AskApache » Search Results » ip+abuse http://www.askapache.com Advanced Web Development Sun, 29 Jan 2012 12:04:08 +0000 en-US hourly 1 Actual Htaccess Files from My Server http://www.askapache.com/htaccess/real-world-htaccess-files.html http://www.askapache.com/htaccess/real-world-htaccess-files.html#comments Sat, 17 Apr 2010 15:06:22 +0000 AskApache http://www.askapache.com/?p=4357 #### No https except to wp-admin - # If the request is empty ( implies fopen or normal file access by a php script ) RewriteCond %{THE_REQUEST} ^$ [OR] # OR if the request if for wp-admin or wp-login.php RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR] # OR if the Referer is https RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC] # THEN skip the following rule, basically all this does is force https or badhost to be redirected # BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts RewriteRule .* - [S=1] RewriteCond %{HTTPS} =on [OR] RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC] RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L] RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC] RewriteCond %{HTTPS} !=on RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]]]> AskApache.com

I was going through some backups from years ago, and ran:

locate .htaccess | xargs -I'{}' cat '{}' >> master-htaccesser.txt

My site is named after reading source code because that is what helps me the most when I'm trying to learn something unusually difficult. Just like functions and aliases, it is very helpful to have cheatsheets for common commands.. not much is better than real-world examples. Unfortunately because this was compiled from hundreds of htaccess files on multiple hosts and platforms, and due to the concatenation, it's not organized.

Normally I would not publish something like this, who knows how much unreleased tricks I forgot about.. but in order to say thanks to all those working for open-source, the FSF, and to all those who don't steal content, and to all the incredible authors who shared with me (I twitter most of what I find, and follow my favs), here ya go..

ATTN: Please let me know if this is total junk or not, this is around 1/500th of my master-htaccesser.txt file.. and I'd be happy to post more if it helps..

Checking for Cookie

Used this to stop mp3-scrapers.. checks for a cookie ending in MP3P=02357

Options -Indexes
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !^.*MP3P=([0-9]+).* [NC]
RewriteRule .* - [F,L]

Setting Environment Var if Proxied

RewriteEngine On
RewriteRule "\.(gif|png|jpg)$" "-" [ENV=proxied_image:1]
RewriteCond "%{ENV:proxied_image}" "!1"
RewriteRule "^" "-" [ENV=proxied_other:1]

nokeepalive for ErrorDocs and Abusers

Options SymLinksIfOwnerMatch IncludesNOEXEC
AddOutputFilter Includes html
SetEnv nokeepalive
Order Allow,Deny
Allow from all
# 1 YEAR
<filesMatch "\.(js|css)$">
Header unset Pragma
FileETag None
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
Header unset Last-Modified
Header unset ETag
 
SetOutputFilter DEFLATE
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
</filesMatch>
SecFilterEngine Off
 
# 1 YEAR
<filesMatch "\.(js|css)$">
Header unset Pragma
FileETag None
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
Header unset Last-Modified
Header unset ETag
 
SetOutputFilter DEFLATE
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
</filesMatch>

Unreleased Tests for AskApache Password Protection

# +ASKAPACHE PASSPRO 4.6.6
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +APRO SIDS
# +SID 21030002
Order Deny,Allow
Deny from All
Satisfy Any
AuthType Digest
AuthName "Protected By AskApache"
AuthDigestDomain / http://www.askapache.com/
AuthDigestFile /home/.greer/askapache/sites/askapache.com/.htpasswda3
Require valid-user
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$">
Allow from All
</filesMatch>
<filesMatch "(async-upload|admin-ajax)\.php$">
<ifModule mod_security.c>
SecFilterEngine Off
</ifModule>
Allow from All
</filesMatch>
# -SID 21030002
# -APRO SIDS
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE PASSPRO 4.6.6
 
# +ASKAPACHE PASSPRO 4.6.6
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +APRO SIDS
# +SID Test
ErrorDocument 401 /wp-content/askapache/test.gif
ErrorDocument 403 /wp-content/askapache/test.gif
ErrorDocument 404 /wp-content/askapache/test.gif
ErrorDocument 500 /wp-content/askapache/test.gif
ServerSignature On
<ifModule mod_alias.c>
RedirectMatch 305 ^.*modaliastest$ http://www.askapache.com
</ifModule>
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} modrewritetest [NC]
RewriteRule .* http://www.askapache.com [R=307,L]
</ifModule>
<files modsec_check.gif>
<ifModule mod_security.c>
SetEnv MODSEC_ENABLE On
SecFilterEngine On
SecFilterDefaultAction "nolog,noauditlog,pass"
SecAuditEngine Off
SecFilterInheritance Off
SecFilter modsecuritytest "deny,nolog,noauditlog,status:503"
Deny from All
</ifModule>
</files>
<files basic_auth_test.gif>
AuthType Basic
AuthName "askapache test"
AuthUserFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-basic
Require valid-user
</files>
<files digest_check.gif>
AuthType Digest
AuthName "askapache test"
AuthDigestDomain /wp-content/askapache/ http://www.askapache.com/wp-content/askapache/
AuthUserFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest
Require none
</files>
<files authuserfile_test.gif>
AuthType Digest
AuthName "askapache test"
AuthDigestDomain /wp-content/askapache/ http://www.askapache.com/wp-content/askapache/
AuthUserFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest
Require valid-user
</files>
<files authdigestfile_test.gif>
AuthType Digest
AuthName "askapache test"
AuthDigestDomain /wp-content/askapache/ http://www.askapache.com/wp-content/askapache/
AuthDigestFile /home/.greer/askapache/sites/askapache.com/htdocs/wp-content/askapache/.htpasswd-digest
Require valid-user
</files>
# -SID Test
# -APRO SIDS
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE PASSPRO 4.6.6

Warming up to the really advanced tests

Options +ExecCGI
Order Deny,Allow
Deny from All
Allow from 208.113.134.190 64.111.114.111 208.113.134.203 208.113.152.201 env=REDIRECT_STATUS
Satisfy Any
Options +FollowSymLinks
AddHandler application/x-httpd-php .php
 
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^tyy+$ [NC]
RewriteCond %{REMOTE_USER} ^(.+)$
RewriteRule ^(.*)$ $1/-%1 [R=302,L]
Options +ExecCGI +FollowSymLinks
DirectoryIndex index.php
ErrorDocument 404 /cgi-bin/pro/index.php
 
AuthType Digest
AuthName "AskApache Pro"
AuthDigestFile /home/askapache/sites/askapache.com/.htpasswd-pro
AuthDigestDomain /cgi-bin/pro/ http://www.askapache.com/cgi-bin/pro/ https://www.askapache.com/cgi-bin/pro/
Require user askapacheDirectoryIndex p.php
ErrorDocument 403 /cgi-bin/p/p.php
ErrorDocument 401 /cgi-bin/p/p.php
ErrorDocument 500 /cgi-bin/p/p.php
ErrorDocument 503 /cgi-bin/p/p.php
 
