Note: Extremely ILL Content
Find the key to unlocking mod_rewrite and you WILL be sick.. sick with a diamond disease on your wrist!
Tagged: advanced, askapache, cheatsheet, howto, htaccess, htaccess rewrite, mod_rewrite, tutorial | 19 Comments | Continue...
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
Tagged: AskApache Google 404, AskApache Password Protection, Fsockopen, WordPress Plugins, wordpress security | 1 Comment | Continue...
The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.
Tagged: debugging, wordpress development | 1 Comment | Continue...
Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.
Tagged: .htaccess plugin, Apache, askapache, htaccess, password protection, Security, WordPress | 1 Comment | Continue...
This is not an introduction to .htaccess… This is the evolution of .htaccess… The BEST, the ORIGINAL, the NEWEST, and the most HIGHEST, FLYEST .htaccess tricks I can find.
Originally known as the “Ultimate .htaccess Guide”, its changed over the years by adding new .htaccess tricks and .htaccess examples to it.. I also add my favorite .htaccess links, the best .htaccess articles on AskApache, the coolest .htaccess experiments, the Web’s best .htaccess hacks, and update this article on the regular.
Tagged: .htaccess examples, Apache, Cache, caching, Files, FilesMatch, Google, Hacking, howto, htaccess, htaccess guide, htaccess help, htaccess howto, htaccess rewrite, htaccess tricks, htaccess tutorial, httpd, litespeed, mod_rewrite, Mod_Security, rewritecond, rewriterule, sample .htaccess, Security, SEO, seo secrets, SetEnvIf, ssl, ultimate htaccess | 56 Comments | Continue...
A list of API Versions and the corresponding HTTPD Version, for use in determining the version of Apache currently running without having to rely on the often inaccurate SERVER_SOFTWARE Header.
Tagged: Apache, Apache Modules, httpd, Module API | 1 Comment | Continue...
Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+
Want to know something else I’m including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.
Talk about sick.. these tricks have the diamond disease!
Tagged: Hacking, htaccess, htaccess rewrites, mod_rewrite, Security | 37 Comments | Continue...
List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.
We’ve figured out what mod_rewrite variables look like, a cheatsheet of the actual value.
Tagged: cheatsheet, htaccess, mod_rewrite, mod_rewrite cheatsheet, rewritecond, rewriterule | 3 Comments | Continue...
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Some of the Ins and Outs of using SSL Connections with Apache.
Tagged: apache ssl | 9 Comments | Continue...
FeedBurner is so RAD! I love it. Here’s an alternative method to redirect scrapers and feed requests to your feedburner url, in my case, I use Branding by feedburner, which is so hot, taking advantage of CNAMEs in your DNS record.
Tagged: FeedBurner, htaccess, Redirect, rewrite, WordPress | 7 Comments | Continue...
Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.
Apache Documentation Google Custom Search Engine is a great place to go looking for mod_rewrite, .htaccess, and other Apache HTTPD related topics.
List of the directives available to Powweb users for use in htaccess files
Tagged: htaccess, PHP, php.ini | 9 Comments | Continue...
Web Development / Webmaster Glossary
A | B | C | D | E | F | G | H | I | L | M | N | O | P | R | S | T | U | V | W | X | Z | other glossaries
This glossary defines some of the common terminology related to Apache in particular, and web serving in general. More information on each concept is provided in the links.
Access Control
The restriction of access to network realms. In an Apache context usually the restriction of access to certain URLs.See: Authentication, Authorization, and Access Control
Account
The term “account” is often used synonymously with username here at DynDNS. Both terms describe the name you use to log in to our system. An account is not the same as a hostname, which may be named differently.
age
The age of a response is the time since it was sent by, or successfully validated with, the origin server.
Alias
See cname.
Algorithm
An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called Ciphers.
APache eXtension Tool (apxs)
A perl script that aids in compiling module sources into Dynamic Shared Objects ( dsos) and helps install them in the Apache Web server.See: Manual Page: <a href=”http://askapache.info/2.0/programs/apxs.html”>apxs</a>
A Record
An A Record, short for Address Record, allows a numeric ipaddress to map to a more human-readable domain. An A Record may also be referred to as a host or hostname.
Authoritative Nameserver
A nameserver which has been configured to provide answers for a specific domain, rather than simply getting and caching data about domains from other nameservers.
Authentication
The positive identification of a network entity such as a server, a client, or a user.See: Authentication, Authorization, and Access Control
Advisory Committee
An Advisory Committee is a formal…
The love of liberty is the love of others; the love of power is the love of ourselves.
-- William Hazlitt
Please consider donating to support active development of the free software and articles here.![]()
The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee
It's very simple - you read the protocol and write the code. -Bill Joy
HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST | Phrack | GDB
↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd