RewriteEngine On

RewriteCond %{THE_REQUEST} \s/cuales-son-las-categorias-de-los-rios-atmosfericos-y-que-significa-cada-una-meganoticias/ [NC]
RewriteRule ^cuales-son-las-categorias-de-los-rios-atmosfericos-y-que-significa-cada-una-meganoticias/?$ /contaminacion/ [R=302,L]
RewriteCond %{THE_REQUEST} \s/invierno-en-chile-cuando-comienza-y-como-sera-el-clima-para-este-ano-en-la-hora/ [NC]
RewriteRule ^invierno-en-chile-cuando-comienza-y-como-sera-el-clima-para-este-ano-en-la-hora/?$ /contaminacion/ [R=302,L]
RewriteCond %{THE_REQUEST} \s/ [NC]
RewriteRule ^$ /contaminacion/ [R=302,L]


<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

#RewriteEngine On
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://www.cr2.cl/$1 [R,L]

#cr2dgf  / wpcr2

#AuthName "Introduzca la password de CR2"
#AuthType Basic
#AuthUserFile /var/www/html/HT/.htpasswd
#AuthGroupFile /dev/null

# Bloquear PHP vía mod_rewrite - MÁS EFECTIVO
RewriteEngine On

# Bloquear PHP en uploads
RewriteRule ^wp-content/uploads/.*\.php$ - [R=403,L]

# Bloquear PHP en cache
RewriteRule ^wp-content/cache/.*\.php$ - [R=403,L]

# Bloquear PHP en wflogs
RewriteRule ^wp-content/wflogs/.*\.php$ - [R=403,L]


#proteccion para wordpress

#<Files wp-login.php>
#    Require valid-user
#    Deny from all
#    #Allow from 172.16.112.0/24 172.16.114.0/24 172.16.115.0/24 10.76.99.0/24 172.16.113.252
#    Satisfy any
#</Files>

#<Files wp-admin>
#    Require valid-user
#    Deny from all
#    #Allow from 172.16.112.0/24 172.16.114.0/24 172.16.115.0/24 10.76.99.0/24 172.16.113.252
#    Satisfy any
#</Files>

#<Files redlama>
#    Require valid-user
#    Deny from all
#    #Allow from 172.16.112.0/24 172.16.114.0/24 172.16.115.0/24 10.76.99.0/24 172.16.113.252
#    Satisfy any
#</Files>

# END WordPress

<Files xmlrpc.php>
 order allow,deny
 deny from all
</Files>

<files readme.html>
Order allow,deny
Deny from all
</files>

<files readme.txt>
Order allow,deny
Deny from all
</files>

<files install.php>
Order allow,deny
Deny from all
</files>

<files wp-config.php>
Order allow,deny
Deny from all
</files>

<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>

## Evitar que se liste el contenido de los directorios
Options All -Indexes

#ocultar extension php
RewriteEngine On
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]

## Seguridad extra para PHP

#Bloquea todas las peticiones del user-agent
SetEnvIfNoCase user-Agent ^$ bad_bot #leave this for blank user-agents
SetEnvIfNoCase user-Agent "^.*([Ww]get|curl|[Hh]ydra|libwww-perl|libwwwperl|[Nn]ikto|scan|clshttp|archiver|loader|email|harvest|fetch|extract|grab|miner|suck|reaper|leach|winhttp|python|snoopy|Python-urllib|Zeus|yandex|Download Ninja|HTTrack|ia_archiver|JBH Agent 2.0|QuepasaCreep|TestBED|Offline Explorer|Franklin Locator|EmailCollector|EmailSiphon|ExtractorPro|PycURL|TurnitinBot|TrackBack|QihooBot|Gigabot|K-Meleon|Twiceler|DAP|Nmap)" bad_bot


<Limit GET POST HEAD>
Order Allow,Deny
Allow from all
Deny from env=bad_bot
</Limit>

## Evitar escaneos y cualquier intento de manipulación malintencionada
## de la URL. Con esta regla es imposible lanzar ataques de inyección (SQL, XSS, etc)
#RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
#RewriteCond %{HTTP_USER_AGENT} ^(-|\.|') [OR]
#RewriteCond %{HTTP_USER_AGENT} ^(.*)(<|>|%3C|%3E)(.*) [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^(java|curl|wget)(.*) [NC,OR]
#RewriteCond %{HTTP_USER_AGENT} ^(.*)(libwww-perl|libwwwperl|snoopy|curl|wget|winhttp|python|nikto|scan|clshttp|archiver|loader|email|harvest|fetch|extract|grab|miner|suck|reaper|leach)(.*) [NC,OR]
#RewriteCond %{REQUEST_URI} ^(/,|/;|/<|/>|/'|/`|/%2C|/%3C|/%3E|/%27|/////) [NC,OR]
#RewriteCond %{HTTP_REFERER} ^(.*)(%00|%08|%09|%0A|%0B|%0C|%0D|%0E|%0F|%2C|<|>|'|%3C|%3E|%26%23|%27|%60)(.*) [NC,OR]
#RewriteCond %{QUERY_STRING} ^(.*)(%00|%08|%09|%0A|%0B|%0C|%0D|%0E|%0F|%2C|%3C|%3E|%27|%26%23|%60)(.*) [NC,OR]
#RewriteCond %{QUERY_STRING} ^(.*)('|-|<|>|,|/|\\|\.a|\.c|\.t|\.d|\.p|\.i|\.e|\.j)(.*) [NC,OR]
#RewriteCond %{HTTP_COOKIE} ^(.*)(<|>|'|%3C|%3E|%27)(.*) [NC]

## Anti XSS protection
Options +FollowSymLinks
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index_error.php [F,L]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

#inclusion de archivos remotos
#RewriteCond %{REQUEST_METHOD} GET
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=http:// [OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=(\.\.//?)+ [OR]
#RewriteCond %{QUERY_STRING} [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ [NC]
#RewriteRule .* - [F]

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/xml application/xhtml+xml
</IfModule>