Allowing Access From 1 static IP and Deny the rest
Say you want to deny access to your entire site except when you access it. The following htaccess code does just that. Instead of a Static IP you could also use a hostname, or part of a hostname..
THE Ultimate Htaccess
.htaccess is a very ancient configuration file for web servers, and is one of the most powerful configuration files most webmasters will ever come across. This htaccess guide shows off the very best of the best htaccess tricks and code snippets from hackers and server administrators.
You've come to the right place if you are looking to acquire mad skills for using .htaccess files!
Apache Authentication in htaccess
How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work
Ultimate Htaccess Part II
Here is even more information from the Ultimate Htaccess Part I. For now this is very rough and you will want to come back later to read it.
Actual Htaccess Files from My Server
#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login.php).*$ [NC,OR]
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www.askapache.com$ [NC]
RewriteRule .* https://www.askapache.com%{REQUEST_URI} [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(wp-admin/.*|wp-login.php.*) HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Htaccess File Sample
Comprehensive .htaccess example file with advanced examples in 1 htaccess sample skeleton .htaccess file with the very best apache htaccess examples... Updated frequently based on detailed info from the Apache htaccess tutorial.
Fight Blog Spam with Apache
Fighting Blog Spam with Apache htaccess and other methods.
Mod_Status tricks to View Apache Module Directives
Quick and easy method to get a list of all Apache Modules currently loaded, a list of all the directives each module provides, a list of currently used directives, etc... These directives can be used in httpd.conf and/or .htaccess files so it is definately useful to know which ones are available and which ones are currently being used.
Htaccess SetEnvIf and SetEnvIfNoCase Examples
SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.
Mod_Security .htaccess tricks
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Security with Apache htaccess Tutorial
Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.
.htaccess – Wikipedia
Mod_Rewrite Security
These are a few of the mod_rewrite uses that BlogSecurity declared pushed the boundaries of Mod_Rewrite! Some of these snippets are quite exotic and unlike anything you may have seen before, also only for those who understand them as they can kill a website pretty quick.
Links to htaccess tutorials and articles
Links to htaccess tutorials and howtos in the htaccess forum
Security Enhancing with htaccess
Securing Subdirectories using unique apache htaccess solutions.
Htaccess Mod_Rewrite – Guidedddd
ListOfErrors
Apache Variable Fun in htaccess
Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.
IP Abuse Detection for DreamHost
Scan Apache logs for IP address that are probably evil, then generates an .htaccess file to DENY them all.
Securing php.ini and php.cgi with .htaccess
If you have a php.cgi or php.ini file in your /cgi-bin/ directory or other pub directory, try requesting them from your web browser. If your php.ini shows up or worse you are able to execute your php cgi, you'll need to secure it ASAP. This shows several ways to secure these files, and other interpreters like perl, fastCGI, bash, csh, etc.
.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog
Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+
Want to know something else I'm including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.
Talk about sick.. these tricks have the diamond disease!
htaccess Tricks for Webmasters
Some of my favorite htaccess examples from some of my favorite .htaccess tutorials. These cut-and-paste ready htaccess code snippets are very useful for website and server administrators.
htaccess directives available on Powweb
List of the directives available to Powweb users for use in htaccess filesPHP and AJAX shell console
Ever wanted to execute commands on your server through php? Now you can. I'm calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.
Debug apache log files from php
Secure phpinfo.php with .htaccess, Now instead of getting a 404 error you will see debug information which will help you find out what the problem is.Apache Environment Variables CGI Script
My improved version of the common printenv / test-cgi scripts for debugging Apache environment variables set in .htaccess files
Enhanced printenv Script for Server Debugging
A souped-up version of the Apache printenv script for hard-core server environment debuggery.
#!/bin/sh
echo -e "Content-type: text/plainnn"
...
__T "CURRENT PROCESS CMDLINE"
{
for p in `echo /proc/[0-9]*/cmdline`;
do
pid=${p:6:$((${#p}-13))}
[[ $pid == $PPID || $pid == $$ ]] && continue;
__M "[ /proc/$pid ]";
sed 's/x00/ /g;G' $p 2>/dev/null
done
}
fi
Apache SSL in htaccess examples
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Some of the Ins and Outs of using SSL Connections with Apache.
Free DNS Services
.htaccess Examples: Cookies, Variables, Custom Headers
Fresh .htaccess code for you! Check out the Cookie Manipulation and environment variable usage with mod_rewrite! I also included a couple Mod_Security .htaccess examples. Enjoy!
Originally Posted: 3/29/2008
IP Blocked by stateful Firewall, now what?
An AskApache Plugin Upgrade to Rule them All
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last... So for all of you who've helped me out by sending me suggestions and notifying me of errors and sticking with it... Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I've been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
3 Ways to Serve PDF Files using Htaccess Cookies, Headers, Rewrites
FYI, using the Mod_Rewrite Variables Cheatsheet makes this example, and all advanced .htaccess code easier to understand. This demo lets you set a cookie with 1 of 3 values, then you just request the pdf file with a normal link click and get 1 of 3 different responses. This is accomplished with a nice bit of .htaccess code.
Set PDF Viewing Mode - Make a selection, then click the view pdf button.
Inline Download Save As View PDF using selected mode »
SSI in Htaccess for ErrorDocuments, DirectoryIndexing, SEO
3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site's error handling to the next level, enhanced ErrorDocuments that go beyond 404's.
Blocking Bad Bots and Scrapers with .htaccess
Want to block a bad robot or web scraper using .htaccess files? Here are 2 methods that illustrate blocking 436 various user-agents.
Apache Web Server Speed Configuration Hacks
Apache server performance can be improved by adding additional hardware resources such as RAM, faster CPU, etc.Arp Packet Hacking
Part deux of Want to know how to really hack? Originally Posted: 12/28/2003
Speed Up Sites with htaccess Caching
2 awesome ways to implement caching on your website using Apache .htaccess or httpd.conf. Both methods are extremely simple to set up and will dramatically speed up your site!Using FilesMatch and Files in htaccess
Some good examples for how to use the Files and FilesMatch directives in .htaccess files and httpd.conf files for Apache.
<FilesMatch ".(htm|html|css|js|php)$"> AddDefaultCharset UTF-8 DefaultLanguage en-US </FilesMatch>