Search Results
Mod_Security .htaccess guide provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough
And a couple Mod_Security .htaccess examples, for those smart enough to run on DreamHost. <IfModule mod_security.c># Reject requests with status 500
Dec 17, 2007 Mod_Security .htaccess tricks » Mod_Security Step 2. Mod_Security Step 2. Enable mod_security on DreamHost - step1 ·ModSecurity.com
Freshhtaccess code for you Check out the Cookie Manipulation and environment variable usage with mod_rewrite I also included a couple Mod_Securityhtaccess
Dec 17, 2007 Enable mod_security on DreamHost – step1. Mod_Security .htaccess tricks » Enable mod_security on DreamHost – step1 www.askapache.com/;mod_security/enable-mod_security-on-dreamhost-step1/
Sep 22, 2007 Got some freshhtaccess and mod_rewrite code for you And a couple Mod_Securityhtaccess examples for those smart enough to run on DreamHost Enjoy
I personally take this as extreme as I can, I regularly grep my access files, mod_security and error log files looking for bad URLS. I am always checking
php error log;mod_security audit log;mod_security debug log;apache error log;apache access log. Any log file can be used with this method, actually ANY
Apr 19, 2009 Undetectable Sniffing On EthernetMod_Security .htaccess tricks » ·Search And Replace shell script helpful for Upgrades www.askapache.com/;search-and-replace-shell-script-helpful-for-upgrades.html
Mod_Securityhtaccess tricks Mod_Securityhtaccess guide provides protection from a range of attacks against web applications and allows for HTTP traffic
SSL tips and examples ·Variable Fun (mod_env) Section .htaccess Security with MOD_SECURITY ·SetEnvIf and SetEnvIfNoCase Examples
Feed for this Entry ·Trackback ·mod_security .htaccess. Tags:301 Redirect, 404 Not Found, 503, Apache, askapache, CSS, curl, Firefox, GET, Htaccess,
Feed for this Entry ·Trackback ·mod_security htaccess. Tags:500, Apache, askapache, Cache, Cache-Control, compression, CSS, DNS, DreamHost, Elite, Etags,
Feed for this Entry ·Trackback ·mod_security .htaccess. Tags:500, CSS, Elite, Examples, feed, GET, Logs, Networking, Nice, Optimization, Port, SEO, SSI,
Feed for this Entry ·Trackback ·mod_security htaccess. Tags:Accessibility, CSS, Examples, feed, Forms, Port, ram, SSI,
Dec 19, 2007 Mod_Security .htaccess tricks » ModSecurity.com. ModSecurity.com. Mod_Security Step 2. This entry was posted on Wednesday, December 19th,
Feed for this Entry ·Trackback ·mod_security .htaccess. Tags:Apache, askapache, Google, Port, SEO, server, servers, WordPress, www.askapache.com/;languagecountry-specific-google-search-engines.html
Keep in mind the HTTP_USER_AGENT is directly from the client, so its easy to spoof / change. Instead use mod_security for a much better solution.
Tags:Apache, askapache, GET, Google, Htaccess, httpd, httpd.conf, Mod_Rewrite, Mod_Security, Perl, PHP, ram, Rewrite Tricks, Security, SEO, server,
On the test page all lights are green (except mod_security which is yellow). Can you see anything from these errors? /Thomas
SSL example usage in htaccess | .htaccess Tutorial Index | » .htaccess Security with MOD_SECURITY. Although these variables are referred to as environment
Now also works for sites running on SSL (PHP version >4.3.0);Rewrote the security module code in the form of snort, nessus, and mod_security rules and
Nov 22, 2008 Anti-Spam, Anti-Exploits. Denies Obvious Spam and uses advanced mod_security protection [Read More] .htaccess Security Module Screenshot www.askapache.com/;htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html
http://www.askapache.com/htaccess/mod_security-htaccess-tricks.html 2009-05-03T08:30:29+00:00 monthly 0.2 http://www.askapache.com/seo/seo-secrets.html
Tricks and Tips ·SSL tips and examples ·Variable Fun (mod_env) Section .htaccess Security with MOD_SECURITY ·SetEnvIf and SetEnvIfNoCase Examples
requested URLs on the fly;mod_security:HTTP Traffic Logging, Real-Time Attack monitoring and detection, Attack Prevention and just-in-time patching
I use mod_security to block bad bots instead. Jernej ~. SetEnvIfNoCase vs RewriteRules ? Which one is faster ? Spencer ~. Hey, this is awesome.