RewriteEngine On
RewriteBase /
RewriteRule .* - [E=INFO_API_VERSION:%{API_VERSION}]
RewriteRule .* - [E=INFO_AUTH_TYPE:%{AUTH_TYPE}]
RewriteRule .* - [E=INFO_CONTENT_LENGTH:%{CONTENT_LENGTH}]
RewriteRule .* - [E=INFO_CONTENT_TYPE:%{CONTENT_TYPE}]
RewriteRule .* - [E=INFO_DOCUMENT_ROOT:%{DOCUMENT_ROOT}]
RewriteRule .* - [E=INFO_GATEWAY_INTERFACE:%{GATEWAY_INTERFACE}]
RewriteRule .* - [E=INFO_HTTPS:%{HTTPS}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT:%{HTTP:Accept}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT_LANGUAGE:%{HTTP:Accept-Language}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT_ENCODING:%{HTTP:Accept-Encoding}]
RewriteRule .* - [E=INFO_HTTP_ACCEPT_CHARSET:%{HTTP:Accept-Charset}]
RewriteRule .* - [E=INFO_HTTP_CACHE_CONTROL:%{HTTP:Cache-Control}]
RewriteRule .* - [E=INFO_HTTP_CONNECTION:%{HTTP:Connection}]
RewriteRule .* - [E=INFO_HTTP_COOKIE:%{HTTP_COOKIE}]
RewriteRule .* - [E=INFO_HTTP_FORWARDED:%{HTTP_FORWARDED}]
RewriteRule .* - [E=INFO_HTTP_HOST:%{HTTP_HOST}]
RewriteRule .* - [E=INFO_HTTP_KEEP_ALIVE:%{HTTP_KEEP_ALIVE}]
RewriteRule .* - [E=INFO_HTTP_PROXY_CONNECTION:%{HTTP_PROXY_CONNECTION}]
RewriteRule .* - [E=INFO_HTTP_REFERER:%{HTTP:Referer}]
RewriteRule .* - [E=INFO_HTTP_USER_AGENT:%{HTTP_USER_AGENT}]
RewriteRule .* - [E=INFO_IS_SUBREQ:%{IS_SUBREQ}]
RewriteRule .* - [E=INFO_ORIG_PATH_INFO:%{ORIG_PATH_INFO}]
RewriteRule .* - [E=INFO_ORIG_PATH_TRANSLATED:%{ORIG_PATH_TRANSLATED}]
RewriteRule .* - [E=INFO_ORIG_SCRIPT_FILENAME:%{ORIG_SCRIPT_FILENAME}]
RewriteRule .* - [E=INFO_ORIG_SCRIPT_NAME:%{ORIG_SCRIPT_NAME}]
RewriteRule .* - [E=INFO_PATH:%{PATH}]
RewriteRule .* - [E=INFO_PATH_INFO:%{PATH_INFO}]
RewriteRule .* - [E=INFO_QUERY_STRING:%{QUERY_STRING}]
RewriteRule .* - [E=INFO_REDIRECT_QUERY_STRING:%{REDIRECT_QUERY_STRING}]
RewriteRule .* - [E=INFO_REDIRECT_REMOTE_USER:%{REDIRECT_REMOTE_USER}]
RewriteRule .* - [E=INFO_REDIRECT_STATUS:%{REDIRECT_STATUS}]
RewriteRule .* - [E=INFO_REDIRECT_URL:%{REDIRECT_URL}]
RewriteRule .* - [E=INFO_REMOTE_ADDR:%{REMOTE_ADDR}]
RewriteRule .* - [E=INFO_REMOTE_HOST:%{REMOTE_HOST}]
RewriteRule .* - [E=INFO_REMOTE_IDENT:%{REMOTE_IDENT}]
RewriteRule .* - [E=INFO_REMOTE_PORT:%{REMOTE_PORT}]
RewriteRule .* - [E=INFO_REMOTE_USER:%{REMOTE_USER}]
RewriteRule .* - [E=INFO_REQUEST_FILENAME:%{REQUEST_FILENAME}]
RewriteRule .* - [E=INFO_REQUEST_METHOD:%{REQUEST_METHOD}]
RewriteRule .* - [E=INFO_REQUEST_URI:%{REQUEST_URI}]
RewriteRule .* - [E=INFO_REDIRECT_REQUEST_URI:%{REDIRECT_REQUEST_URI}]
RewriteRule .* - [E=INFO_SCRIPT_FILENAME:%{SCRIPT_FILENAME}]
RewriteRule .* - [E=INFO_SCRIPT_GROUP:%{SCRIPT_GROUP}]
RewriteRule .* - [E=INFO_SCRIPT_NAME:%{SCRIPT_NAME}]
RewriteRule .* - [E=INFO_SCRIPT_URI:%{SCRIPT_URI}]
RewriteRule .* - [E=INFO_SCRIPT_URL:%{SCRIPT_URL}]
RewriteRule .* - [E=INFO_SCRIPT_USER:%{SCRIPT_USER}]
RewriteRule .* - [E=INFO_SERVER_ADDR:%{SERVER_ADDR}]
RewriteRule .* - [E=INFO_SERVER_ADMIN:%{SERVER_ADMIN}]
RewriteRule .* - [E=INFO_SERVER_NAME:%{SERVER_NAME}]
RewriteRule .* - [E=INFO_SERVER_PORT:%{SERVER_PORT}]
RewriteRule .* - [E=INFO_SERVER_PROTOCOL:%{SERVER_PROTOCOL}]
RewriteRule .* - [E=INFO_SERVER_SIGNATURE:%{SERVER_SIGNATURE}]
RewriteRule .* - [E=INFO_SERVER_SOFTWARE:%{SERVER_SOFTWARE}]
RewriteRule .* - [E=INFO_THE_REQUEST:%{THE_REQUEST}]
RewriteRule .* - [E=INFO_TIME:%{TIME}]
RewriteRule .* - [E=INFO_TIME_DAY:%{TIME_DAY}]
RewriteRule .* - [E=INFO_TIME_HOUR:%{TIME_HOUR}]
RewriteRule .* - [E=INFO_TIME_MIN:%{TIME_MIN}]
RewriteRule .* - [E=INFO_TIME_MON:%{TIME_MON}]
RewriteRule .* - [E=INFO_TIME_SEC:%{TIME_SEC}]
RewriteRule .* - [E=INFO_TIME_WDAY:%{TIME_WDAY}]
RewriteRule .* - [E=INFO_TIME_YEAR:%{TIME_YEAR}]
RewriteRule .* - [E=INFO_TZ:%{TZ}]
RewriteRule .* - [E=INFO_UNIQUE_ID:%{UNIQUE_ID}]
 
RequestHeader set INFO_API_VERSION "%{INFO_API_VERSION}e"
RequestHeader set INFO_AUTH_TYPE "%{INFO_AUTH_TYPE}e"
RequestHeader set INFO_CONTENT_LENGTH "%{INFO_CONTENT_LENGTH}e"
RequestHeader set INFO_CONTENT_TYPE "%{INFO_CONTENT_TYPE}e"
RequestHeader set INFO_DOCUMENT_ROOT "%{INFO_DOCUMENT_ROOT}e"
RequestHeader set INFO_GATEWAY_INTERFACE "%{INFO_GATEWAY_INTERFACE}e"
RequestHeader set INFO_HTTPS "%{INFO_HTTPS}e"
RequestHeader set INFO_HTTP_ACCEPT "%{INFO_HTTP_ACCEPT}e"
RequestHeader set INFO_HTTP_ACCEPT_LANGUAGE "%{INFO_HTTP_ACCEPT_LANGUAGE}e"
RequestHeader set INFO_HTTP_ACCEPT_ENCODING "%{INFO_HTTP_ACCEPT_ENCODING}e"
RequestHeader set INFO_HTTP_ACCEPT_CHARSET "%{INFO_HTTP_ACCEPT_CHARSET}e"
RequestHeader set INFO_HTTP_CACHE_CONTROL "%{INFO_HTTP_CACHE_CONTROL}e"
RequestHeader set INFO_HTTP_CONNECTION "%{INFO_HTTP_CONNECTION}e"
RequestHeader set INFO_HTTP_COOKIE "%{INFO_HTTP_COOKIE}e"
RequestHeader set INFO_HTTP_FORWARDED "%{INFO_HTTP_FORWARDED}e"
RequestHeader set INFO_HTTP_HOST "%{INFO_HTTP_HOST}e"
RequestHeader set INFO_HTTP_KEEP_ALIVE "%{INFO_HTTP_KEEP_ALIVE}e"
RequestHeader set INFO_HTTP_PROXY_CONNECTION "%{INFO_HTTP_PROXY_CONNECTION}e"
RequestHeader set INFO_HTTP_REFERER "%{INFO_HTTP_REFERER}e"
RequestHeader set INFO_HTTP_USER_AGENT "%{INFO_HTTP_USER_AGENT}e"
RequestHeader set INFO_IS_SUBREQ "%{INFO_IS_SUBREQ}e"
RequestHeader set INFO_ORIG_PATH_INFO "%{INFO_ORIG_PATH_INFO}e"
RequestHeader set INFO_ORIG_PATH_TRANSLATED "%{INFO_ORIG_PATH_TRANSLATED}e"
RequestHeader set INFO_ORIG_SCRIPT_FILENAME "%{INFO_ORIG_SCRIPT_FILENAME}e"
RequestHeader set INFO_ORIG_SCRIPT_NAME "%{INFO_ORIG_SCRIPT_NAME}e"
RequestHeader set INFO_PATH "%{INFO_PATH}e"
RequestHeader set INFO_PATH_INFO "%{INFO_PATH_INFO}e"
RequestHeader set INFO_QUERY_STRING "%{INFO_QUERY_STRING}e"
RequestHeader set INFO_REDIRECT_QUERY_STRING "%{INFO_REDIRECT_QUERY_STRING}e"
RequestHeader set INFO_REDIRECT_REMOTE_USER "%{INFO_REDIRECT_REMOTE_USER}e"
RequestHeader set INFO_REDIRECT_STATUS "%{INFO_REDIRECT_STATUS}e"
RequestHeader set INFO_REDIRECT_URL "%{INFO_REDIRECT_URL}e"
RequestHeader set INFO_REMOTE_ADDR "%{INFO_REMOTE_ADDR}e"
RequestHeader set INFO_REMOTE_HOST "%{INFO_REMOTE_HOST}e"
RequestHeader set INFO_REMOTE_IDENT "%{INFO_REMOTE_IDENT}e"
RequestHeader set INFO_REMOTE_PORT "%{INFO_REMOTE_PORT}e"
RequestHeader set INFO_REMOTE_USER "%{INFO_REMOTE_USER}e"
RequestHeader set INFO_REQUEST_FILENAME "%{INFO_REQUEST_FILENAME}e"
RequestHeader set INFO_REQUEST_METHOD "%{INFO_REQUEST_METHOD}e"
RequestHeader set INFO_REQUEST_URI "%{INFO_REQUEST_URI}e"
RequestHeader set INFO_REQUEST_URI "%{INFO_REQUEST_URI}e"
RequestHeader set INFO_SCRIPT_FILENAME "%{INFO_SCRIPT_FILENAME}e"
RequestHeader set INFO_SCRIPT_GROUP "%{INFO_SCRIPT_GROUP}e"
RequestHeader set INFO_SCRIPT_NAME "%{INFO_SCRIPT_NAME}e"
RequestHeader set INFO_SCRIPT_URI "%{INFO_SCRIPT_URI}e"
RequestHeader set INFO_SCRIPT_URL "%{INFO_SCRIPT_URL}e"
RequestHeader set INFO_SCRIPT_USER "%{INFO_SCRIPT_USER}e"
RequestHeader set INFO_SERVER_ADDR "%{INFO_SERVER_ADDR}e"
RequestHeader set INFO_SERVER_ADMIN "%{INFO_SERVER_ADMIN}e"
RequestHeader set INFO_SERVER_NAME "%{INFO_SERVER_NAME}e"
RequestHeader set INFO_SERVER_PORT "%{INFO_SERVER_PORT}e"
RequestHeader set INFO_SERVER_PROTOCOL "%{INFO_SERVER_PROTOCOL}e"
RequestHeader set INFO_SERVER_SIGNATURE "%{INFO_SERVER_SIGNATURE}e"
RequestHeader set INFO_SERVER_SOFTWARE "%{INFO_SERVER_SOFTWARE}e"
RequestHeader set INFO_THE_REQUEST "%{INFO_THE_REQUEST}e"
RequestHeader set INFO_TIME "%{INFO_TIME}e"
RequestHeader set INFO_TIME_DAY "%{INFO_TIME_DAY}e"
RequestHeader set INFO_TIME_HOUR "%{INFO_TIME_HOUR}e"
RequestHeader set INFO_TIME_MIN "%{INFO_TIME_MIN}e"
RequestHeader set INFO_TIME_MON "%{INFO_TIME_MON}e"
RequestHeader set INFO_TIME_SEC "%{INFO_TIME_SEC}e"
RequestHeader set INFO_TIME_WDAY "%{INFO_TIME_WDAY}e"
RequestHeader set INFO_TIME_YEAR "%{INFO_TIME_YEAR}e"
RequestHeader set INFO_TZ "%{INFO_TZ}e"
RequestHeader set INFO_UNIQUE_ID "%{INFO_UNIQUE_ID}e"
 
