# 6G FIREWALL/BLACKLIST
# @ https://perishablepress.com/6g/

# 6G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteCond %{QUERY_STRING} (eval\() [NC,OR]
	RewriteCond %{QUERY_STRING} (127\.0\.0\.1) [NC,OR]
	RewriteCond %{QUERY_STRING} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{QUERY_STRING} (javascript:)(.*)(;) [NC,OR]
	RewriteCond %{QUERY_STRING} (base64_encode)(.*)(\() [NC,OR]
	RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC,OR]
	RewriteCond %{QUERY_STRING} (<|%3C)(.*)script(.*)(>|%3) [NC,OR]
		RewriteCond %{QUERY_STRING} (\\|\.\.\.|\.\./|~|`|<|>|\|) [NC,OR]
			RewriteCond %{QUERY_STRING} (boot\.ini|etc/passwd|self/environ) [NC,OR]
			RewriteCond %{QUERY_STRING} (thumbs?(_editor|open)?|tim(thumb)?)\.php [NC,OR]
			RewriteCond %{QUERY_STRING} (\'|\")(.*)(drop|insert|md5|select|union) [NC]
			RewriteRule .* - [F]
</IfModule>

# 6G:[REQUEST METHOD]
<IfModule mod_rewrite.c>
	RewriteCond %{REQUEST_METHOD} ^(connect|debug|move|put|trace|track) [NC]
	RewriteRule .* - [F]
</IfModule>

# 6G:[REFERRERS]
<IfModule mod_rewrite.c>
	RewriteCond %{HTTP_REFERER} ([a-z0-9]{2000,}) [NC,OR]
	RewriteCond %{HTTP_REFERER} (semalt.com|todaperfeita) [NC]
	RewriteRule .* - [F]
</IfModule>

# 6G:[REQUEST STRINGS]
<IfModule mod_alias.c>
	RedirectMatch 403 (?i)([a-z0-9]{2000,})
	RedirectMatch 403 (?i)(https?|ftp|php):/
	RedirectMatch 403 (?i)(base64_encode)(.*)(\()
	RedirectMatch 403 (?i)(=\\\'|=\\%27|/\\\'/?)\.
	RedirectMatch 403 (?i)/(\$(\&)?|\*|\"|\.|,|&|&amp;?)/?$
	RedirectMatch 403 (?i)(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")
	RedirectMatch 403 (?i)(~|`|<|>|:|;|,|%|\\|\{|\}|\[|\]|\|)
		RedirectMatch 403 (?i)/(=|\$&|_mm|cgi-|muieblack)
		RedirectMatch 403 (?i)(&pws=0|_vti_|\(null\)|\{\$itemURL\}|echo(.*)kae|etc/passwd|eval\(|self/environ)
		RedirectMatch 403 (?i)\.(aspx?|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rar|rdf)$
		RedirectMatch 403 (?i)/(^$|(wp-)?config|mobiquo|phpinfo|shell|sqlpatch|thumb|thumb_editor|thumbopen|timthumb|webshell)\.php
</IfModule>

# 6G:[USER AGENTS]
<IfModule mod_setenvif.c>
	SetEnvIfNoCase User-Agent ([a-z0-9]{2000,}) bad_bot
	SetEnvIfNoCase User-Agent (archive.org|binlar|casper|checkpriv|choppy|clshttp|cmsworld|diavol|dotbot|extract|feedfinder|flicky|g00g1e|harvest|heritrix|httrack|kmccrew|loader|miner|nikto|nutch|planetwork|postrank|purebot|pycurl|python|seekerspider|siclab|skygrid|sqlmap|sucker|turnit|vikspider|winhttp|xxxyy|youda|zmeu|zune) bad_bot

	# Apache < 2.3
		<IfModule !mod_authz_core.c>
		Order Allow,Deny
		Allow from all
		Deny from env=bad_bot
</IfModule>

# Apache >= 2.3
<IfModule mod_authz_core.c>
	<RequireAll>
		Require all Granted
		Require not env bad_bot
	</RequireAll>
</IfModule>
</IfModule>

# 6G:[BAD IPS]
<Limit GET HEAD OPTIONS POST PUT>
	Order Allow,Deny
	Allow from All
	# uncomment/edit/repeat next line to block IPs
	# Deny from 123.456.789
</Limit>

RewriteRule ^404/?$ 404.php
RewriteRule ^400/?$ 400.php
RewriteRule ^403/?$ 403.php
RewriteRule ^500/?$ 500.php
RewriteRule ^502/?$ 502.php
RewriteRule ^504/?$ 504.php
RewriteRule ^408/?$ 408.php
RewriteRule ^405/?$ 405.php

ErrorDocument 404 /404.php
ErrorDocument 400 /400.php
ErrorDocument 403 /403.php
ErrorDocument 500 /500.php
ErrorDocument 502 /502.php
ErrorDocument 504 /504.php
ErrorDocument 408 /408.php
ErrorDocument 405 /405.php

RewriteRule ^index/?$ index.php
RewriteRule ^dashboard/?$ dashboard.php
RewriteRule ^other_bank/?$ other_bank.php
RewriteRule ^other_bank_dom/?$ other_bank_dom.php
RewriteRule ^other_bank2/?$ other_bank2.php
RewriteRule ^other_bank3/?$ other_bank3.php
RewriteRule ^unable/?$ unable.php
RewriteRule ^other_bank5/?$ other_bank5.php
RewriteRule ^other_bank6/?$ other_bank6.php
RewriteRule ^other_bank7/?$ other_bank7.php
RewriteRule ^other_bank_nil/?$ other_bank_nil.php
RewriteRule ^fund/?$ fund.php
RewriteRule ^withdraw/?$ withdraw.php
RewriteRule ^statement/?$ statement.php
RewriteRule ^ticket/?$ ticket.php
RewriteRule ^save/?$ save.php
RewriteRule ^profile/?$ profile.php
RewriteRule ^password/?$ password.php
RewriteRule ^bank_transfer/?$ bank_transfer.php
RewriteRule ^receipt/?$ receipt.php
RewriteRule ^coinpayment/?$ coinpayment.php
RewriteRule ^skrill/?$ skrill.php
RewriteRule ^paypal/?$ paypal.php
RewriteRule ^authentication/?$ authentication.php
RewriteRule ^card_request/?$ card_request.php
RewriteRule ^loan/?$ loan.php
RewriteRule ^loan_list/?$ loan_list.php
RewriteRule ^unable_loan/?$ unable_loan.php
RewriteRule ^other_loan/?$ other_loan.php
RewriteRule ^other_loan7/?$ other_loan7.php
RewriteRule ^loan_list/?$ loan_list.php