Apache .htaccess写法(里面的www.baidu.com改成自己的域名)
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
# ============================================
# 0. HTTP/HTTPS 强制跳转 + 统一带WWW域名
# ============================================
RewriteRule ^(.*)$ https://www.baidu.com/$1 [R=301,L]
# ============================================
# 1. 禁止敏感目录下的危险文件类型直接访问
# ============================================
RewriteRule ^static/(.*)\.(php|php3|php5|phtml)$ - [F,L,NC]
RewriteRule ^apps/(.*)\.(php|php3|php5|phtml)$ - [F,L,NC]
RewriteRule ^config/(.*)\.(php|php3|php5|phtml)$ - [F,L,NC]
RewriteRule ^template/(.*)\.(php|php3|php5|phtml|html)$ - [F,L,NC]
# ============================================
# 2. 禁止恶意爬虫 User-Agent
# ============================================
RewriteCond %{HTTP_USER_AGENT} (Applebot|ClaudeBot|TelegramBot|DataForSeoBot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (PetalBot|DotBot|AhrefsBot|MJ12bot|SemrushBot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Slurp|Scrubby|Robozilla|GPTBot|Amazonbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (OAI-searchBot|ImagesiftBot|meta-externalagent) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Scrapy|AwarioBot|babbar|Exabot|webmeup|wpbot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Brightbot|BLEXBot|YandexBot|Claude-SearchBot) [NC,OR]
RewriteCond %{HTTP_USER_AGENT} (Amzn-SearchBot|twiceler) [NC]
RewriteRule .* - [F,L]
# ============================================
# 3. 禁止URI直接访问敏感目录文件
# ============================================
RewriteCond %{REQUEST_URI} ^/(apps|static|config|template)/.*\.(html|php|jsp|asp|txt|json)$ [NC]
RewriteRule .* - [F,L]
# ============================================
# 4. PbootCMS 伪静态规则
# ============================================
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?p=$1 [QSA,PT,L]
</IfModule>
# ============================================
# 5. 禁止访问敏感文件
# ============================================
<FilesMatch "\.(sql|log|ini|env|bak|old|swp|git)$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "^\.">
Order Allow,Deny
Deny from all
</FilesMatch>
# ============================================
# 6. 安全响应头
# ============================================
<IfModule mod_headers.c>
Header set X-Content-Type-Options "nosniff"
Header set X-Frame-Options "SAMEORIGIN"
Header set X-XSS-Protection "1; mode=block"
Header always unset X-Powered-By
Header always unset Server
</IfModule>