Options +FollowSymLinks +ExecCGI
DirectoryIndex /cgi-bin/rewrite-test/index.php
 
Header echo ^.*
 
AuthType Digest
AuthName "AskApache Pro"
AuthDigestFile /home/askapache/sites/askapache.com/.htpasswd-pro
AuthDigestDomain / http://www.askapache.com/cgi-bin/rewrite-test/ https://www.askapache.com/cgi-bin/rewrite-test/
Require user askapache
 
SetEnv MODSEC_ENABLE=On
 
SetEnvIfNoCase ^WWW-Auth "(.+)" HTTP_WWW_AUTHORIZATION=$1
SetEnvIfNoCase ^If "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Authorization$ ".+username=\"(.+)\".+" HTTP_REMOTE_USER=$1
SetEnvIfNoCase ^Content-Type$ "(.+)" HTTP_CONTENT_TYPE=$1
SetEnvIfNoCase ^Content-Length$ "(.+)" HTTP_CONTENT_LENGTH=$1
SetEnvIfNoCase Server_Addr "(.+)" SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.+)" REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.+)" REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.+)" REQUEST_URI=$1
 
ErrorDocument 100 /cgi-bin/rewrite-test/index.php?g=100
ErrorDocument 101 /cgi-bin/rewrite-test/index.php?g=101
ErrorDocument 102 /cgi-bin/rewrite-test/index.php?g=102
ErrorDocument 200 /cgi-bin/rewrite-test/index.php?g=200
ErrorDocument 201 /cgi-bin/rewrite-test/index.php?g=201
ErrorDocument 202 /cgi-bin/rewrite-test/index.php?g=202
ErrorDocument 203 /cgi-bin/rewrite-test/index.php?g=203
ErrorDocument 204 /cgi-bin/rewrite-test/index.php?g=204
ErrorDocument 205 /cgi-bin/rewrite-test/index.php?g=205
ErrorDocument 206 /cgi-bin/rewrite-test/index.php?g=206
ErrorDocument 207 /cgi-bin/rewrite-test/index.php?g=207
ErrorDocument 300 /cgi-bin/rewrite-test/index.php?g=300
ErrorDocument 301 /cgi-bin/rewrite-test/index.php?g=301
ErrorDocument 302 /cgi-bin/rewrite-test/index.php?g=302
ErrorDocument 303 /cgi-bin/rewrite-test/index.php?g=303
ErrorDocument 304 /cgi-bin/rewrite-test/index.php?g=304
ErrorDocument 305 /cgi-bin/rewrite-test/index.php?g=305
ErrorDocument 306 /cgi-bin/rewrite-test/index.php?g=306
ErrorDocument 307 /cgi-bin/rewrite-test/index.php?g=307
ErrorDocument 400 /cgi-bin/rewrite-test/index.php?g=400
ErrorDocument 401 /cgi-bin/rewrite-test/index.php?g=401
ErrorDocument 402 /cgi-bin/rewrite-test/index.php?g=402
ErrorDocument 403 /cgi-bin/rewrite-test/index.php?g=403
ErrorDocument 404 /cgi-bin/rewrite-test/index.php?g=404
ErrorDocument 405 /cgi-bin/rewrite-test/index.php?g=405
ErrorDocument 406 /cgi-bin/rewrite-test/index.php?g=406
ErrorDocument 407 /cgi-bin/rewrite-test/index.php?g=407
ErrorDocument 408 /cgi-bin/rewrite-test/index.php?g=408
ErrorDocument 409 /cgi-bin/rewrite-test/index.php?g=409
ErrorDocument 410 /cgi-bin/rewrite-test/index.php?g=410
ErrorDocument 411 /cgi-bin/rewrite-test/index.php?g=411
ErrorDocument 412 /cgi-bin/rewrite-test/index.php?g=412
ErrorDocument 413 /cgi-bin/rewrite-test/index.php?g=413
ErrorDocument 414 /cgi-bin/rewrite-test/index.php?g=414
ErrorDocument 415 /cgi-bin/rewrite-test/index.php?g=415
ErrorDocument 416 /cgi-bin/rewrite-test/index.php?g=416
ErrorDocument 417 /cgi-bin/rewrite-test/index.php?g=417
ErrorDocument 418 /cgi-bin/rewrite-test/index.php?g=418
ErrorDocument 419 /cgi-bin/rewrite-test/index.php?g=419
ErrorDocument 420 /cgi-bin/rewrite-test/index.php?g=420
ErrorDocument 421 /cgi-bin/rewrite-test/index.php?g=421
ErrorDocument 422 /cgi-bin/rewrite-test/index.php?g=422
ErrorDocument 423 /cgi-bin/rewrite-test/index.php?g=423
ErrorDocument 424 /cgi-bin/rewrite-test/index.php?g=424
ErrorDocument 425 /cgi-bin/rewrite-test/index.php?g=425
ErrorDocument 426 /cgi-bin/rewrite-test/index.php?g=426
ErrorDocument 500 /cgi-bin/rewrite-test/index.php?g=500
ErrorDocument 501 /cgi-bin/rewrite-test/index.php?g=501
ErrorDocument 502 /cgi-bin/rewrite-test/index.php?g=502
ErrorDocument 503 /cgi-bin/rewrite-test/index.php?g=503
ErrorDocument 504 /cgi-bin/rewrite-test/index.php?g=504
ErrorDocument 505 /cgi-bin/rewrite-test/index.php?g=505
ErrorDocument 506 /cgi-bin/rewrite-test/index.php?g=506
ErrorDocument 507 /cgi-bin/rewrite-test/index.php?g=507
ErrorDocument 508 /cgi-bin/rewrite-test/index.php?g=508
ErrorDocument 509 /cgi-bin/rewrite-test/index.php?g=509
ErrorDocument 510 /cgi-bin/rewrite-test/index.php?g=510
 
