Comments on: Advanced .htaccess Tricks for Securing Sites

By: John

John — Thu, 29 Jan 2009 04:20:27 +0000

Nice to see you’re making progress, any ETA on the latest version? I can’t wait! :D

By: hal

hal — Sun, 25 Jan 2009 09:15:32 +0000

Interesting read. A tip that springs to mind is that you can match *any* string in RewriteRule and RewriteCond directives with a regex start of line anchor (^) used on its own. This will perform better from a regex engine point of view. For example, change a rule like this:

RewriteRule .* - [L]

to this:

RewriteRule ^ - [L]

By: Eric

Eric — Thu, 22 Jan 2009 06:10:52 +0000

Hey AskApache,

any info on the upgrade to your htaccess security plugin?

Eagerly looking fwd to it!
Eric

By: Elaine

Elaine — Fri, 02 Jan 2009 23:24:46 +0000

Hi there,

I looked around your site but can't find what I am looking for. I need a .htaccess url authentication script. Something simple, not like PHP but just a couple of strings of code to put in .htaccess file that would only allow secure page access from ssl site or https site only as well as internally from the same url and no one else is allowed unless they come from specific secure sites that I specify.

Don't know how to explain this better, I am not technical ;-) Do you have anything like that not for wordpress but for self-hosted site written in html.

Thanks

By: dvb

dvb — Sat, 20 Dec 2008 20:43:33 +0000

AskApache uses PHPBB?????

IMHO, MyBB is much better and more secured, worth a try.

By: Ron Peled

Ron Peled — Sat, 20 Dec 2008 17:30:00 +0000

While your method seems to work for a specific piece of software (phpBB) on your specific environment I like your general method of using whitelisting or use the path that is allowed instead of blocking what you believe is not allowed. This makes total sense. Thanks!