Apache SSL in htaccess examples
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Some of the Ins and Outs of using SSL Connections with Apache.
THE Ultimate Htaccess
.htaccess is a very ancient configuration file for web servers, and is one of the most powerful configuration files most webmasters will ever come across. This htaccess guide shows off the very best of the best htaccess tricks and code snippets from hackers and server administrators.
You've come to the right place if you are looking to acquire mad skills for using .htaccess files!
SSL
Mod_Rewrite Variables Cheatsheet
We've figured out what mod_rewrite variables look like, a cheatsheet of the actual value.
htaccess HTTPS / SSL Tips, Tricks, and Hacks
Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.
An AskApache Plugin Upgrade to Rule them All
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
Libcurl Error Codes
Htaccess Mod_Rewrite – Crazy Advanced Master Class
htaccess rewrite Master Class! If you understand the basics of mod_rewrite, or if you literally write the mod_rewite.c code, this article will transform your thinking. The transformation is profound. Deeply effective. Culmination of the best of the best mod_rewrite tricks for understanding and learning exactly what rewrite is doing.
Mixed SSL Content Warning Secure Fixed
I used to run into the problem of having warning messages pop up when I accessed a page with secure and non-secure information and finally I found something that let me post non-ssl encrypted content on an ssl encrypted page and no warning messages will pop up!Web Development Glossary
htaccess directives available on Powweb
List of the directives available to Powweb users for use in htaccess files.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog
Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+
Want to know something else I'm including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.
Talk about sick.. these tricks have the diamond disease!
COMPUTER SECURITY TOOLBOX
List of mainly obscure security software geared more for the master pentester. These are mostly for unix, bsd, and mac and many are difficult to install and setup (require custom servers, inside access points, obscure libraries). Only programs that output data are included, so no actual exploits or anything. Most of these output extremely useful albeit extremely technical information.Smart HTTP and HTTPS .htaccess Rewrite
This is freaking sweet if you use SSL I promise you! Basically instead of having to check for HTTPS using a RewriteCond %{HTTPS} =on for every redirect that can be either HTTP or HTTPS, I set an environment variable once with the value "http" or "https" if HTTP or HTTPS is being used for that request, and use that env variable in the RewriteRule.
.htaccess – Wikipedia
Troubleshooting Apache .htaccess Authentication
Apache Web Server users have problems getting Apache Authentication/password-protection in htaccess working, this is a troubleshooting guide to get Password Protection working!
Htaccess File Sample
Comprehensive .htaccess example file with advanced examples in 1 htaccess sample skeleton .htaccess file with the very best apache htaccess examples... Updated frequently based on detailed info from the Apache htaccess tutorial.
Advanced WordPress wp-config.php Tweaks
The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.
Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..
View all MySQL Variables for Pasting into my.cnf
This is really useful for me because I work with dozens of different database servers. The first thing I do is run this command and paste it into the servers /etc/my.cnf file. That way I will always know the original value and it just makes life much easier.
$ mysql -NBe 'SHOW VARIABLES' |sed 's,\t,^=,'|column -ts^|tr "\n" '@'|eval $(echo "sed '" "s,@\("{a..z}"\),\n\n\1,;" "'")|tr '@' "\n"|sed 's,^,# ,g'
Advanced .htaccess Tricks for Securing Sites
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Notes from Apache HTTPD Source Code
thought I'd take a break from coding and post about how open-source is such a great tool for finding the best answers to the toughest questions,
/** is the status code informational */ #define ap_is_HTTP_INFO(x) (((x) >= 100)&&((x) < 200)) /** is the status code OK ?*/ #define ap_is_HTTP_SUCCESS(x) (((x) >= 200)&&((x) < 300)) /** is the status code a redirect */ #define ap_is_HTTP_REDIRECT(x) (((x) >= 300)&&((x) < 400)) /** is the status code a error (client or server) */ #define ap_is_HTTP_ERROR(x) (((x) >= 400)&&((x) < 600)) /** is the status code a client error */ #define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500)) /** is the status code a server error */ #define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600)) /** is the status code a (potentially) valid response code? */ #define ap_is_HTTP_VALID_RESPONSE(x) (((x) >= 100)&&((x) < 600))
Windows Batch Script saves Screenshots every 10min
DreamHost’s Private Servers Finally Rooted
Apache Variable Fun in htaccess
Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.