RewriteEngine On
RewriteBase /
 
RewriteRule .* - [E=IN_AUTH_TYPE:%{AUTH_TYPE}]
RewriteRule .* - [E=IN_CONTENT_LENGTH:%{CONTENT_LENGTH}]
RewriteRule .* - [E=IN_CONTENT_TYPE:%{CONTENT_TYPE}]
RewriteRule .* - [E=IN_DATE_GMT:%{DATE_GMT}]
RewriteRule .* - [E=IN_DATE_LOCAL:%{DATE_LOCAL}]
RewriteRule .* - [E=IN_DOCUMENT_NAME:%{DOCUMENT_NAME}]
RewriteRule .* - [E=IN_DOCUMENT_PATH_INFO:%{DOCUMENT_PATH_INFO}]
RewriteRule .* - [E=IN_DOCUMENT_ROOT:%{DOCUMENT_ROOT}]
RewriteRule .* - [E=IN_DOCUMENT_URI:%{DOCUMENT_URI}]
RewriteRule .* - [E=IN_GATEWAY_INTERFACE:%{GATEWAY_INTERFACE}]
RewriteRule .* - [E=IN_LAST_MODIFIED:%{LAST_MODIFIED}]
RewriteRule .* - [E=IN_PATH_INFO:%{PATH_INFO}]
RewriteRule .* - [E=IN_PATH_TRANSLATED:%{PATH_TRANSLATED}]
RewriteRule .* - [E=IN_QUERY_STRING:%{QUERY_STRING}]
RewriteRule .* - [E=IN_QUERY_STRING_UNESCAPED:%{QUERY_STRING_UNESCAPED}]
RewriteRule .* - [E=IN_REMOTE_ADDR:%{REMOTE_ADDR}]
RewriteRule .* - [E=IN_REMOTE_HOST:%{REMOTE_HOST}]
RewriteRule .* - [E=IN_REMOTE_IDENT:%{REMOTE_IDENT}]
RewriteRule .* - [E=IN_REMOTE_PORT:%{REMOTE_PORT}]
RewriteRule .* - [E=IN_REMOTE_USER:%{REMOTE_USER}]
RewriteRule .* - [E=IN_REDIRECT_HANDLER:%{REDIRECT_HANDLER}]
RewriteRule .* - [E=IN_REDIRECT_QUERY_STRING:%{REDIRECT_QUERY_STRING}]
RewriteRule .* - [E=IN_REDIRECT_REMOTE_USER:%{REDIRECT_REMOTE_USER}]
RewriteRule .* - [E=IN_REDIRECT_STATUS:%{REDIRECT_STATUS}]
RewriteRule .* - [E=IN_REDIRECT_URL:%{REDIRECT_URL}]
RewriteRule .* - [E=IN_REQUEST_METHOD:%{REQUEST_METHOD}]
RewriteRule .* - [E=IN_REQUEST_URI:%{REQUEST_URI}]
RewriteRule .* - [E=IN_SCRIPT_FILENAME:%{SCRIPT_FILENAME}]
RewriteRule .* - [E=IN_SCRIPT_NAME:%{SCRIPT_NAME}]
RewriteRule .* - [E=IN_SERVER_ADMIN:%{SERVER_ADMIN}]
RewriteRule .* - [E=IN_SERVER_NAME:%{SERVER_NAME}]
RewriteRule .* - [E=IN_SERVER_ADDR:%{SERVER_ADDR}]
RewriteRule .* - [E=IN_SERVER_PORT:%{SERVER_PORT}]
RewriteRule .* - [E=IN_SERVER_PROTOCOL:%{SERVER_PROTOCOL}]
RewriteRule .* - [E=IN_SERVER_SIGNATURE:%{SERVER_SIGNATURE}]
RewriteRule .* - [E=IN_SERVER_SOFTWARE:%{SERVER_SOFTWARE}]
RewriteRule .* - [E=IN_USER_NAME:%{USER_NAME}]
RewriteRule .* - [E=IN_TZ:%{TZ}]
RewriteRule .* - [E=IN_API_VERSION:%{API_VERSION}]
RewriteRule .* - [E=IN_HTTPS:%{HTTPS}]
RewriteRule .* - [E=IN_HTTP_ACCEPT:%{HTTP_ACCEPT}]
RewriteRule .* - [E=IN_HTTP_ACCEPT_CHARSET:%{HTTP_ACCEPT_CHARSET}]
RewriteRule .* - [E=IN_HTTP_ACCEPT_ENCODING:%{HTTP_ACCEPT_ENCODING}]
RewriteRule .* - [E=IN_HTTP_ACCEPT_LANGUAGE:%{HTTP_ACCEPT_LANGUAGE}]
RewriteRule .* - [E=IN_HTTP_CACHE_CONTROL:%{HTTP_CACHE_CONTROL}]
RewriteRule .* - [E=IN_HTTP_CONNECTION:%{HTTP_CONNECTION}]
RewriteRule .* - [E=IN_HTTP_COOKIE:%{HTTP_COOKIE}]
RewriteRule .* - [E=IN_HTTP_FORWARDED:%{HTTP_FORWARDED}]
RewriteRule .* - [E=IN_HTTP_HOST:%{HTTP_HOST}]
RewriteRule .* - [E=IN_HTTP_KEEP_ALIVE:%{HTTP_KEEP_ALIVE}]
RewriteRule .* - [E=IN_HTTP_PROXY_CONNECTION:%{HTTP_PROXY_CONNECTION}]
RewriteRule .* - [E=IN_HTTP_REFERER:%{HTTP_REFERER}]
RewriteRule .* - [E=IN_HTTP_USER_AGENT:%{HTTP_USER_AGENT}]
RewriteRule .* - [E=IN_IS_SUBREQ:%{IS_SUBREQ}]
RewriteRule .* - [E=IN_ORIG_PATH_INFO:%{ORIG_PATH_INFO}]
RewriteRule .* - [E=IN_ORIG_PATH_TRANSLATED:%{ORIG_PATH_TRANSLATED}]
RewriteRule .* - [E=IN_ORIG_SCRIPT_FILENAME:%{ORIG_SCRIPT_FILENAME}]
RewriteRule .* - [E=IN_ORIG_SCRIPT_NAME:%{ORIG_SCRIPT_NAME}]
RewriteRule .* - [E=IN_PATH:%{PATH}]
RewriteRule .* - [E=IN_PHP_SELF:%{PHP_SELF}]
RewriteRule .* - [E=IN_REQUEST_FILENAME:%{REQUEST_FILENAME}]
RewriteRule .* - [E=IN_REQUEST_TIME:%{REQUEST_TIME}]
RewriteRule .* - [E=IN_SCRIPT_GROUP:%{SCRIPT_GROUP}]
RewriteRule .* - [E=IN_SCRIPT_USER:%{SCRIPT_USER}]
RewriteRule .* - [E=IN_THE_REQUEST:%{THE_REQUEST}]
RewriteRule .* - [E=IN_TIME:%{TIME}]
RewriteRule .* - [E=IN_TIME_DAY:%{TIME_DAY}]
RewriteRule .* - [E=IN_TIME_HOUR:%{TIME_HOUR}]
RewriteRule .* - [E=IN_TIME_MIN:%{TIME_MIN}]
RewriteRule .* - [E=IN_TIME_MON:%{TIME_MON}]
RewriteRule .* - [E=IN_TIME_SEC:%{TIME_SEC}]
RewriteRule .* - [E=IN_TIME_WDAY:%{TIME_WDAY}]
RewriteRule .* - [E=IN_TIME_YEAR:%{TIME_YEAR}]
RewriteRule .* - [E=IN_PATH:%{PATH}]
RewriteRule .* - [E=IN_SCRIPT_URI:%{SCRIPT_URI}]
RewriteRule .* - [E=IN_SCRIPT_URL:%{SCRIPT_URL}]
RewriteRule .* - [E=IN_UNIQUE_ID:%{UNIQUE_ID}]
 
RewriteRule .* - [E=ENV_PATH:%{ENV:PATH}]
RewriteRule .* - [E=ENV_SCRIPT_URI:%{ENV:SCRIPT_URI}]
RewriteRule .* - [E=ENV_SCRIPT_URL:%{ENV:SCRIPT_URL}]
RewriteRule .* - [E=ENV_UNIQUE_ID:%{ENV:UNIQUE_ID}]
 
