirected folders
    Options -MultiViews
    # Make sure that directory listings are disabled.
    <IfModule mod_autoindex.c>
    Options -Indexes
    </IfModule>
    ###==============
    ### OTHER END ###
    ###==============
    ###############
    ### REWRITE ###
    ###############
    # Various rewrite rules.
    <IfModule mod_rewrite.c>
    RewriteEngine on
    ### Set proper content type and encoding for gzipped html.
    <Files *.html.gz>
    ForceType text/html
    <IfModule mod_headers.c>
    Header set Content-Encoding gzip
    </IfModule>
    </Files>
    #################
    ### WORDPRESS ###
    #################
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    ####################
    ### WP MULTISITE ###
    ####################
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    ### FOLDER ###
    ### add a trailing slash to /wp-admin (FOLDER)
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]
    ### SUBDOMAIN ###
    ### add a trailing slash to /wp-admin (SUBDOMAIN)
    #RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
    #RewriteCond %{REQUEST_FILENAME} -f [OR]
    #RewriteCond %{REQUEST_FILENAME} -d
    #RewriteRule ^ - [L]
    #RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
    #RewriteRule ^(.*\.php)$ $1 [L]
    #RewriteRule . index.php [L]
    ###==================
    ### WORDPRESS END ###
    ###==================
    ###############
    ### GENERAL ###
    ###############
    ### Block access to "hidden" directories whose names begin with a period. This
    ### includes directories used by version control systems such as Subversion or
    ### Git to store control files. Files whose names begin with a period, as well
    ### as the control files used by CVS, are protected by the FilesMatch directive
    ### above.
    ### NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
    ### not possible to block access to entire directories from .htaccess, because
    ### <DirectoryMatch> is not allowed here.
    ### If you do not have mod_rewrite installed, you should remove these
    ### directories from your webroot or otherwise protect them from being
    ### downloaded.
    RewriteCond %{REQUEST_URI} !(\.well-known) [NC]
    RewriteRule "(^|/)\." - [F]
    ### If your site can be accessed both with and without the 'www.' prefix, you
    ### can use one of the following settings to redirect users to your preferred
    ### URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
    ### To redirect all users to access the site WITH the 'www.' prefix,
    ### (http://example.com/... will be redirected to http://www.example.com/...)
    ### uncomment the following:
    RewriteCond %{HTTP_HOST} .
    #RewriteCond %{HTTP_HOST} !^www\. [NC]
    #RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    ### To redirect all users to access the site WITHOUT the 'www.' prefix,
    ### (http://www.example.com/... will be redirected to http://example.com/...)
    ### uncomment the following:
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
    ### If the file/symlink/directory does not exist => Redirect to index.php.
    ### Pass all requests not referring directly to files in the filesystem to
    ### index.php. Clean URLs are handled in drupal_environment_initialize().
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteCond %{REQUEST_URI} !=/favicon.ico
    RewriteRule ^ index.php [L]
    ### Rules to correctly serve gzip compressed CSS and JS files.
    ### Requires both mod_rewrite and mod_headers to be enabled.
    <IfModule mod_headers.c>
    ### Serve gzip compressed CSS files if they exist and the client accepts gzip.
    RewriteCond %{HTTP:Accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME}\.gz -s
    RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
    ### Serve gzip compressed JS files if they exist and the client accepts gzip.
    RewriteCond %{HTTP:Accept-encoding} gzip
    RewriteCond %{REQUEST_FILENAME}\.gz -s
    RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
    ### Serve correct content types, and prevent mod_deflate double gzip.
    RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
    RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
    <FilesMatch "(\.js\.gz|\.css\.gz)$">
    ### Serve correct encoding type.
    Header set Content-Encoding gzip
    ### Force proxies to cache gzipped & non-gzipped css/js files separately.
    Header append Vary Accept-Encoding
    </FilesMatch>
    </IfModule>
    ###========================
    ### GENERAL REWRITE END ###
    ###========================
    </IfModule>
    ###================
    ### REWRITE END ###
    ###================
    ################
    ### SPAM BOT ###
    ################
    <Files *>
    order deny,allow
    deny from 62.219.0.0/16
    ### If you find that you need to poke a hole in the blocklist, for legitimate
    ### visitors, follow this
    ### example: allow from 123.456.789.0
    ### Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from"
    ### items, just before the
    ### closing Files tag.
    ### Everything not included within these deny from ranges is PERMITTED by the
    ### allow portion of the
    ### directive.
    </Files>
    ### Begin - Rewrite rules to block out some common exploits
    ### If you experience problems on your site block out the operations listed below
    ### This attempts to block the most common type of exploit attempts to Joomla!
    ### QUERY_STRING
    ### Block out any script trying to set a mosConfig value through the URL
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
    ### Block out any script trying to base64_encode crap to send via URL
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
    ### Block out any script that includes a tag in URL
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    ### Block out any script trying to set a PHP GLOBALS variable via URL
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    ### Block out any script trying to modify a _REQUEST variable via URL
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [OR]
    ### HTTP_REFERER - HTTP_USER_AGENT
    #RewriteCond %{HTTP_USER_AGENT} Firefox\/1(.+) [NC,OR]
    RewriteCond %{HTTP_REFERER} (-anal) [NC,OR]
    RewriteCond %{HTTP_REFERER} (-cock) [NC,OR]
    RewriteCond %{HTTP_REFERER} (-orgy) [NC,OR]
    RewriteCond %{HTTP_REFERER} (-porn-) [NC,OR]
    RewriteCond %{HTTP_REFERER} (-sex-) [NC,OR]
    RewriteCond %{HTTP_REFERER} (\-sex\.) [NC,OR]
    RewriteCond %{HTTP_REFERER} (\.cc) [NC,OR]
    RewriteCond %{HTTP_REFERER} (\.cn) [NC,OR]
    RewriteCond %{HTTP_REFERER} (\.info) [NC,OR]
    RewriteCond %{HTTP_REFERER} (\.ru) [NC,OR]
    RewriteCond %{HTTP_REFERER} (\.tv) [NC,OR]
    RewriteCond %{HTTP_REFERER} (001maya\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (012\.tw) [NC,OR]
