Search For Cache-Control

Tags:301 Redirect, 302 Redirect, 401, 403 Forbidden, 503, admin, Analytics, Apache, apache ssl, askapache, ASP, Cache, Cache-Control, caching,

12 3 4 5 6

PHP Session File Hacks

What they say about kung-fu is true..

It can be attained by anyone through hard work over time. You can become as good as the amount of work you put in. Here’s a short look at a basic technique that I use. Simply reverse engineering the source code and taking notes along the way…

static void php_session_send_cookie(TSRMLS_D)
  if (SG(headers_sent)) {
          if (output_start_filename) {
                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent by (output started at %s:%d)",
                          output_start_filename, output_start_lineno);
          } else {
                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent");
          }
          return;
  }
 
  /* URL encode session_name and id because they might be user supplied */
  e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);

Tags: Cache, Cookies, Examples, GET, HTTP Headers, Nice, Perl, PHP, php.ini, Port, ram, Security, server, servers, Sessions, Shell, shell script, SSI, stat, umask, xargs
Posted in Apache, DreamHost, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster, WiredTree, WordPress | Published on 06/24/2010 |No Comments »

Real-Life Htaccess Files from My Server

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | Published on 04/17/2010 |4 Comments »

Optimize a Website for Speed, Security, and Easy Management

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | Published on 02/18/2010 |9 Comments »

An AskApache Plugin Upgrade to Rule them All

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

Tags: 401, 404 Not Found, admin, Advanced, Apache, askapache, AskApache Google 404, AskApache Password Protection, ASP, authorization, bash, Cache, Cache-Control, chmod, compression, Cookies, debugging, Dig, Email, errordocument, Etags, Examples, FilesMatch, Fsockopen, GET, Google, Htaccess, htaccess files, htaccess tricks, HTTP Headers, httpd, HTTPS SSL, Javascript, Last-Modified, Logs, mod_include, Mod_Rewrite, Mod_Setenvif, Networking, Nice, password, password protection, Perl, PHP, Port, post, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SSH, SSI, stat, trick, Username, Web Hosting, Wireshark, WordPress, WordPress Plugins, WordPress Security
Posted in Apache, Apache Modules, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Web Hosting, Web Tools, Webmaster, Windows, WordPress, WordPress Plugins | Published on 07/29/2009 |1 Comment »

The Ultimate Htaccess

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | Published on 01/10/2009 |66 Comments »

Htaccess SetEnvIf and SetEnvIfNoCase Examples

SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.

Tags: 301 Redirect, 401, 403 Forbidden, Apache, apache ssl, askapache, ASP, authorization, Cache, Cache-Control, caching, Cookies, curl, debugging, Examples, FilesMatch, Fsockopen, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, HTTPS SSL, If-Modified-Since, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, Nice, PHP, Port, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, robots.txt, Scripts, Security, SEO, server, server config, SetEnvIf, Shell, shell script, SPEED, SSI, stat, trick, tutorial, Wget, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Mod_Rewrite, SEO, Server Administration, Webmaster | Published on 12/07/2008 |4 Comments »

.htaccess trick to show Alternate CSS file based on IP

This past week I updated my sites apache.css file for a site-redesign. I wanted to make changes to the .css file that only I could see, so that my regular traffic and site-visitors would still see the old version. Here’s the elegant solution I came up with using .htaccess and mod_rewrite that works so well I’m sharing it with all you wonderful and incredible people reading my blog :)

Tags: Apache, askapache, Cache, Cache-Control, caching, cheatsheet, CSS, Email, expires header, GET, Htaccess, HTTP Headers, Mod_Rewrite, PHP, Rewrite Tricks, rewritecond, rewriterule, server, SPEED, SSI, stat, trick, tutorial, WordPress
Posted in Apache, CSS, Cache, Featured, Htaccess, Mod_Rewrite, Web Design, Webmaster, XHTML | Published on 10/20/2008 |5 Comments »

Pimp out your FeedBurner Count

I’ve had a lot of people ask about the FeedBurner FeedCount image on AskApache. Specifically how to set it up with custom messages and different colors each page view… It is pretty sweet..

Tags: Advanced, Apache, askapache, bash, Cache, Cache-Control, caching, curl, Etags, expires header, feed, FeedBurner, FeedCount, FilesMatch, GET, Htaccess, HTTP Headers, Last-Modified, Mod_Rewrite, ram, Rewrite Tricks, rewritecond, rewriterule, server, Shell, shell script, SSI, stat, trick, umask
Posted in Apache, Awk, Featured, Hacking, Htaccess, Linux Unix BSD, Making Money, SEO, Server Administration, Shell Scripting, Web Design, Web Hosting, Web Tools, Webmaster, XHTML | Published on 08/19/2008 |No Comments »

Notes from Apache HTTPD Source Code

thought I’d take a break from coding and post about how open-source is such a great tool for finding the best answers to the toughest questions,

/** is the status code informational */
#define ap_is_HTTP_INFO(x)         (((x) >= 100)&&((x) < 200))
/** is the status code OK ?*/
 
#define ap_is_HTTP_SUCCESS(x)      (((x) >= 200)&&((x) < 300))
/** is the status code a redirect */
#define ap_is_HTTP_REDIRECT(x)     (((x) >= 300)&&((x) < 400))
 
/** is the status code a error (client or server) */
#define ap_is_HTTP_ERROR(x)        (((x) >= 400)&&((x) < 600))
/** is the status code a client error  */
 
#define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500))
/** is the status code a server error  */
#define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600))
 
/** is the status code a (potentially) valid response code?  */
#define ap_is_HTTP_VALID_RESPONSE(x) (((x) >= 100)&&((x) < 600))

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Apache, askapache, authorization, Cache, Cache-Control, Cookies, Dig, error log, errordocument, Etags, Examples, filesystem, GET, Htaccess, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Last-Modified, mod_include, Networking, nsa, password, Port, post, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, server, server config, servers, Source Code, SSI, stat, SymLinks, Web Development, Web Hosting
Posted in Apache, Htaccess | Published on 08/12/2008 |No Comments »

Preloading .flv and .mp3 files with Flash

If you want to pre-load .flv / .mp3 files into a visitors browser cache using flash, here’s the actionscript I use to do it, and some ideas behind a good javascript implementation using swfobject or ufo.