RequestHeader set AUTH_TYPE "%{IN_AUTH_TYPE}e"
RequestHeader set CONTENT_LENGTH "%{IN_CONTENT_LENGTH}e"
RequestHeader set CONTENT_TYPE "%{IN_CONTENT_TYPE}e"
RequestHeader set DATE_GMT "%{IN_DATE_GMT}e"
RequestHeader set DATE_LOCAL "%{IN_DATE_LOCAL}e"
RequestHeader set DOCUMENT_NAME "%{IN_DOCUMENT_NAME}e"
RequestHeader set DOCUMENT_PATH_INFO "%{IN_DOCUMENT_PATH_INFO}e"
RequestHeader set DOCUMENT_ROOT "%{IN_DOCUMENT_ROOT}e"
RequestHeader set DOCUMENT_URI "%{IN_DOCUMENT_URI}e"
RequestHeader set GATEWAY_INTERFACE "%{IN_GATEWAY_INTERFACE}e"
RequestHeader set LAST_MODIFIED "%{IN_LAST_MODIFIED}e"
RequestHeader set PATH_INFO "%{IN_PATH_INFO}e"
RequestHeader set PATH_TRANSLATED "%{IN_PATH_TRANSLATED}e"
RequestHeader set QUERY_STRING "%{IN_QUERY_STRING}e"
RequestHeader set QUERY_STRING_UNESCAPED "%{IN_QUERY_STRING_UNESCAPED}e"
RequestHeader set REMOTE_ADDR "%{IN_REMOTE_ADDR}e"
RequestHeader set REMOTE_HOST "%{IN_REMOTE_HOST}e"
RequestHeader set REMOTE_IDENT "%{IN_REMOTE_IDENT}e"
RequestHeader set REMOTE_PORT "%{IN_REMOTE_PORT}e"
RequestHeader set REMOTE_USER "%{IN_REMOTE_USER}e"
RequestHeader set REDIRECT_HANDLER "%{IN_REDIRECT_HANDLER}e"
RequestHeader set REDIRECT_QUERY_STRING "%{IN_REDIRECT_QUERY_STRING}e"
RequestHeader set REDIRECT_REMOTE_USER "%{IN_REDIRECT_REMOTE_USER}e"
RequestHeader set REDIRECT_STATUS "%{IN_REDIRECT_STATUS}e"
RequestHeader set REDIRECT_URL "%{IN_REDIRECT_URL}e"
RequestHeader set REQUEST_METHOD "%{IN_REQUEST_METHOD}e"
RequestHeader set REQUEST_URI "%{IN_REQUEST_URI}e"
RequestHeader set SCRIPT_FILENAME "%{IN_SCRIPT_FILENAME}e"
RequestHeader set SCRIPT_NAME "%{IN_SCRIPT_NAME}e"
RequestHeader set SCRIPT_URI "%{IN_SCRIPT_URI}e"
RequestHeader set SCRIPT_URL "%{IN_SCRIPT_URL}e"
RequestHeader set SERVER_ADMIN "%{IN_SERVER_ADMIN}e"
RequestHeader set SERVER_NAME "%{IN_SERVER_NAME}e"
RequestHeader set SERVER_ADDR "%{IN_SERVER_ADDR}e"
RequestHeader set SERVER_PORT "%{IN_SERVER_PORT}e"
RequestHeader set SERVER_PROTOCOL "%{IN_SERVER_PROTOCOL}e"
RequestHeader set SERVER_SIGNATURE "%{IN_SERVER_SIGNATURE}e"
RequestHeader set SERVER_SOFTWARE "%{IN_SERVER_SOFTWARE}e"
RequestHeader set UNIQUE_ID "%{IN_UNIQUE_ID}e"
RequestHeader set USER_NAME "%{IN_USER_NAME}e"
RequestHeader set TZ "%{IN_TZ}e"
RequestHeader set API_VERSION "%{IN_API_VERSION}e"
RequestHeader set HTTPS "%{IN_HTTPS}e"
RequestHeader set HTTP_ACCEPT "%{IN_HTTP_ACCEPT}e"
RequestHeader set HTTP_ACCEPT_CHARSET "%{IN_HTTP_ACCEPT_CHARSET}e"
RequestHeader set HTTP_ACCEPT_ENCODING "%{IN_HTTP_ACCEPT_ENCODING}e"
RequestHeader set HTTP_ACCEPT_LANGUAGE "%{IN_HTTP_ACCEPT_LANGUAGE}e"
RequestHeader set HTTP_CACHE_CONTROL "%{IN_HTTP_CACHE_CONTROL}e"
RequestHeader set HTTP_CONNECTION "%{IN_HTTP_CONNECTION}e"
RequestHeader set HTTP_COOKIE "%{IN_HTTP_COOKIE}e"
RequestHeader set HTTP_FORWARDED "%{IN_HTTP_FORWARDED}e"
RequestHeader set HTTP_HOST "%{IN_HTTP_HOST}e"
RequestHeader set HTTP_KEEP_ALIVE "%{IN_HTTP_KEEP_ALIVE}e"
RequestHeader set HTTP_PROXY_CONNECTION "%{IN_HTTP_PROXY_CONNECTION}e"
RequestHeader set HTTP_REFERER "%{IN_HTTP_REFERER}e"
RequestHeader set HTTP_USER_AGENT "%{IN_HTTP_USER_AGENT}e"
RequestHeader set IS_SUBREQ "%{IN_IS_SUBREQ}e"
RequestHeader set ORIG_PATH_INFO "%{IN_ORIG_PATH_INFO}e"
RequestHeader set ORIG_PATH_TRANSLATED "%{IN_ORIG_PATH_TRANSLATED}e"
RequestHeader set ORIG_SCRIPT_FILENAME "%{IN_ORIG_SCRIPT_FILENAME}e"
RequestHeader set ORIG_SCRIPT_NAME "%{IN_ORIG_SCRIPT_NAME}e"
RequestHeader set PATH "%{IN_PATH}e"
RequestHeader set PHP_SELF "%{IN_PHP_SELF}e"
RequestHeader set REQUEST_FILENAME "%{IN_REQUEST_FILENAME}e"
RequestHeader set REQUEST_TIME "%{IN_REQUEST_TIME}e"
RequestHeader set SCRIPT_GROUP "%{IN_SCRIPT_GROUP}e"
RequestHeader set SCRIPT_USER "%{IN_SCRIPT_USER}e"
RequestHeader set THE_REQUEST "%{IN_THE_REQUEST}e"
RequestHeader set TIME "%{IN_TIME}e"
RequestHeader set TIME_DAY "%{IN_TIME_DAY}e"
RequestHeader set TIME_HOUR "%{IN_TIME_HOUR}e"
RequestHeader set TIME_MIN "%{IN_TIME_MIN}e"
RequestHeader set TIME_MON "%{IN_TIME_MON}e"
RequestHeader set TIME_SEC "%{IN_TIME_SEC}e"
RequestHeader set TIME_WDAY "%{IN_TIME_WDAY}e"
RequestHeader set TIME_YEAR "%{IN_TIME_YEAR}e"
 
SetEnvIfNoCase ^WWW-Auth "(.+)" HTTP_WWW_AUTHORIZATION=$1
SetEnvIfNoCase ^If "(.+)" HTTP_IF_MODIFIED_SINCE=$1
SetEnvIfNoCase ^If-None-Match$ "(.+)" HTTP_IF_NONE_MATCH=$1
SetEnvIfNoCase ^Cache-Control$ "(.+)" HTTP_CACHE_CONTROL=$1
SetEnvIfNoCase ^Connection$ "(.+)" HTTP_CONNECTION=$1
SetEnvIfNoCase ^Keep-Alive$ "(.+)" HTTP_KEEP_ALIVE=$1
SetEnvIfNoCase ^Authorization$ "(.+)" HTTP_AUTHORIZATION=$1
SetEnvIfNoCase ^Content-Type$ "(.+)" HTTP_CONTENT_TYPE=$1
SetEnvIfNoCase ^Content-Length$ "(.+)" HTTP_CONTENT_LENGTH=$1
SetEnvIfNoCase ^Authorization$ ".+username=\"([a-zA-Z0-9]+)\".+" REMOTE_USER=$1
SetEnvIfNoCase Server_Addr "(.+)" SERVER_ADDR=$1
SetEnvIfNoCase Request_Method "(.+)" REQUEST_METHOD=$1
SetEnvIfNoCase Request_Protocol "(.+)" REQUEST_PROTOCOL=$1
SetEnvIfNoCase Request_URI "(.+)" REQUEST_URI=$1
 
RequestHeader set IF_MODIFIED_SINCE "%{HTTP_IF_MODIFIED_SINCE}e"
RequestHeader set IF_NONE_MATCH "%{HTTP_IF_NONE_MATCH}e"
RequestHeader set CACHE_CONTROL "%{HTTP_CACHE_CONTROL}e"
RequestHeader set CONNECTION "%{HTTP_CONNECTION}e"
RequestHeader set KEEP_ALIVE "%{HTTP_KEEP_ALIVE}e"
RequestHeader set AUTHORIZATION "%{HTTP_AUTHORIZATION}e"
RequestHeader set REMOTE_USER "%{REMOTE_USER}e"
RequestHeader set CONTENT_TYPE "%{HTTP_CONTENT_TYPE}e"
RequestHeader set CONTENT_LENGTH "%{HTTP_CONTENT_LENGTH}e"
RequestHeader set SERVER_ADDR "%{SERVER_ADDR}e"
RequestHeader set REQUEST_METHOD "%{REQUEST_METHOD}e"
RequestHeader set REQUEST_PROTOCOL "%{REQUEST_PROTOCOL}e"
RequestHeader set REQUEST_URI "%{REQUEST_URI}e"
 
RequestHeader set UNIQUE_ID "%{ENV_UNIQUE_ID}e"
RequestHeader set SCRIPT_URL "%{ENV_SCRIPT_URL}e"
RequestHeader set SCRIPT_URI "%{ENV_SCRIPT_URI}e"
RequestHeader set PATH "%{ENV_PATH}e"
 
Options +ExecCGI +FollowSymLinks
 
Order Deny,Allow
Deny from All
Allow from 208.113.134.190  64.111.114.111 208.113.134.203 208.113.152.201 env=REDIRECT_STATUS
Satisfy Any
 
SecFilterEngine Off

More Mod_Security (1)

#
# Order Deny,Allow
# First, all Allow directives are evaluated; at least one must match, or the request is rejected.
# Next, all Deny directives are evaluated. If any matches, the request is rejected.
# Last, any requests which do not match an Allow or a Deny directive are denied by default.
#
Order Allow,Deny
Allow from all
Deny from 217.219.
 
#Order Deny,Allow
# First, all Deny directives are evaluated; if any match, the request is denied unless it also matches an Allow directive.
# Any requests which do not match any Allow or Deny directives are permitted.
 
