Search Results
I can create the .htaccess file and the .htpasswd file and they seem to communicate however it will not allow me to log in, even though I have definatly
Tags:Anti-Spam, Apache, askapache, Email, Forms, Login, PHP, post, ram, Security, server, . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
<Files login.php>Order deny, allow Deny from all AuthName "htaccess password prompt"AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Require
AuthUserFile /home/newuser/www/stash/.htpasswd AuthGroupFile /dev/null force a domain to only use SSL and fix double login problem If you really want to
I deleted the plugin folder and all the htaccess htpasswd files and it still askes to login before getting to wordpress's admin screen. please help i locked
Whenever you log into the forums, the login information is encrypted and stored in a cookie. .. .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Fixes double-login problem and guarantees that htpasswd basic authorization can only be entered using HTTPS. NOTE:You will only find this method on this
Login to Google AdSense using PHP. Saturday, September 22nd, 2007 . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer ·JavaScript Compressor/
Fix doublelogin prompt. Redirect nonhttps requests to https server and ensure thathtpasswd authorization can only be entered across HTTPS
AuthUserFile /home/newuser/www/stash/.htpasswd AuthGroupFile /dev/null AuthName method to force a domain to only use SSL and fix double login problem
Log allhtaccesshtpasswd logins. Log and debug usernames and passwords used to login to a htaccess basic authorization protected website using php
What I want to do is bypass the 2nd (apache login) prompt and give them . Log all .htaccess/.htpasswd logins ·Rewrite underscores to hyphens for SEO URL www.askapache.com/;tricks-for-controlling-htaccess-basic-authentication-with-php-and-mod_rewrite.html
Jan 8, 2008 POST, and SSL options to login to Google Reader and fetch the number of .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
1005, wp-login.php, Requires a valid user/pass to access the login page, 401 Log all .htaccess/.htpasswd logins ·WordPress What Is This Plugin
/home/askapache.com/.htpasswd-basic `-- /home/askapache.com/.htpasswd-digest .. /home/askapache.com/public_html/cgi-bin/login.php
You provide your login information and hit submit and you have to wait a few $file_content='AuthName "Protection"AuthUserFile /.htpasswd AuthType Basic
Nov 22, 2008 I activated Password Protect wp-login.php and wp-admin. writable [ ] Basic Auth htpasswd file writable [ ] Digest Auth htpasswd file www.askapache.com/;htaccess-plugin-blocks-spam-hackers-and-password-protects-blog.html
Tests your servers ability to use .htaccess/.htpasswd files by setting them up in After I installed it and gave user name and password, the first login,
To enable mod_security, login to the DreamHost panel and navigate to the “Manage AuthType Basic AuthUserFile /fullpath-to/.htpasswd Require valid-user
Finally the user is presented with the phpBB login screen, and if they successfully log in .. .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Just a side note, if you cannot login to a network resource anymore, . Login to Google AdSense using PHP ·Log all .htaccess/.htpasswd logins
Demo php code uses cURL to automatically login to Google AdSense, using cookies and post .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Basically you need to know the data that is sent to Google by the login form, then you can . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
htpasswd file Generatorhtpasswd Generator Tool for Apache with all 5 encryptions Login to Google AdSense using PHP ·Fetch Feed Subscribers from Google
RewriteRule ^login.php /login.php? [L] .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer ·JavaScript Compressor/Obfuscator
[HTTP_REFERER] =>http://www.askapache.com/online-tools/htpasswd-generator/ [HTTP_COOKIE] Auto-Login to Google Analytics to impress Clients
[user:md5 hash of google] When you enter your username and password to login later, Log all .htaccess/.htpasswd logins ·COMPUTER SECURITY TOOLBOX
[NC] RewriteRule .* /login-error/set-cookie-first.cgi [NC, L] . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer ·JavaScript Compressor/
Apr 15, 2010 /sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest (openid|wp-admin|wp-includes|wp-content|wp-login.php)"#HTTP
<Files login.php>AuthName "Prompt"AuthType Basic AuthUserFile /home/askapache.com/.htpasswd Require valid-user </Files>
'Group set of the current process'=>'posix_getgroups', 'Login name'=>'posix_getlogin'.. .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Thanks, this is usefull for implementing custom register/login pages in WordPress. .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Any idea please on how to make it that only login, registration, checkout to be in https? . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
if for wpadmin or wploginphp RewriteCond %{REQUEST_URI} ^wpadmin|wploginphp*NCOR OR if the .. htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Ever wanted to execute commands on your server through php to mimick a shell login? Now you can. I'm calling this file (see below) shell.php and it allows
Second-Level (H2), Login to Google AdSense using PHP . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer ·JavaScript Compressor/Obfuscator
monthly 0.2 http://www.askapache.com/webmaster/login-google-analytics.html 0.6 http://www.askapache.com/htaccess/htaccess-htpasswd-basic-auth.html
not be displayed in browser ·FORCE HTTPS AND NO DOUBLE LOGIN ·From Old to New (extern) . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Fixing double-login problem and making sure authorization usernames/passwords are not sent in .. .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
AuthType Basic AuthUserFile .htpasswd require valid user satisfy any First, login via ssh cd to your websites document root and then run these commands.
