Search For deflate

Raw HTTP Header Debugger

Post by AskApache Oct 26, 20115 comments

Category:

3 Ways to Serve PDF Files using Htaccess Cookies, Headers, Rewrites

Post by AskApache Aug 20, 20117 comments

FYI, using the Mod_Rewrite Variables Cheatsheet makes this example, and all advanced .htaccess code easier to understand. This demo lets you set a cookie with 1 of 3 values, then you just request the pdf file with a normal link click and get 1 of 3 different responses. This is accomplished with a nice bit of .htaccess code.

Category: Htaccess

Actual Htaccess Files from My Server

Post by AskApache Apr 17, 20106 comments

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Category: Htaccess

Protecting Files with Advanced Mod_Rewrite Anti-Hotlinking

Post by AskApache Sep 16, 20091 comment

If you have files on your site that you don't want indexed by malicious search engines, grabbed and leeched by malicious spammers, or stolen and made available elsewhere, you can use mod_rewrite to drastically reduce or totally reduce that activity.

Category: Htaccess

An AskApache Plugin Upgrade to Rule them All

Post by AskApache Jul 29, 20091 comment

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

Category: WordPress

SSI in Htaccess for ErrorDocuments, DirectoryIndexing, SEO

Post by AskApache Mar 09, 20091 comment

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site's error handling to the next level, enhanced ErrorDocuments that go beyond 404's.

Category: Htaccess

THE Ultimate Htaccess

Post by AskApache Jan 10, 200988 comments

Skip this - still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and "share" the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don't use .htaccess much, if AT ALL. It's much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I've never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it's almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It's common to see "computer gurus" on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf - I wonder if these "gurus" know the history of the htaccess file, like it's use in the earliest versions of the HTTP Server- NCSA's HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA's, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Category: Htaccess

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Post by AskApache Nov 22, 200845 comments

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I'm including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Category: WordPress

Serve External Javascript Files locally for Increased Speed

Post by AskApache Oct 01, 20085 comments

One way I speed up AskApache.com is by downloading external third-party javascript files to host on my own server instead of externally. In addition to the obvious speed boost, this lets you configure the caching and compression settings for the files.

Category: Javascript

Fsockopen Power Plays

Post by AskApache Jul 02, 20084 comments

PHP's fsockopen function lets you open an Internet or Unix domain socket connection for connecting to a resource, and is one of the most powerful functions available in the php language.

Category: PHP

PHP Sessions/Cookies On The Fly

Post by AskApache Mar 28, 20082 comments

This article shows how to save and modify php session data, cookies, do anything really... without using ajax or iframes or forcing the user make a request.

Category: PHP

Advanced HTTP Redirection

Post by AskApache Mar 26, 20082 comments

Learn about the 7 different HTTP response codes specifically reserved for redirection. 301, 302, 303, 304, 305, and 307.

Category: SEO

Hack WP-Cache for Maximum Speed

Post by AskApache Mar 11, 20082 comments

If you desire SPEED from your WordPress blog, the #1 speed improvement comes from using the WP-Cache Plugin. If you still desire SPEED after installing the Plugin, you can modify the WP-Cache Plugin code to make your blog even faster!

Category: Optimization

Who Am I – Your IP Information

Post by AskApache Dec 18, 2007comment

Category:

Apache Directives and Modules on DreamHost

Post by AskApache Nov 23, 2007comment

Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.

Category: Hosting

Speed Up Google Analytics with urchin.js

Post by AskApache Sep 14, 200711 comments

Category: Google

Wget Trick to Download from Restrictive Sites

Post by AskApache Sep 06, 200712 comments

Before
After trick
I am often logged in to my servers via SSH, and I need to download a file like a WordPress plugin. I've noticed many sites now employ a means of blocking robots like wget from accessing their files. Most of the time they use .htaccess to do this. So a permanent workaround has wget mimick a normal browser.

Category: Linux
Tags: bash, wget

Speed Tips: Turn On Compression

Post by AskApache Sep 05, 200730 comments

Use the Apache module mod_deflate to compress your static .css and .js files, speeding your site up like crazy!

Category: Htaccess

Downloading Multiple Files with Curl Simultaneously

Post by AskApache Sep 05, 200717 comments

Wouldn't it be great if you could use php and curl to download multiple files simultaneously using built-in curl functions? You can!

Category: PHP

Apache Variable Fun in htaccess

Post by AskApache Apr 10, 20073 comments

Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.

Category: Htaccess