#SetEnvIf content-type (multipart/form-data)(.*) NEW_CONTENT_TYPE=application/x-www-form-urlencoded$2 OLD_CONTENT_TYPE=$1$2
#RequestHeader set content-type %{NEW_CONTENT_TYPE}e env=NEW_CONTENT_TYPE
SetEnvIfNoCase Content-Type "^multipart/form-data" !MODSEC_NOPOSTBUFFERING
SetEnvIfNoCase Content-Type "^application/x-www-form-urlencoded" !MODSEC_NOPOSTBUFFERING
SetEnv suppress-error-charset
SetEnvIfNoCase Content-Type "^multipart/form-data" !MODSEC_NOPOSTBUFFERING
 
SetEnvIf Request_URI "^/(cgi-bin/search\.php|cgi-bin/java\.cgi|wp-admin/.*)" MODSEC_ENABLE=Off
SetEnvIf Request_URI "^/(online-tools/js-compress.*)" "MODSEC_NOPOSTBUFFERING=Do not buffer file uploads"
SetEnvIfNoCase Remote_Addr ^208\.113\.134\.190$ MODSEC_ENABLE=Off
SetEnvIfNoCase Remote_Addr ^64\.111\.114\.111$ MODSEC_ENABLE=Off
 
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# TZ: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv TZ America/Indianapolis
 
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv SERVER_ADMIN webmaster@askapache.com
 
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off
 
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
Options -Indexes -Includes -ExecCGI -MultiViews
 
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.php
 
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
Action php5-cgi /bin/php.cgi
 
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler php5-cgi .php .inc
 
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddDefaultCharset UTF-8
 
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#
AddType 'application/rdf+xml; charset=UTF-8' .rdf
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml.gz
AddType 'text/html; charset=UTF-8' .html
AddType 'text/html; charset=UTF-8' .html.gz
AddType application/octet-stream .rar .chm .bz2 .tgz .msi .pdf .exe
AddType application/vnd.ms-excel .csv
AddType application/x-httpd-php-source .phps
AddType application/x-pilot .prc .pdb
AddType application/x-shockwave-flash .swf
AddType application/xrds+xml .xrdf
AddType text/plain .ini .sh .bsh .bash .awk .nawk .gawk .csh .var .c .in .h .asc .md5 .sha .sha1
AddType video/x-flv .flv
 
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
 
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/html

Error Documents

#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
#100 Continue
#101 Switching Protocols
#102 Processing
#200 OK
#201 Created
#202 Accepted
#203 Non-Authoritative Information
#204 No Content
#205 Reset Content
#206 Partial Content
#207 Multi-Status
#300 Multiple Choices
#301 Moved Permanently
#302 Found
#303 See Other
#304 Not Modified
#305 Use Proxy
#306 unused
#307 Temporary Redirect
#400 Bad Request
#401 Authorization Required
#402 Payment Required
#403 Forbidden
#404 Not Found
#405 Method Not Allowed
#406 Not Acceptable
#407 Proxy Authentication Required
#408 Request Time-out
#409 Conflict
#410 Gone
#411 Length Required
#412 Precondition Failed
#413 Request Entity Too Large
#414 Request-URI Too Large
#415 Unsupported Media Type
#416 Requested Range Not Satisfiable
#417 Expectation Failed
#418 unused
#419 unused
#420 unused
#421 unused
#422 Unprocessable Entity
#423 Locked
#424 Failed Dependency
#425 No code
#426 Upgrade Required
#500 Internal Server Error
#501 Method Not Implemented
#502 Bad Gateway
#503 Service Temporarily Unavailable
#504 Gateway Time-out
#505 HTTP Version Not Supported
#506 Variant Also Negotiates
#507 Insufficient Storage
#508 unused
#509 unused
#510 Not Extended
 
#ErrorDocument 100 /e/100_CONTINUE.html
#ErrorDocument 101 /e/101_SWITCHING_PROTOCOLS.html
#ErrorDocument 102 /e/102_PROCESSING.html
 
#ErrorDocument 200 /e/200_OK.html
#ErrorDocument 201 /e/201_CREATED.html
#ErrorDocument 202 /e/202_ACCEPTED.html
#ErrorDocument 203 /e/203_NON_AUTHORITATIVE.html
#ErrorDocument 204 /e/204_NO_CONTENT.html
#ErrorDocument 205 /e/205_RESET_CONTENT.html
#ErrorDocument 206 /e/206_PARTIAL_CONTENT.html
#ErrorDocument 207 /e/207_MULTI_STATUS.html
 
#ErrorDocument 300 /e/300_MULTIPLE_CHOICES.html
#ErrorDocument 301 /e/301_MOVED_PERMANENTLY.html
#ErrorDocument 302 /e/302_MOVED_TEMPORARILY.html
#ErrorDocument 303 /e/303_SEE_OTHER.html
#ErrorDocument 304 /e/304_NOT_MODIFIED.html
#ErrorDocument 305 /e/305_USE_PROXY.html
#ErrorDocument 307 /e/307_TEMPORARY_REDIRECT.html
 
ErrorDocument 400 /e/400_BAD_REQUEST.html
ErrorDocument 401 /e/401_UNAUTHORIZED.html
ErrorDocument 402 /e/402_PAYMENT_REQUIRED.html
ErrorDocument 403 /e/403_FORBIDDEN.html
#ErrorDocument 404 /e/404_NOT_FOUND.html
ErrorDocument 404 /index.php?error=404
ErrorDocument 405 /e/405_METHOD_NOT_ALLOWED.html
ErrorDocument 406 /e/406_NOT_ACCEPTABLE.html
ErrorDocument 407 /e/407_PROXY_AUTHENTICATION_REQUIRED.html
ErrorDocument 408 /e/408_REQUEST_TIME_OUT.html
ErrorDocument 409 /e/409_CONFLICT.html
ErrorDocument 410 /e/410_GONE.html
ErrorDocument 411 /e/411_LENGTH_REQUIRED.html
ErrorDocument 412 /e/412_PRECONDITION_FAILED.html
ErrorDocument 413 /e/413_REQUEST_ENTITY_TOO_LARGE.html
ErrorDocument 414 /e/414_REQUEST_URI_TOO_LARGE.html
ErrorDocument 415 /e/415_UNSUPPORTED_MEDIA_TYPE.html
ErrorDocument 416 /e/416_RANGE_NOT_SATISFIABLE.html
ErrorDocument 417 /e/417_EXPECTATION_FAILED.html
ErrorDocument 422 /e/422_UNPROCESSABLE_ENTITY.html
ErrorDocument 423 /e/423_LOCKED.html
ErrorDocument 424 /e/424_FAILED_DEPENDENCY.html
ErrorDocument 426 /e/426_UPGRADE_REQUIRED.html
ErrorDocument 500 /e/500_INTERNAL_SERVER_ERROR.html
ErrorDocument 501 /e/501_NOT_IMPLEMENTED.html
ErrorDocument 502 /e/502_BAD_GATEWAY.html
ErrorDocument 503 /e/503_SERVICE_UNAVAILABLE.html
ErrorDocument 504 /e/504_GATEWAY_TIME_OUT.html
ErrorDocument 505 /e/505_VERSION_NOT_SUPPORTED.html
ErrorDocument 506 /e/506_VARIANT_ALSO_VARIES.html
ErrorDocument 507 /e/507_INSUFFICIENT_STORAGE.html
ErrorDocument 510 /e/510_NOT_EXTENDED.html

Caching

#
#  HEADERS and CACHING
#
Header unset Pragma
FileETag None
Header unset ETag
 
# 1 YEAR
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header unset P3P
Header unset Pragma
FileETag None
Header unset ETag
Header set Cache-Control "public,max-age=29030400"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
Header unset Last-Modified
</filesMatch>
 
# 2 HOURS
<filesMatch "\.(html|htm|xml|txt|xsl|rdf|rss)$">
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault A3600
</ifModule>
</filesMatch>

Redirect Hack

#Redirect 400 /e/400
#Redirect 401 /e/401
#Redirect 402 /e/402
#Redirect 403 /e/403
Redirect 404 /index.php?error=404
#Redirect 405 /e/405
#Redirect 406 /e/406
#Redirect 407 /e/407
#Redirect 408 /e/408
#Redirect 409 /e/409
#Redirect 410 /e/410
#Redirect 411 /e/411
#Redirect 412 /e/412
#Redirect 413 /e/413
#Redirect 414 /e/414
#Redirect 415 /e/415
#Redirect 416 /e/416
#Redirect 417 /e/417
#Redirect 418 /e/418
#Redirect 419 /e/419
#Redirect 420 /e/420
#Redirect 421 /e/421
#Redirect 422 /e/422
#Redirect 423 /e/423
#Redirect 424 /e/424
#Redirect 425 /e/425
#Redirect 426 /e/426
#Redirect 500 /e/500
#Redirect 501 /e/501
#Redirect 502 /e/502
#Redirect 503 /e/503
#Redirect 504 /e/504
#Redirect 505 /e/505
#Redirect 506 /e/506
#Redirect 507 /e/507
#Redirect 508 /e/508
#Redirect 509 /e/509
#Redirect 510 /e/510