    RewriteCond %{HTTP_REFERER} (04stream\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (06image\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1.2h3aa\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (100dollars-seo\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1024diss\.info) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1024dy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1088i\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (110.232.86.15) [NC,OR]
    RewriteCond %{HTTP_REFERER} (11bbss\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (11eejj\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (120sdwy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (123kubo\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (135s\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (13rivers\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (16ssd\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (173.192.188.200) [NC,OR]
    RewriteCond %{HTTP_REFERER} (174.127.195.166) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1886c\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (18avday\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (18boybeauty\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (18p2p\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (19.19photo\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (192.168.171.1) [NC,OR]
    RewriteCond %{HTTP_REFERER} (192.168.202.10) [NC,OR]
    RewriteCond %{HTTP_REFERER} (192.187.102.74) [NC,OR]
    RewriteCond %{HTTP_REFERER} (19yiren\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1bbhh\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (1stmovieclub\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (2.qubali\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (2015mmm\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (223.4.97.102) [NC,OR]
    RewriteCond %{HTTP_REFERER} (22aaee\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (22yyjj\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (235job\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (24h.com\.vn) [NC,OR]
    RewriteCond %{HTTP_REFERER} (28365365\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (2bbhh\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (2chcn\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (2femdom) [NC,OR]
    RewriteCond %{HTTP_REFERER} (2qtt\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3366\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (33oz\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3dhentaimovie\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3jizz) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3pxpx\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3wfinance\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3wmm\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (3xhen\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (4399\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (5.yao\.cl) [NC,OR]
    RewriteCond %{HTTP_REFERER} (5116c\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (511gan\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (5278\.xyz) [NC,OR]
    RewriteCond %{HTTP_REFERER} (52p2p\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (52xoy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (550ve\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (58.60.63) [NC,OR]
    RewriteCond %{HTTP_REFERER} (58.syn.adsbro\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (59.173.12.188) [NC,OR]
    RewriteCond %{HTTP_REFERER} (6625.twseb\.tw) [NC,OR]
    RewriteCond %{HTTP_REFERER} (67.220.90.21) [NC,OR]
    RewriteCond %{HTTP_REFERER} (67.220.92) [NC,OR]
    RewriteCond %{HTTP_REFERER} (676qq\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (68.168.16.146) [NC,OR]
    RewriteCond %{HTTP_REFERER} (6park\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (6vhao\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (7200.twseb5\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (73lg\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (73vt\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (78dm) [NC,OR]
    RewriteCond %{HTTP_REFERER} (798x\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (7f75b.hn.5168sf\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (7k7k\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (84be\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (84kn\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (89mm\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (8b8bf.545u\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (8bbxx\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (91.v) [NC,OR]
    RewriteCond %{HTTP_REFERER} (911pop\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (9188i\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (91ad.v3p\.co) [NC,OR]
    RewriteCond %{HTTP_REFERER} (91p.vido\.ws) [NC,OR]
    RewriteCond %{HTTP_REFERER} (91sp) [NC,OR]
    RewriteCond %{HTTP_REFERER} (91up.vido\.ws) [NC,OR]
    RewriteCond %{HTTP_REFERER} (9288i\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (932qq\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (933dy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (949vv\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (952vv\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (a.xvika\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (a3zy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (abchina\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (abercrombie\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (abwebnagpur\.in) [NC,OR]
    RewriteCond %{HTTP_REFERER} (accuradio\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (acgbb\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (acgcn\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (acglover\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ache2014\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (actorsandsportsmen\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ad2.bfg24\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (adblade\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (addictinggames\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.exoclick\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.lfstmedia\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.livepromotools\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.mdotm\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.pubmatic\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.triongames\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads.vs\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ads2.socoms\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (adult-?finder) [NC,OR]
    RewriteCond %{HTTP_REFERER} (adult-?friend) [NC,OR]
    RewriteCond %{HTTP_REFERER} (adultwefong\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (adxpansion) [NC,OR]
    RewriteCond %{HTTP_REFERER} (aeshxanime\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (afr\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (agar\.io) [NC,OR]
    RewriteCond %{HTTP_REFERER} (aghg0088comdaili) [NC,OR]
