# CPG Dragonfly CMS
# Copyright (c) 2004-2006 by CPG-Nuke Dev Team, dragonflycms.org
# Released under the GNU GPL version 2 or any later version

# $Source: /cvs/html/.htaccess,v $
# $Revision: 9.19 $
# $Author: nanocaiordo $
# $Date: 2008/02/03 12:17:29 $

# Remove the pound sign on these 3 for production sites
# if your server doesn't allow it then a Error 500 is given
# php_flag display_errors off
# php_value error_reporting 0
# php_flag register_globals 0

# flood protection

# deny most common except .php
<FilesMatch "\.(inc|tpl|h|ihtml|sql|ini|conf|bin|spd|theme|module)$">
  deny from all
</FilesMatch>

# disable access to config.php and .ht* from a browser
<FilesMatch "^(config\.php|\.ht)">
 Deny from all
</FilesMatch>
<FilesMatch "error\.(php|gif)">
 allow from all
</FilesMatch>

# if you use LEO, mod_rewrite is necessary
<IfModule mod_rewrite.c>
  RewriteEngine On

  # Check for Santy Worms and redirect them to a fail page
  #-------------------------------------------------------------------
  # Variant -1
  # uncomment if you dont use LWP
  # RewriteCond %{HTTP_USER_AGENT} ^LWP    [NC,OR]
  # Variant -2
  RewriteCond %{REQUEST_URI} ^visualcoders [NC,OR]
  # Variant -3
  RewriteCond %{QUERY_STRING} rush=([^&]+) [NC,OR]
  # Variant -4
  RewriteCond %{HTTP:x-moz} ^prefetch [NC,OR]
  RewriteCond %{X-moz} ^prefetch [NC,OR]
  # block local file, sql and remote attacks
  RewriteCond %{QUERY_STRING} \=../        [NC,OR]
  RewriteCond %{QUERY_STRING} "%20UNION"   [NC,OR]
  RewriteCond %{QUERY_STRING} \=http://    [NC]
  # deny them
  RewriteRule ^.*$ - [F]
  #-------------------------------------------------------------------

  RewriteCond %{REQUEST_FILENAME} -f [NC,OR]
  RewriteCond %{REQUEST_FILENAME} -d
  RewriteRule ^(.*)$ - [L]

  # if you use LEO and CPG-Nuke is installed in a sub-directory like '/html',
  # remove that # before RewriteBase and rename /html to the path of the sub-directory
  # RewriteBase /html
  # RewriteRule ^index\.html /index.php
  RewriteRule ^([a-zA-Z0-9_=+-]+)(/|\.html)$ index=$1 [L,S=5]
  RewriteRule ^([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)(/|\.html)$ index=$1&file=$2 [L,S=4]
  RewriteRule ^([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)$ index=$1&file=$2 [L,S=3]
  RewriteRule ^([a-zA-Z0-9_]+)/([a-zA-Z0-9_]+)/(.*)(/|\.html)$ index=$1&file=$2&$3 [L,S=1]
  RewriteRule ^([a-zA-Z0-9_]+)/(.*)(/|\.html)$ index=$1&file=index&$2  [L]
  RewriteRule ^index=(.*[^/])/(.*) index=$1&$2 [N,L]
  RewriteRule ^index=(.*) index.php?name=$1 [L]
</IfModule>

# use custom error pages if you wish
ErrorDocument 400 /error.php
ErrorDocument 401 /error.php
ErrorDocument 403 /error.php
ErrorDocument 404 /error.php
ErrorDocument 500 /error.php

# disallow index viewing (like ftp) of directory
# Remove # for production sites
# Options -Indexes

# for hosts that don't allow the above, we won't give people anything to look at
<IfModule mod_autoindex.c>
 IndexIgnore *
</IfModule>

AddDefaultCharset utf-8
