From 53ab48e18ea02da30a7eb939c0f391eb7043caf7 Mon Sep 17 00:00:00 2001
From: Mustafa Ozan Alpay <frozsgy@gmail.com>
Date: Sat, 27 Jul 2019 13:12:02 +0300
Subject: [PATCH] Initial commit

---
 .htaccess | 24 ++++++++++++++++++++++++
 README.md |  1 +
 2 files changed, 25 insertions(+)
 create mode 100644 .htaccess

diff --git a/.htaccess b/.htaccess
new file mode 100644
index 0000000..49edecd
--- /dev/null
+++ b/.htaccess
@@ -0,0 +1,24 @@
+# For security reasons, Option followsymlinks cannot be overridden.
+#Options +FollowSymLinks
+Options +SymLinksIfOwnerMatch
+RewriteEngine on
+
+## Begin - Rewrite rules to block out some common exploits.
+# If you experience problems on your site block out the operations listed below
+# This attempts to block the most common type of exploit `attempts` to Joomla!
+#
+# Block out any script trying to base64_encode data within the URL.
+RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
+# Block out any script that includes a <script> tag in URL.
+RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
+# Block out any script trying to set a PHP GLOBALS variable via URL.
+RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
+# Block out any script trying to modify a _REQUEST variable via URL.
+RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
+# Return 403 Forbidden header and show the content of the root homepage
+RewriteRule .* index.php [F]
+#
+## End - Rewrite rules to block out some common exploits.
+
+
+RewriteRule hook/(.*) hook.php?id=$1
diff --git a/README.md b/README.md
index 6d2127d..a6650bb 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ JotSheets was developed as an internship project at JotForm.
 * [PHP 7 or higher](http://www.php.net/)
 * [mySQL](https://www.mysql.com/) or [MariaDB](https://mariadb.org/)
 * [Google APIs Client Library for PHP](https://github.com/googleapis/google-api-php-client)
+* Apache server with RewriteEngine on
 
 ## Installation ##