[SOLVED] Search Friendly URLs

[merlowe]

I read notes on configuring the .htaccess files and it includes notes on URL filtering.
it says;

URL Filtering Using .htaccess You can increase the security of your site and stop many hacking attempts by inserting a few lines into your .htaccess file. These rules reject http requests containing characters commonly used by exploits, but will not affect the normal operation of CMS Made Simple.

http://wiki.cmsmadesimple.org/index.php ... l_Settings

then the following filtering code is shown down the page as part of the full code in the .htaccess file

Code: Select all

# URL Filtering helps stop some hack attempts
#IF the URI contains a "http:"
RewriteCond %{QUERY_STRING} http\: [OR]
#OR if the URI contains a "["
RewriteCond %{QUERY_STRING} \[ [OR]
#OR if the URI contains a "]"
RewriteCond %{QUERY_STRING} \] [OR]
#OR if the URI contains a "<__script__>"
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
#OR script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
#OR any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) 
RewriteRule ^.*$ - [F,L] 
# END Filtering

but when i check my .htaccess file included under "doc", there are no URL filtering rules in that file.

I'm using CMS Made Simple 1.8.2 "Toliara".  Are these filtering rules no longer applicable to this version, or should i add them in?  and are the rules that are shown correct for this version?

[Dr.CSS]

Those aren't in the default htaccess as they are more for those worried about hacks, I just put the htaccess.txt in the root and rename it .htaccess and change the config.php and I'm good to go...

[merlowe]

Thanks, so is it optional whether or not to use them?

If one is concerned about hack attempts, then it should be used, if not then it can be ignored?

[Dr.CSS]

Correct...

[merlowe]

Thanks