301 PERMANENT REDIRECTS

#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
#
Redirect 301 /12-lessons-for-those-afraid-of-css.html http://www.askapache.com/css/12-lessons-for-those-afraid-of-css.html
Redirect 301 /2006/htaccess/htaccesselite-ultimate-htaccess-article.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /2007/phpbb/sending-post-form-data-with-php-curl.html http://www.askapache.com/htaccess/sending-post-form-data-with-php-curl.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/php-and-ajax-shell-console.html http://www.askapache.com/tools/php-and-ajax-shell-console.html
Redirect 301 /27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html http://www.askapache.com/htaccess/27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html
Redirect 301 /404-google-wordpress-plugin.html http://www.askapache.com/seo/404-google-wordpress-plugin.html
Redirect 301 /503-service-temporarily-unavailable.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /Overview-about.rdf http://www.askapache.com/askapache-home.rdf
Redirect 301 /abbr-acronym.html http://www.askapache.com/xhtml/abbr-acronym.html
Redirect 301 /adsense-robots.html http://www.askapache.com/google/adsense-robots.html
Redirect 301 /alexa-toolbar-firefox.html http://www.askapache.com/tools/alexa-toolbar-firefox.html
Redirect 301 /allowing-access-from-1-static-ip-and-deny-the-rest.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /anti-virus-spyware-rootkit.html http://www.askapache.com/security/anti-virus-spyware-rootkit.html
Redirect 301 /apache-ssl-in-htaccess-examples.html http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
Redirect 301 /awk-tutorial.html http://www.askapache.com/awk/awk-tutorial.html
Redirect 301 /best-adsense-optimization.html http://www.askapache.com/wordpress/best-adsense-optimization.html
Redirect 301 /commonly-used-htaccess-code-examples.html http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html
Redirect 301 /css-background-image-sprite.html http://www.askapache.com/css/css-background-image-sprite.html
Redirect 301 /css-browser-screenshots.html http://www.askapache.com/tools/css-browser-screenshots.html
Redirect 301 /css-class-example.html http://www.askapache.com/css/css-class-example.html
Redirect 301 /curl-multi-downloads.html http://www.askapache.com/php/curl-multi-downloads.html
Redirect 301 /custom-boot-menu-in-windows-xp.html http://www.askapache.com/windows/custom-boot-menu-in-windows-xp.html
Redirect 301 /donate http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /donate/ http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /htaccess.txt http://z.askapache.com/p/htaccess.txt
Redirect 301 /htaccess/404-errorpages.html http://www.askapache.com/seo/google-ajax-search-seo-tips.html
Redirect 301 /htaccess/feedsmith http://www.askapache.com/htaccess/feedsmith-htaccess.html
Redirect 301 /htaccess/http-status-codes.html http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
Redirect 301 /htaccess/instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /htaccess/speed-up-the-apache-web-server-with-configuration-hacks.html http://www.askapache.com/htaccess/apache-web-server-speed-configuration-hacks.html
Redirect 301 /instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /security/bypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/bypassing-vlanbypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/rigging-the-dreamhost-site-of-the-month-contest.html http://www.askapache.com/dreamhost/rigging-the-dreamhost-site-of-the-month-contest.html
Redirect 301 /seo/tailrankcom-robot.html http://www.askapache.com/seo/tailrank-robot.html
Redirect 301 /webmaster/caching-tutorial-for-webmasters.html http://www.askapache.com/htaccess/caching-tutorial-for-webmasters.html
Redirect 301 /webmaster/lft-traceroute-tool.html http://www.askapache.com/tools/lft-traceroute-tool.html

301 PERMANENT REDIRECTMATCH

#
#  PERMANENT REDIRECTMATCH
#
#RedirectMatch 301 ^/&(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/(.+)\.html/$ http://www.askapache.com/$1.html
RedirectMatch 301 ^/&amp(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/.*feed\.gif$ http://z.askapache.com/feed.gif
RedirectMatch 301 ^/([^/]+)//$ http://www.askapache.com/$1/
RedirectMatch 301 ^/(.+)/htaccesselite-ultimate-htaccess-article.html(.*) http://www.askapache.com/htaccess/apache-htaccess.html
RedirectMatch 301 ^/(.+)\.html/([a-z][a-z])/$ http://www.askapache.com/$1.html
RedirectMatch 301 ^/([\(]+)(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/([^9]*)9O1X.3y(.*)/(.*)$ http://www.askapache.com/$2
RedirectMatch 301 ^/.3y(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/200([0-9])/([0-9])(.*)$ http://www.askapache.com/top-100/
RedirectMatch 301 ^/200([0-9])/([^01])(.*)$ http://www.askapache.com/$2$3
RedirectMatch 301 ^/about/glossary(.*)$ http://www.askapache.com/glossary$1
RedirectMatch 301 ^/apache-speed(.*)$ http://www.askapache.com/htaccess/apache-speed$1
RedirectMatch 301 ^/category/(.+)$ http://www.askapache.com/$1
RedirectMatch 301 ^/docs/(.*)$ http://askapache.info/$1
RedirectMatch 301 ^/htaccess/feedsmith-htaccess(.*) http://www.askapache.com/htaccess/redirecting-wordpress-feeds-to-feedburner.html
RedirectMatch 301 ^/robots-txt(.*)$ http://www.askapache.com/robots.txt
RedirectMatch 301 ^/hosting/?$ http://www.askapache.com/hosting/
RedirectMatch 301 ^/.+favicon.ico$ http://www.askapache.com/favicon.ico
#RedirectMatch 301 ^/wp-content/uploads/(.*)$ http://z.askapache.com/uploads/$1
#RedirectMatch 301 ^/z/(.+)$ http://z.askapache.com/$1
#RedirectMatch 301 ^/(z|t|i|j|c|p)/(.*)$ http://z.askapache.com/$1/$2
 
#
#  TEMPORARY REDIRECTMATCH
#
RedirectMatch 307 ^/getflash/?$ http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
RedirectMatch 307 ^/dream/?$ http://www.askapache.com/dreamhost/
RedirectMatch 307 ^/(cse|apachecse|apachecsetest|apachesearch)/?$ http://www.google.com/coop/cse?cx=002660089121042511758%3Akk7rwc2gx0i
RedirectMatch 307 ^/search/lr-lang(.*)$ http://feeds.askapache.com/apache/htaccess
 
#
#  PERMANENT GONE
#
RedirectMatch 410 ^/funny(.*)

My Favorite modsec_v1 stuff

# Pass: Allows request to continue, further filters could still halt request.
# Allow: Allows matching requests through, will not be tested against other filters.
# Deny: Stops the request outright, returns a HTTP 500 error code by default.
# Status: Used to specify an alternate HTTP error code.
# Redirect: Matching requests are redirected to the provided URL.
# Exec: Allows execution of a local system binary or script.
# Log: Logs request only.
# Nolog: Does not log request.
# Chain: Allows you to create list of filters for more granulated security. All filters must be cleared before action is taken with the final filter.
 
SecFilterEngine On
SecFilterCheckURLEncoding On
SecFilterCheckUnicodeEncoding Off
SecFilterScanPOST On
 
#SecUploadKeepFiles On
#SecUploadDir /home/askapache/sites/askapache.com/logs/sec-upload
#SecUploadApproveScript /home/askapache/sites/askapache.com/htdocs/cgi-bin/check.sh
 
#SecRuleEngine On
#SecAuditEngine On
#SecAuditEngine Off
SecAuditEngine RelevantOnly
SecAuditLog /home/askapache/sites/askapache.com/logs/modsec_audit.log
SecFilterDebugLog /home/askapache/sites/askapache.com/logs/modsec_debug.log
SecFilterDebugLevel 1
#SecAuditLogRelevantStatus "^(?:1|2(?!00)|5|4(?!04))"
SecAuditLogRelevantStatus "^(1|2(?!00)|4([0-9](0|1|2|5|6|7|8|9))|5)"
SecFilterForceByteRange 1 255
 
#SecFilterInheritance Off
# 0 EMERGENCY - system is unusable
# 1 ALERT - action must be taken immediately
# 2 CRITICAL - critical conditions
# 3 ERROR - error conditions
# 4 WARNING - warning conditions
# 5 NOTICE - normal but significant conditions
# 6 INFO - informational
# 7 DEBUG - debug-level messages
 
SecFilterDefaultAction "deny,severity:6,status:403"
 
#SecFilterSelective REQUEST_METHOD "POST" "pass,auditlog,severity:6"
SecFilterSelective REQUEST_URI "^/(xmlrpc|wp-comments-post)\.php" "pass,log,auditlog,severity:6"
#SecFilterSelective REMOTE_ADDR ^$ "pass,log,auditlog,severity:6"
#SecFilterSelective REMOTE_ADDR ^203\.221\.91\.20$ "pass,log,auditlog,severity:6"
 
#SecFilterSelective REQUEST_URI "^/htaccess.*" "pass,log,auditlog"
#SecFilterSelective REQUEST_URI "^/feed.*" "pass,log,auditlog"
#SecFilterSelective REQUEST_URI "^/.*trackback.*" "pass,log,auditlog"
#SecFilterSelective REQUEST_URI "^/valid.*" "pass,log,auditlog"
 
#Enforce proper HTTP requests
SecFilterSelective SERVER_PROTOCOL "!^HTTP/(0\.9|1\.0|1\.1)$" "id:340000,rev:1,severity:6,msg:'Bad HTTP Protocol'"
 
# Only accept request encodings we know how to handle
SecFilterSelective REQUEST_METHOD "!^(GET|HEAD|POST)$" "chain,id:340001,rev:1,severity:6,msg:'Restricted HTTP function,status:405'"
SecFilterSelective HTTP_Content-Type "!(^$|^application/x-www-form-urlencoded$|^multipart/form-data)"
 
# Require Content-Length to be provided with every POST request
SecFilterSelective REQUEST_METHOD "^POST$" "chain,id:340003,rev:1,severity:6,msg:'Content Length not provided with POST',status:411"
SecFilterSelective HTTP_Content-Length "^$"
 
# Don't accept transfer encodings we know we don't handle
# (and you don't need it anyway)
SecFilterSelective HTTP_Transfer-Encoding "!^$" "id:340004,rev:1,severity:6,msg:'Dis-allowed Transfer Encoding'"
 
#Generic rule for allowed characters, adjust for your site before activating
##SecFilterSelective REQUEST_URI "!^[a-zA-Z0-9\.\+\_\/\-\?\=\&\%\#]+$" "chain,id:390002,rev:1,severity:4,msg:'Restricted HTTP character set'"
##SecFilterSelective REQUEST_URI "!^/(openid|wp-admin|wp-includes|wp-content|wp-login.php)"
 