Tags: Advanced, Apache, askapache, Boot, Cache, Cache-Control, caching, compression, Dig, Etags, expires header, FilesMatch, Flash, Flash Actionscript, GET, Htaccess, HTTP Headers, HTTPS SSL, Javascript, Last-Modified, preload, ram, SPEED, SSI, stat, trick
Posted in Flash | Published on 08/05/2008 |10 Comments »

Mod_Security .htaccess tricks

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | Published on 04/23/2008 |8 Comments »

.Htaccess rewrites, Mod_Rewrite Tricks and Tips

htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | Published on 04/10/2008 |76 Comments »

Crazy Cache WordPress Plugin Released

A WordPress plugin that caches your entire blog for WP-Cache, I love this plugin and finally released it to the public!

Tags: Advanced, Apache, askapache, AskApache Crazy Cache, Cache, Cache-Control, caching, CSS, curl, Fsockopen, GET, Htaccess, Image Sprites, Logs, Mod_Rewrite, post, Rewrite Tricks, server, SPEED, trick, WordPress
Posted in Cache, WordPress, WordPress Plugins | Published on 04/01/2008 |21 Comments »

PHP Sessions/Cookies On The Fly

This article shows how to save and modify php session data, cookies, do anything really… without using ajax or iframes or forcing the user make a request.

Tags: admin, Advanced, Ajax, Apache, askapache, Cache, Cache-Control, caching, Cookies, Firefox, GET, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, Javascript, Last-Modified, Linux, Mod_Rewrite, PHP, Port, post, ram, Redirect, Rewrite Tricks, rewriterule, server, Sessions, SSI, stat, Web Development, WordPress
Posted in Ajax, Apache, Featured, Htaccess, Javascript, PHP, Security | Published on 03/28/2008 |2 Comments »

Advanced HTTP Redirection

Learn about the 7 different HTTP response codes specifically reserved for redirection. 301, 302, 303, 304, 305, and 307.

Tags: 301 Redirect, 302 Redirect, Advanced, Apache, askapache, Cache, Cache-Control, cheatsheet, errordocument, Etags, Examples, experiments, expires header, GET, Htaccess, HTTP Headers, HTTP Status Codes, HTTP-EQUIV, Logs, nsa, Perl, PHP, post, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, Robot, robots, robots.txt, Security, server, servers, SSI, stat
Posted in Apache, Featured, SEO | Published on 03/26/2008 |2 Comments »

Hack WP-Cache for Maximum Speed

If you desire SPEED from your WordPress blog, the #1 speed improvement comes from using the WP-Cache Plugin. If you still desire SPEED after installing the Plugin, you can modify the WP-Cache Plugin code to make your blog even faster!

Tags: Apache, askapache, Cache, Cache-Control, caching, compression, CSS, Etags, expires header, FilesMatch, Firebug, Firefox, GET, Hacking, Htaccess, HTTP Headers, Last-Modified, Logs, PDF, PHP, SPEED, SSI, WordPress, YSlow
Posted in Cache, Hacking, WordPress | Published on 03/11/2008 |2 Comments »

Speed Tips: Add Cache-Control Headers

Using Cache-Control headers you can specify which types of proxies can cache certain content, and how long files should be cached.

Tags: Apache, askapache, Cache, Cache-Control, compression, CSS, Etags, expires header, FilesMatch, Htaccess, HTTP Headers, httpd, httpd.conf, Last-Modified, Mod_Rewrite, Optimization, PDF, Rewrite Tricks, SPEED, SSI
Posted in Apache, Cache, DreamHost, Featured, Htaccess, WordPress | Published on 03/10/2008 |9 Comments »

Preload flash .flv files into browser cache

How I was able to preload many flash flv and swf files on one of my clients sites that has a lot of online video and relatively small traffic. Their site visitors would usually watch 3-10 videos per visit and so to make the videos load almost instantly on every page I came up with a way to preload the top 10 .flv files and the swf flv player files as soon as the visitor successfully started watching the 1st video. Of course I also setup .htaccess caching on the server so that once they downloaded the files into their cache they would never request them from the server again. I was having fun with this so its pretty funky and uses some really cool combinations of javascript, swf preloader from xml, css classes to help automate it all..

Tags: 404 Not Found, Ajax, Apache, askapache, Backups, Bandwidth, Boot, Cache, Cache-Control, caching, console, Cookies, CSS, FilesMatch, Flash, Flash Actionscript, Google, Htaccess, HTTP Headers, Javascript, Logs, Mod_Rewrite, mysql, PDF, PHP, preload, ram, Rewrite Tricks, server, Shell, SPEED, SSI, stat, tutorial, Web Development, Wireshark
Posted in Cache, Flash, Htaccess, Web Design | Published on 02/04/2008 |4 Comments »