HTTP/1.1 200 OK Date: Sat, 11 Feb 2012 13:48:20 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Enhanced printenv Script for Server Debugging

A souped-up version of the Apache printenv script for hard-core server environment debuggery.

#!/bin/sh
echo -e "Content-type: text/plain\n\n"
...
  __T "CURRENT PROCESS CMDLINE"
  {
   for p in `echo /proc/[0-9]*/cmdline`;
   do
    pid=${p:6:$((${#p}-13))}
    [[ $pid == $PPID || $pid == $$ ]] && continue;
    __M "[ /proc/$pid ]";
    sed 's/\x00/ /g;G' $p 2>/dev/null
   done
  }
 fi

Posted in Hosting | Published on April 14, 2011 |1 Comment »

HTTP Status Codes and Htaccess ErrorDocuments

There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn't you like to see what all those headers and their output, ErrorDocuments look like?

Posted in Htaccess | Published on January 4, 2011 |23 Comments »

Ultimate Htaccess Part II

Here is even more information from the Ultimate Htaccess Part I. For now this is very rough and you will want to come back later to read it.

Posted in Htaccess | Published on October 16, 2010 |5 Comments »

Dealing with Mobile Visitors using Bad Browsers

Definately worth the read… Read the rest, but it is hard to see any benefit to doing this. Mobile agents are still in their infancy, but within 2 years most mobiles will be as fast as the laptops from a couple years back... I mean my droid is running linux! The world is moving steadily towards a society where mobile devices will

Posted in Htaccess | Published on September 9, 2010 |1 Comment »

Actual Htaccess Files from My Server

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]

# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]

# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]

# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]

RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Posted in Htaccess | Published on April 17, 2010 |6 Comments »

SSI in Htaccess for ErrorDocuments, DirectoryIndexing, SEO

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site's error handling to the next level, enhanced ErrorDocuments that go beyond 404's.

Posted in Htaccess | Published on March 9, 2009 |1 Comment »

THE Ultimate Htaccess

Skip this - still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and "share" the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don't use .htaccess much, if AT ALL. It's much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I've never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it's almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It's common to see "computer gurus" on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf - I wonder if these "gurus" know the history of the htaccess file, like it's use in the earliest versions of the HTTP Server- NCSA's HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA's, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Posted in Htaccess | Published on January 10, 2009 |87 Comments »

Advanced .htaccess Tricks for Securing Sites

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Posted in Htaccess | Published on December 19, 2008 |7 Comments »

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I'm including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Posted in WordPress | Published on November 22, 2008 |43 Comments »

Skeleton .htaccess file for Powweb Hosting

If you have a Powweb Webhosting account, you will appreciate this simple skeleton .htaccess file for use on their systems.

Posted in Htaccess | Published on January 11, 2008 |No Comments »

WordPress Plugin for Apache .htaccess Security

gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
Now also works for sites running on SSL (PHP version >4.3.0)
Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
Added a *real* check to see if mod_rewrite is installed
Added Modules that remove directoryindexes
Much more on the way..

Posted in WordPress | Published on January 1, 2008 |1 Comment »

Boost SEO, Drive Traffic with the 404 Error Page Plugin

The best (so far) AskApache Plugin is now even bestester! Turns every 404 Not Found error on your blog into a search engine optimized, traffic driving event!

Posted in WordPress | Published on December 19, 2007 |9 Comments »

Apache Directives and Modules on DreamHost

Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.

Posted in Hosting | Published on November 23, 2007 |No Comments »

Awk Tutorial and Introduction

While researching a unix/linux tool awk I came upon one of the most thorough and helpful tutorials I've ever seen devoted to a particular topic. It's old-school just the way I like it. I contacted the author, Bruce Barnett because I just HAD to have this article for my readers, who are predominantly running solaris/unix/bsd/linux and he kindly gave permission.

Posted in Linux | Published on November 12, 2007 |1 Comment »

SEO with Robots.txt

Very nice tutorial dealing with the robots.txt file. Shows examples for google and other search engines. Wordpress robots.txt and phpBB robots.txt sample files.

Posted in SEO | Published on October 20, 2007 |22 Comments »

Search Feed
Comments Feed

Search For indexes