CODEWITHSUNDEEP
apache.htaccessmod-rewritecpanel
zahid ullah
zahid ullah

Reputation: 371

php access to page forbidden

hi am getting strange forbidden access message , anybody have any idea , its malware work or htaccess problem .

when i visit http://e-innovate.co.uk it give me angry response :) 

Access to this page is forbidden. Sorry.

Sorry, but access to this page is forbidden. Even if you have authentication, you are still not allowed to access this page. It's not meant for your eyes - ever!

Check the URL you entered for any mistakes and try again. Alternatively, search for whatever is missing or take a look around the rest of our site.

here is my htaccess file 

AddDefaultCharset UTF-8

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options +MultiViews
    </IfModule>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
</IfModule>

ErrorDocument 401 /Error-401
ErrorDocument 403 /Error-403
ErrorDocument 404 /Error-404
ErrorDocument 500 /Error-500
ErrorDocument 503 /Error-503

# Disable directory browsing
Options All +Indexes

# Remove Trailing slash on url - START
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^(.+)/$
RewriteRule ^(.+)/$  /$1 [R=301,L]
# Remove Trailing slash on url -END

RewriteCond %{HTTP_HOST} ^dksbsolutions\.co\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.co\.uk$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]

RewriteCond %{HTTP_HOST} ^dksbsolutions\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.com$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]

RewriteCond %{HTTP_HOST} ^dksbsolutions\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.uk$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]

# Redirect www. to non www. - START
  RewriteCond %{HTTPS} off
  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
#  RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

  RewriteCond %{HTTPS} on
  RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
 # RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# Redirect www. to non www. - END

# HTTP Keep Alive - Start
<ifModule mod_headers.c>
    Header set Connection keep-alive
    Header set Vary "Accept-Encoding"
</ifModule>
# HTTP Keep Alive - End

ExpiresActive On

# Set a max-age of one day for caches
<IfModule mod_headers.c>
Header set Cache-Control "max-age=86400"
</IfModule>


# cache images and flash content for one month
<FilesMatch ".(js|css|flv|gif|jpg|jpeg|png|ico|swf|woff)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>

# cache text, css, and javascript files for one week
<FilesMatch ".(pdf|txt)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>

# cache html and htm files for one day
<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=43200"
</FilesMatch>
# CACHE - END

#GZIP BEGIN - COMPRESS - .CSS .JS .HTML .XHTML .PHP .TXT
<ifModule mod_deflate.c>
  <filesMatch "\.(css|js|x?html?|php|txt|eot|svg|woff)$">
    SetOutputFilter DEFLATE
  </filesMatch>
</ifModule>
# GZIP END

# DISABLE IMAGE HOT LINKING - START
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{SERVER_NAME}%{HTTP_REFERER} !^(.*)https?://\1/
# RewriteRule \.(js|css|png|jpg|jpeg) - [R=404,L]
# DISABLE IMAGE HOT LINKING - END

#DENY ACCESS - START
<FilesMatch "db.php|php_error.php|error_log|\.tpl$">
 Order allow,deny
 Deny from all
</FilesMatch>
#DENY ACCESS - END

# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
</Files>

### Security - Disable HTTP Track and Trace
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]


# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/

# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
    RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
    RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
    RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
    RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
    RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
    RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
    RewriteRule .* - [F]
</IfModule>


# 5G:[REQUEST METHOD]
<ifModule mod_rewrite.c>
    RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
    RewriteRule .* - [F]
</IfModule>

# 5G:[BAD IPS]
<limit GET POST PUT>
    Order Allow,Deny
    Allow from all
    # uncomment/edit/repeat next line to block IPs
    # Deny from 123.456.789
</limit>

Upvotes: 0

Views: 560

Answers (1)

Kailash Aghera
Kailash Aghera

Reputation: 549

It seems that there is a permission/ownership issue for your files/folders. You cannot check Apache error log without root access. You should contact your host to investigate the root cause of this issue by checking Apache error log.

It is also possible that your host has changed server PHP/apache configurations which has caused this issue.

Upvotes: 1

Related Questions