Caching Tutorial for Webmasters
If you examine the preferences dialog of any modern Web browser (like Internet Explorer, Safari or Mozilla), you'll probably notice a 'cache' setting. This lets you set aside a section of your computer's hard disk to store representations that you've seen, just for you. The browser cache works according to fairly simple rules. It will check to make sure that the representations are fresh, usually once a session (that is, the once in the current invocation of the browser).
WordPress Plugin for Apache .htaccess Security
- gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
- Now also works for sites running on SSL (PHP version >4.3.0)
- Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
- Added a *real* check to see if mod_rewrite is installed
- Added Modules that remove directoryindexes
- Much more on the way..
Apache Directives and Modules on DreamHost
Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.
MariaDB with LZ4 Compression Howto for CentOS
I really really wanted to run the latest MariaDB with LZ4 Page Compression.. it is a game changer for many types of large databases I deal with. So I compiled it manually in a way that is repeatable and follows best-practices and it's now powering this site. Now I can use InnoDB Page Compression with lzo, lzma, bzip2, snappy, or my favorite algorithm: LZ4.
Thought this would be a good chance to post a howto, and show that there is a lot you can do by compiling software yourself and breaking the package management one-click install shackles.
SSI in Htaccess for ErrorDocuments, DirectoryIndexing, SEO
3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site's error handling to the next level, enhanced ErrorDocuments that go beyond 404's.
HOWTO: Uninstall CPANEL over SSH
The following is just a quick but detailed reference of some of the commands I used to successfully uninstall cpanel permanently. This is for advanced users of the shell. If you run a single one of these commands without fully understanding it, you will probably kill your server, lose everything on it permanently, not have a website or email for weeks.. So backup everything. FIRST. You should also contact your hosting provider support - but be prepared for some MAJOR negativity.. cpanel makes things very easy for web-hosting companies, and you are less than a drop in their bucket.
Links to htaccess tutorials and articles
Links to htaccess tutorials and howtos in the htaccess forum
Security with Apache htaccess Tutorial
Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.
Advanced HTTP Request and Response Header Viewer
Terminal Escape Code Zen
An image and technicacl achievement so profound, it will touch yoour heart.. So 3D... it'll hurt you eyes! LOL.. lol.. Man I am cracking up here. haha Ha definately the best intro ever, those really do look 3D for terminal though huh.. Sweet. Here is the little function I wrote to output that grey marble.
HTTP Status Codes
This is a big update from the last time I looked into this, when I enumerated 57 Status Codes that Apache 2.x was capable of handling. This list contains 83 Status Codes recognized by Apache. I compiled the latest 2.4.4 Apache in order to view the actual codes sent by a live server.. very cool. You can read about the newest HTTP Status Codes in RFC 6585.
Running a Reverse Proxy in Apache
HTTP Status Codes and Htaccess ErrorDocuments
There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn't you like to see what all those headers and their output, ErrorDocuments look like?
Pen-testing Security Tools
While testing the exploitability of your target and mapping out vulnerabilities it is important to gain access inside the targets defenses so that you can establish an internal foothold like a owned box or switch. This is so you can use a tool to discover the packet-filtering being used, and literally map out the firewall/IDS rules. Needless to say that really provides you with a lot more complete vulnerability assessment to help discover more weak spots in the system.
PHP Sessions/Cookies On The Fly
This article shows how to save and modify php session data, cookies, do anything really... without using ajax or iframes or forcing the user make a request.