SSL tips and examples ·Variable Funmod_env Section ·htaccess Security with MOD_SECURITY ·SetEnvIf and SetEnvIfNoCase Examples
Apr 15, 2010 http://www.askapache.com [R=307, L] </IfModule><Files modsec_check.gif><IfModule mod_security.c>SetEnv MODSEC_ENABLE On SecFilterEngine On
Now also works for sites running on SSL (PHP version >4.3.0);Rewrote the security module code in the form of snort, nessus, and mod_security rules and
I also included a couple Mod_Security .htaccess examples. Enjoy! .. Denies Obvious Spam and uses advanced mod_security protection [Read More]
.htaccess Security with MOD_SECURITY.
However, I still can't disable mod_security. :( I also contacted the host and they seem to have no idea how to disable it. Weird.
mod_rewrite .htaccess Examples;Cookie Manipulation and Tests with mod_rewrite;Setting Environment Variables;Using the Environment Variable;mod_security
Multiply your dreamhost Referrals;mod_security .htaccess tricks;Speedier Sites use CSS Sprites;PHP and AJAX shell console;htaccess directives available
In order to show you the most relevant results, we have omitted some entries very similar to the 36 already displayed.If you like, you can repeat the search with the omitted results included.
#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | Published on 04/17/2010 |4 Comments »
htaccess vs. httpd.conf
Tags: Apache, askapache, GET, Google, Htaccess, httpd, httpd.conf, Mod_Rewrite, Mod_Security, Perl, PHP, ram, Rewrite Tricks, Security, SEO, server, servers, stat
Posted in Apache, Google, Htaccess, PHP, SEO | Published on 03/29/2009 |1 Comment »
Skip this – still under edit
I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!
Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.
Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)
Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | Published on 01/10/2009 |66 Comments »
4.6 just released…. Check It Out.
:p
Tags: Advanced, Apache, askapache, GET, Htaccess, htaccess files, Htpasswd, Mod_Security, password, password protection, Port, Security, server, WordPress
Posted in WordPress, WordPress Plugins | Published on 08/19/2008 |10 Comments »
Scrolls the latest log entries for multiple log files to the current screen or to any other monitor or TTY in color using syntax highlighting, making debugging easier and saving a lot of time for multi-monitor workstations.
Tags: Apache, askapache, bash, CCZE, debugging, Elite, error log, Examples, fifo, GET, Htaccess, htaccess files, httpd, Linux, Logs, Mod_Security, Nice, Perl, PHP, php.ini, post, ram, Redirect, Redirection, Renice, Security, server, Shell, Shell History, shell script, SPEED, SSH, SSI, stat, SymLinks, trick, Web Hosting
Posted in Apache, DreamHost, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster | Published on 08/09/2008 |3 Comments »
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | Published on 04/23/2008 |8 Comments »
htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.
Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | Published on 04/10/2008 |76 Comments »
Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.
Tags: admin, Apache, askapache, authorization, Bandwidth, Cache, Cache-Control, Dig, DNS, DreamHost, Email, error log, errordocument, Etags, FilesMatch, filesystem, HowTo, Htaccess, HTTP Error, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Linux, Logs, mod_include, Mod_Rewrite, Mod_Security, Mod_Setenvif, mysql, Performance, Port, ram, Redirect, Redirection, Request Method, Rewrite Tricks, Scripts, Security, server, server config, Server Side Includes, servers, SetEnvIf, Shell, Socket, SPEED, SSI, stat, Web Hosting
Posted in Apache, Apache Modules, DreamHost, Htaccess | Published on 11/23/2007 |No Comments »
Fresh .htaccess code for you! Check out the Cookie Manipulation and environment variable usage with mod_rewrite! I also included a couple Mod_Security .htaccess examples. Enjoy!