    RewriteCond %{HTTP_REFERER} (agoda\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ah-me\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (airasia\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (aldoshoes\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (alessiobigini\.it) [NC,OR]
    RewriteCond %{HTTP_REFERER} (allabout.co\.jp) [NC,OR]
    RewriteCond %{HTTP_REFERER} (allanalpass\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (alljizz\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (alt\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (amarylliss\.tw) [NC,OR]
    RewriteCond %{HTTP_REFERER} (amateursteen\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (americatlas\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (amsat-uk\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (anal-) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ananlu\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (anqulu\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (anquye200\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (any\.gs) [NC,OR]
    RewriteCond %{HTTP_REFERER} (aoaolu\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (api.bounceexchange\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (appbank\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (appclick\.co) [NC,OR]
    RewriteCond %{HTTP_REFERER} (appfuse\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (Applications) [NC,OR]
    RewriteCond %{HTTP_REFERER} (archcollege\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (archdaily\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (architektenkammer-bremen\.de) [NC,OR]
    RewriteCond %{HTTP_REFERER} (archives.guao\.hk) [NC,OR]
    RewriteCond %{HTTP_REFERER} (armorgames\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (arrowfactorybrewing\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (artbracket\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (article.wn\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ashlynnbrooke\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asiafind1\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asian-bestiality-tube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asianbeautytube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asiangirltube\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asianhottietube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asianpussyhq\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asiansdivas\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (asianudetube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (audiomack\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (auntmia\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (auway\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (ava.garena\.tw) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avclub\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avday18\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avhaha\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avhour\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avistaz\.me) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avsp2p\.info) [NC,OR]
    RewriteCond %{HTTP_REFERER} (avyahoo\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (azgals\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (azlyrics) [NC,OR]
    RewriteCond %{HTTP_REFERER} (babaqiushi\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (backpackers.com\.tw) [NC,OR]
    RewriteCond %{HTTP_REFERER} (badmintoncn) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bananaidolshow\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (banners.alt\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (banners.asiafind\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (banners.cams\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (banners.mennation\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (banners.trannydates\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (battlelog.battlefield\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bbs.3dmgame\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bbs.actoys\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bbs.ednchina\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bbs.hupu\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bbs.mgkj\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bbs.uuu9\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bdsmmovietube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bdsmotube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (beanpanda) [NC,OR]
    RewriteCond %{HTTP_REFERER} (beautymediainc\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (beeg\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (best-seo-offer\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (best-seo-solution\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bestasianpics\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bestgore\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bgt566.pixnet\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (biaozou\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bigbear6085.tumblr\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bild\.de) [NC,OR]
    RewriteCond %{HTTP_REFERER} (binary8\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (birobbie.tumblr\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (birzha-truda\.eu) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bjnk\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blackjack) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blacklesbianfuck\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blockOptions) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blog.flvcd\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blog.fuliqu\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blogaboutmen\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blogs.scientificamerican\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (blue-square\.biz) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bluerobot\.info) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bo.moioi\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bo1tay\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bon-events\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (booking\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (booklog\.jp) [NC,OR]
    RewriteCond %{HTTP_REFERER} (boulet-freres\.fr) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bouyguestelecom\.fr) [NC,OR]
    RewriteCond %{HTTP_REFERER} (boyaagame) [NC,OR]
    RewriteCond %{HTTP_REFERER} (brasscraft\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bremont.com\.hk) [NC,OR]
    RewriteCond %{HTTP_REFERER} (brigitte\.de) [NC,OR]
    RewriteCond %{HTTP_REFERER} (briian\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (brisbanetimes.com\.au) [NC,OR]
