sh404SEF

   sh404SEF creates Joomla SEF URL, and turn them to a more user-friendly format for your site visitors, as well as for search engines. It makes use of plugins to process the various components used in a site. Plugins for VirtueMart, Fireboard, Community Builder, iJoomla Magazine, and more are included. A complete list can be found here .

To build up on Joomla SEF URL, it comes with shCustomTags, a module to build and insert in your pages titles and meta tags, insert h1 or h2 tags where needed, and much more

Lastly, it is also a security components : it performs various checks to increase your site security against external attacks 

Main features and advantages:

Joomla SEF and URL rewriting 

• Easy to use : a traditionnal operating mode using mod_rewrite and a .htaccess file, but also a new mode which does not require .htaccess file at all 

• Fast: sh404SEF has a dual URL cache : in memory and in the database. This reduces a lot the number of queries made to the database. On this very site for instance, I have counted: 

• Easy transition if your site currently has either no SEF URL, or uses standard Joomla SEF URL (URL similar to www.mysite.com/content/22/12/lang,en). If a search engine or a visitor requests a page using the old style address, because that is what is currently stored in Google or Yahoo, sh404SEF will  automatically perform a 301 redirection to the new address. No need anymore to do this redirection manually in your .htaccess, no risk of damaging your search engines results.
• Works with Joomfish: translate URL and/or insert a language code. Either can be switched on or off in the backend, on a component by component basis. (tested also with the upcoming Joomfish 1.8 beta release)
• Integrated Title,Meta, Robots and language tags : automatic generation, plus manually entered tags on a URl by URL basis
• Duplicate content reduction : very few different URL for the same content. For instance, homepage will always be rewritten to www.mysite.com (or mysite.com). No more mysite.com/index.php, mysite.com/index.php?lang=en, mysite.com/index.php?option=com_frontpage&Itemid=1, etc. Several parameters in the backend to manage Itemid if needed, but default settings work well in most cases.
• Custom plugins for main components, producing nice URLs. You'll have much control over the output of these sh404SEF plugins, as many parameters are available in the backend. 
• Can use OpenSEF and SEF Advanced sef_ext plugins. No warranties, but tested on SOBI2, Bookmarks, Alphacontent and iJoomlaMagazine
• Can insert a unique numerical ID in content URL, for inclusion in services such as Google News. Can be switched on or off in the backend, for each category.
• Manage SSL switch, including using shared SSL. Very useful when using Virtuemart
• 404 errors logging. Can be turned off in the backend.
• Interface: English, French, Spanish, German, Italian, Hungarian, Russian, Dutch

Security component

sh404SEF will perform the following checks on all incoming requests (on GET and POST data): 

- presence of a mosConfig_xxx variable
- presence of a <scrip> command
- presence of base64_encode command
- presence of txt files associated with jpg or similar files
- check that variables are numeric only (the variable list is set in backend, comes with a predefined list)
- check that variables are alpha-numeric only (the variable list is set in backend, comes with a predefined list)
- check that variables do not contain http:// or ftp:// (the variable list is set in backend, comes with a predefined list)
- check incoming IP (white list/ black list set in backend, can have wildcards like 80.89.90.*)
- check incoming UserAgent string ((white list/black list set in backend)
- anti-flooding system : check number of requests from same IP in a given time period (count and period set in backend, applied on all requests,or only on requests with POST data - ie : forms : protect against spam robots
- optional checkup of incoming IP with Project Honey Pot (a free, real-time database of known spammers and attackers IP address)

This protection is applied on SEF URL, Joomla SEF URL and Joomla standard URL. Attacks are logged, and kept for a user set number of month. Failure to one of this test results in a 403 page being displayed. On some tests, the 403 page has a javascript link embedded so that false positive (ie - humans) can still access the requested page. 

(GNU/GPL component and plugins)