I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. The only avenue on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it's almost as powerful as httpd.conf itself

The post Htaccess – The Ultimate Guide appeared first on AskApache.

There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn't you like to see what all those headers and their output, ErrorDocuments look like?

The post HTTP Status Codes and Htaccess ErrorDocuments appeared first on AskApache.

I am now about 1 week away from publishing the much-anticipated 4.7 update to the AskApache Password Protection WordPress plugin. It's an upgrade I've been working on for almost 2 years (off and on)! I have been using the new version for quite some time now, and have made a lot of improvements to it, and finally I decided enough users have suffered with the old version. I am very excited for this release, it fixes all known bugs in the older versions, and brings some heavy-duty improvements to all facets of this plugin.. not to mention way better security modules (Lots more COOKIE use) based on code I use with clients.

The post AskApache Password Protection 4.7 Update in 2 Weeks appeared first on AskApache.

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www.askapache.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(wp-admin/.*|wp-login.php.*) HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

The post Actual Htaccess Files from My Server appeared first on AskApache.

For the AskApache Google 404 WordPress Plugin update I added a new 404.php that is more advanced than anything previously seen for a 404.php

The post Advanced WordPress 404.php appeared first on AskApache.

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

The post An AskApache Plugin Upgrade to Rule them All appeared first on AskApache.

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site's error handling to the next level, enhanced ErrorDocuments that go beyond 404's.

The post SSI in Htaccess for ErrorDocuments, DirectoryIndexing, SEO appeared first on AskApache.

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

The post Advanced .htaccess Tricks for Securing Sites appeared first on AskApache.

This is part II of the Advanced SEO used on AskApache.com Series and describes how to control which urls are indexed by Search Engines and how to move them higher up in Search Results.

The post SEO Secrets of AskApache Part 2 appeared first on AskApache.

1 minute Install!
Turns every 404 Not Found error into a SEO traffic generating event! Now you have many unique users with unique IP addresses and cookies searching your blog on all of the Google Indexes... Sweet!

«Take My 404 for a Test-Drive

The post SEO Boost from Google 404 Plugin appeared first on AskApache.