    RewriteCond %{HTTP_REFERER} (browse.app.spotify\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (bsigroup\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (burger-imperia\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (buttons-for-website\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (buttons-for-your-website\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (c1.lebenna\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cam4\.tw) [NC,OR]
    RewriteCond %{HTTP_REFERER} (canadianmedicaments\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (caoliu9999.tumblr\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (caoliucm.tumblr\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (caoliuzx\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (caonio\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (caoxx\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (careercast\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (careyourpet\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (casino) [NC,OR]
    RewriteCond %{HTTP_REFERER} (catchpoint\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cathaypacific\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cathkidston\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cb.1024gongchang\.info) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cbcb174\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cbssports\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cdclifestyle\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cdjxbz\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cdn.w55c\.net) [NC]
    RewriteCond %{HTTP_REFERER} (cdn1.static.keezmovies.phncdn\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cdn3.cpmstar\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (celebritylist\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chaircoverny\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chanel\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (changyan.sohu\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chaoku4\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (charmingtranny\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cheating-?wives) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cheatsheet\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chemistdirect.co\.uk) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chicken8\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chimiver\.info) [NC,OR]
    RewriteCond %{HTTP_REFERER} (china-cdn.flipboard\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (china-in-arabic\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chinahrt\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chinanews\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chinatimes\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chinavme\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chiphell\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chuanke\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (chunjie\.me) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cigaraficionado\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cincopa\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (city-data\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cjkmov\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cl.clxxoo\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (clarks.co\.uk) [NC,OR]
    RewriteCond %{HTTP_REFERER} (clashofclansbuilder\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (clients.bluecava\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (clkoffers\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (club.cdfreaks\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (club.tgfcer\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.epochtimes\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.ntdtv\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.reuters\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.rfi\.fr) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.strawberrynet\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.uptodown\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.wordpress\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cn.www.meetme\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cntv) [NC,OR]
    RewriteCond %{HTTP_REFERER} (coastal\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cock-) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cocrun\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (codecademy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (codeforge\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (codex.wordpress\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (colorhunter\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (comicbook) [NC,OR]
    RewriteCond %{HTTP_REFERER} (consolespot\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (contactmusic\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cool18\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cpmstar) [NC,OR]
    RewriteCond %{HTTP_REFERER} (craftsy\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (crunkatlanta\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (csnne\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (cyberspacers\.us) [NC,OR]
    RewriteCond %{HTTP_REFERER} (d.trinitylock\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (d3w3\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dacota.pixnet\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dadsoncirfun.tumblr\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dailymail.co\.uk) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dailymotion\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dantri.com\.vn) [NC,OR]
    RewriteCond %{HTTP_REFERER} (darkoman\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dasetang10\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dazhe\.de) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dc276.4shared\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dc301.4shared\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dedelu) [NC,OR]
    RewriteCond %{HTTP_REFERER} (deliciousbabes\.org) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dell\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (designerhk\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (deutschelobbyinfo\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dev.55css\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (deviantart\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (devpak\.me) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dew9ckzjyt2gn.cloudfront\.net) [NC,OR]
    RewriteCond %{HTTP_REFERER} (df.nexon\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (dickies\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (diretube\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (discogs\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (discrete-?encounters) [NC,OR]
    RewriteCond %{HTTP_REFERER} (divisproject\.eu) [NC,OR]
    RewriteCond %{HTTP_REFERER} (diybeautydiva\.com) [NC,OR]
    RewriteCond %{HTTP_REFERER} (djcc\.c