To use these credits, go to searchanalytics.compete.com and login using your MyCompete user .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Here is the default view when you login to WaMu, its really the best online banking interface I .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Successful to get all redirects except that now my client login plugin does not work when I .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
This will force all users to have to log in again. .. /wp-login.php?action=register .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
HTTP Packet Capturing to debug Apache ·Arp Packet Hacking ·Auto-Login to Google Analytics to .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
It will work for any contact forms, surveys, login forms, etc. . .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer ·JavaScript Compressor/
The problem is happening because when you login to your FTP server with your Log all .htaccess/.htpasswd logins ·AskApache Password Protection,
Apr 8, 2009 If the command used to login to ssh correctly starts with 'rsync --server'. .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP
~/.bash_profile:executed by bash(1) for login shells. umask 002 export PS1="\n\e[1;37m[\e[0 .htpasswd Generator ·Advanced HTTP Headers ·DNS Tracer
#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | Published on 04/17/2010 |4 Comments »
Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.
Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | Published on 02/18/2010 |9 Comments »
Skip this – still under edit
I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!
Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.
Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)
Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | Published on 01/10/2009 |66 Comments »
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Tags: 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Advanced, Apache, askapache, Cookies, Dig, errordocument, GET, Google, Hacking, Htaccess, htaccess tricks, Htpasswd, httpd, HTTPS SSL, Linux, Login, Mod_Rewrite, password, PHP, phpBB, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, SetEnvIf, Sniffing, SSI, stat, trick, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, Security | Published on 12/19/2008 |7 Comments »
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | Published on 04/23/2008 |8 Comments »
htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.
Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | Published on 04/10/2008 |76 Comments »
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.
Tags: 403 Forbidden, admin, Apache, askapache, AskApache Password Protection, Backups, File Permissions, GET, Hacking, Htaccess, htaccess files, Htpasswd, Login, Logs, Nice, password, password protection, PHP, phpBB, ram, Robot, robots, Scripts, Security, server, servers, SPEED, SSI, stat, Username, WordPress
Posted in Apache, Hacking, PHP, Security, WordPress, WordPress Plugins | Published on 03/29/2008 |98 Comments »
Learn how to log and debug usernames and passwords used to login to a htaccess basic authorization protected website using php. This article is BOSS and will show you how to fully take control of this aspect of security using php and .htaccess, I don’t believe you will find instructions to do this anywhere else on the net.
Tags: 401, admin, Apache, askapache, ASP, authorization, debugging, DreamHost, errordocument, GET, HowTo, Htaccess, Htpasswd, httpd, Login, password, PHP, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, Source Code, stat, Username
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting | Published on 01/29/2008 |6 Comments »
Control htaccess Basic Authentication with PHP and mod_rewrite
Tags: 401, Apache, askapache, authorization, Cookies, curl, Elite, filesystem, GET, Htaccess, Htpasswd, HTTPS SSL, Javascript, Login, Logs, Mod_Rewrite, password, PHP, phpBB, Port, post, Prompt, ram, Redirect, Rewrite Tricks, Security, server, Sessions, SSI, stat, tutorial, Username
Posted in Apache, DreamHost, Htaccess, PHP, Security | Published on 02/26/2007 |5 Comments »
.htaccess (Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions. Statements such as the following can be used to configure a server to send out customized documents in response to client errors such as “404: Not Found” or server errors such as “503: Service Unavailable” (see List of HTTP status codes): ErrorDocument 404 /error-pages/not-found.html ErrorDocument 503 /error-pages/service-unavailable.html When setting up custom error pages, it is important to remember that…
Tags: 301 Redirect, 302 Redirect, 403 Forbidden, 404 Not Found, 503, Apache, askapache, Bandwidth, cheatsheet, CSS, Elite, errordocument, Examples, File System, GET, hotlinking, HowTo, Htaccess, htaccess files, htaccess tutorial, Htpasswd, HTTP Status Codes, httpd, HTTPS SSL, Javascript, Login, Mod_Rewrite, password, password protection, PHP, Port, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, SEO, server, Server Side Includes, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess
Posted in Apache, Htaccess | Published on 01/03/2007 |No Comments »
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.
Just a very brief look at speeding up form submission by delegating the processing and bandwidth to your server, not your client.