    • Paul Kevin

      Hey Andi ,

      Thanks for the credentials. I managed to check and did some debugging and it seems the .htaccess rules set by Defender are ignored by the server. I'm not sure how the Apache config settings are from the Webmin are but it seems htaccess in sub-directories are being ignored by the web server configuration. There needs to be

      <Directory "/var/www">
          AllowOverride All
      </Directory>

      Which tells apache to allow sub-directory .htaccess overrides.

      Warm Regards
      Paul Kevin

  • Andi

    The directories are not in var/www

    they are in home with virtualmin

    When you scroll up you can see actually the .htaccess and with sftp you should even be able to download it.

    We use this .htaccess since we use apache 2.4 actually without problems. It is strange.

    The .htaccess file which is in wp-content has actually been created by defender before as it contains the defender settings

    Thanks for checking
    Andi

  • Andi

    Hi Paul

    I inserted a default .htaccess in route but the same result


    actually, one more case for .htaccess popped up after inserting the below default .htaccess

    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # msn - add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
    
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    
    # msn - additional rules
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    
    RewriteRule . index.php [L]
    </IfModule>
    # END WordPress

    Kind regards
    Andi

  • Andi

    Hi Paul

    This cannot be the reason as then all sites would show the same error but the default WPMUDEV site we have with all plugins does not show that error even using the previous .htaccess file.

    3 Multi network have a problem but 1 not!
    You have actually access to the mu.... site via dashboard

    WPMUDEV seems to have serious problems also when installing i.e. the videos which overwrite the optionstree plugin - we had to deactivate the videos.

    And in the mu site defender found malicious file by wpmudev.

    Issue

    WordPress Ad Widget <= 2.11.0 - Authenticated Local File Inclusion (LFI)
    Vulnerability type: LFI
    This bug has been fixed in version: 2.12.0

    But you can't install the update as that bug comes again and again in the mu site.

    That plugin is not installed in all other sites.
    The mu... site contains all 124 WPMUDEV plugins which are pretty deprecated as mentioned already last year and nothing has been done by the plugin developers of those deprecated plugins - often deprecated since 2.8 and nobody can tell me that people are still using wp2.8 today - especially not on a server with PHP 7 :wink:.

    The problem for the defender message has to be caused by something else!

    Kind regards
    Andi

    • Paul Kevin

      Hello Andi ,

      hope you are well today. Kindly please check your apache main configuration that .htaccess in subfolders is allowed with "AllowOverride All" in the "<Directory/>" configuration . We need to cover all bases and from all the tests I have done, even wrong .htaccess files in the wp-content directory are not being detected. This shows me that the server ignores inner htaccess files hence the request to check apache the configuration.

      The issue with Ad Widget plugin is there is a similar one .org https://wordpress.org/plugins/ad-widget/ that has the same name and we are currently working on differentiating the .ord and DEV plugins with the same names.

      Warm Regards
      Paul Kevin

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.