#HTTP response splitting generic sigs
#SecFilter "Content-Length\:.*Content-Type\:.*Content-Type\:" "id:340005,rev:1,severity:4,msg:'HTTP response splitting'"
 
#HTTP response splitting generic sigs
#SecFilter "Content-Length\:" "chain,id:340006,rev:1,severity:4,msg:'HTTP response splitting'"
#SecFilter "Content-Type\:"
 
#catch smuggling attacks
#SecFilter "^(GET|POST).*Host:.*^(GET|POST)"  "id:300012,rev:1,severity:4,msg:'catch smuggling attacks'"
 
#XSS insertion into Content-Type
#SecFilterSelective THE_REQUEST "Content-Type\:.*(<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>|onmouseover=|javascript\:)" "id:300002,rev:1,severity:4,msg:'XSS attack in Content-type header'"
 
#Code injection via content length
#SecFilterSelective HTTP_Content-Length|HTTP_USER_AGENT "\;(system|passthru|exec)\(" "id:330003,rev:1,severity:4,msg:'Code Injection in Content-Length header'"
 
#Don't accept chunked encodings modsecurity can not look at these, so this is a hole that can bypass your rules, the rule before this one should cover this, but hey paranoia is cheap
#SecFilterSelective HTTP_Transfer-Encoding "chunked" "id:300003,rev:1,severity:4,msg:'Chunked Transfer Encoding denied'"
 
##generic recursion signatures
#SecFilterSelective REQUEST_URI "\.\./\.\./" "id:300004,rev:2,severity:4,msg:'Generic Path Recursion1 denied'"
#SecFilterSelective THE_REQUEST "\.\|\./\.\|\./\.\|" "id:300005,rev:1,severity:4,msg:'Generic Path Recursion2 denied'"
#SecFilterSelective THE_REQUEST "\.\.\./" "id:300006,rev:1,severity:4,msg:'Bogus Path denied'"
 
#Generic PHP exploit signatures
#SecFilterSelective REQUEST_URI "<\?php (chr|fwrite|fopen|system|echr|passthru|popen|proc_open|shell_exec|exec|proc_nice|proc_terminate|proc_get_status|proc_close|pfsockopen|leak|apache_child_terminate|posix_kill|posix_mkfifo|posix_setpgid|posix_setsid|posix_setuid|phpinfo)\(.*\)\;" "id:330002,rev:1,severity:4,msg:'Generic PHP exploit pattern denied'"
 
#Prevent SQL injection in cookies
##SecFilterSelective COOKIE_VALUES "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" "id:300011,rev:1,severity:4,msg:'Generic SQL injection in cookie'"
 
#Prevent SQL injection in UA
##SecFilterSelective HTTP_USER_AGENT "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" "id:300012,rev:1,severity:4,msg:'Generic SQL injection in User Agent header'"
 
# Generic filter to prevent SQL injection attacks
# Understand that all SQL filters are very limited and are very difficult to prevent false postives and negatives.
# Please report false positives/negatives to mike@gotroot.com
#SecFilter "((select|grant|delete|insert|drop|alter|replace|truncate|update|create|rename|describe)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]+[[:space:]]+(from|into|table|database|index|view)[[:space:]]+[A-Z|a-z|0-9|\*| |\,]|UNION SELECT.*\'.*\'.*,[0-9].*INTO.*FROM)" "id:300013,rev:1,severity:4,msg:'Generic SQL injection protection'"
 
#generic XSS PHP attack types
##SecFilterSelective REQUEST_URI "\.php\?" "chain,id:300010,rev:1,severity:4,msg:'Generic PHP XSS exploit pattern denied'"
#SecFilter "(javascript\:/(.*new\x20ActiveXObject.*Sh\.regwrite|.*window\.opener\.document\.body.\innerHTML=window\.opener\.document\.body\.innerHTML\.replace)|onmouseover=\'javascript)"
 
#Generic XSS filter
#please report false positives
##SecFilterSelective REQUEST_URI "!/mt\.cgi" "chain,msg:'XSS2'"
#SecFilter "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>"
 
#XSS in referrer and UA headers
##SecFilterSelective HTTP_REFERER|HTTP_USER_AGENT "<[[:space:]]*(script|about|applet|activex|chrome)*>.*(script|about|applet|activex|chrome)[[:space:]]*>" "msg:'XSS3'"
 
#HTTP header PHP code injection attacks
##SecFilterSelective HTTP_CLIENT_IP|HTTP_USER_AGENT|HTTP_Referer "(<\?php|<[[:space:]]?\?[[:space:]]?php|<\? php)" "msg:'PHP1'"
 
#Generic PHP remote file injection
##SecFilterSelective REQUEST_URI "!(/do_command)" "chain,msg:'PHP2'"
##SecFilterSelective REQUEST_URI "\.php\?.*=(https?|ftp)\:/.*(cmd|command)="
 
#script, perl, etc. code in HTTP_Referer string
##SecFilterSelective HTTP_Referer "\#\!.*/" "msg:'perl script1'"
 
#remote file inclusion generic attack signature
#SecFilterSelective THE_REQUEST  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)\?" "chain,msg:'remote 1'"
#SecFilter "((name|pm_path|pagina|path|include_location|root|page|open)=(http|https|ftp)|(cmd|command|inc)=)"
 
#remote file inclusion generic attack signature
#SecFilterSelective THE_REQUEST  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)\?\&(cmd|command|inc|name)=" "msg:'remote2'"
 
#remote file inclusion generic attack signature
#SecFilterSelective ARGS  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)" "chain,msg:'file inclusion1'"
#SecFilter "\?\&(cmd|inc|name)="
 
#remote file inclusion generic attack signature
#SecFilterSelective ARGS  "\.(dat|gif|jpg|png|bmp|txt|vir|dot)\?\&(cmd|inc|name)=" "msg:'file inclusion2'"
 
#remote file inclusion generic attack signature
#SecFilterSelective REQUEST_URI  "\.php\?.*=(http|https|ftp)\:/.*\?&cmd=" "msg:'file inclusion3'"
 
#Bogus file extensions generic signature
#SecFilterSelective THE_REQUEST  "[A-Za-z0-9]\.(gif|jpg|png|bmp)\.txt" "msg:'file extension'"
 
#PHP remote path attach generic signature
#SecFilterSelective REQUEST_URI  "\.ph(p(3|4)?).*path=(http|https|ftp)\:/" "msg:'remote path1'"
#SecFilterSelective REQUEST_URI  "\.php.*path=(http|https|ftp)\:/" "msg:'remote path2'"
 
#generic php attack sigs
#SecFilterSelective REQUEST_URI "(&(cmd|command)=(id|uname)\x20|cmd\?(cmd|command)=|(spy|cmd|cmd_out|sh)\.(gif|jpg|png|bmp|txt)\?&(cmd|command)=|\.php\?&(cmd|command)=)" "msg:'php attack1'"
 
# WEB-MISC apache directory disclosure attempt
#SecFilterSelective THE_REQUEST "////" "msg:'apache directory disclosure'"
 
#PHP defenses
##SecFilterSelective ARG_PHPSESSID "!^$" "msg:'something in phpsessid'"
##SecFilterSelective COOKIE_PHPSESSID "!^$" "msg:'something in cookie phpsessid'"
 
#PHP defenses
##SecFilterSelective COOKIE_ASKAPACHEID "!^[0-9a-z]*$" "msg:'bad value for cookie'"
 
#cross site scripting attempt TYPE + JAVASCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/javascript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + JAVASCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-javascript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + JSCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/jscript" "msg:'cross-site1'"
 
# cross site scripting attempt STYLE + VBSCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/vbscript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + VBSCRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]application\/x-vbscript" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + ECMACRIPT
##SecFilterSelective THE_REQUEST "TYPE\s*=\s*[\'\"]text\/ecmascript" "msg:'cross-site1'"
 
# cross site scripting attempt STYLE + EXPRESSION
##SecFilterSelective THE_REQUEST "STYLE[\s]*=[\s]*[^>]expression[\s]*\(" "msg:'cross-site1'"
 
#cross site scripting attempt STYLE + EXPRESSION
##SecFilterSelective THE_REQUEST "[\s]*expression[\s]*\([^}]}[\s]*<\/STYLE>" "msg:'cross-site1'"
 
# cross site scripting attempt using XML
##SecFilterSelective THE_REQUEST "<!\[CDATA\[<\]\]>SCRIPT" "msg:'cross-site1'"
 
#cross site scripting attempt executing hidden Javascript
##SecFilterSelective THE_REQUEST "eval[\s]*\([\s]*[^\.]\.innerHTML[\s]*\)" "msg:'cross-site1'"
 
#cross site scripting attempt executing hidden Javascript
##SecFilterSelective THE_REQUEST "window\.execScript[\s]*\(" "msg:'cross-site1'"
 
#cross site scripting attempt to execute Javascript code
###SecFilterSelective THE_REQUEST "/(((URL|SRC|HREF|LOWSRC)[\s]*=)|(url[\s]*[\(]))[\s]*[\'\"]*javascript[\:]" "msg:'cross-site1'"
 
#cross site scripting HTML Image tag set to javascript attempt
#SecFilterSelective THE_REQUEST "img src=javascript" "msg:'cross-site1'"
 
#Fake image file shell attacvk
#SecFilterSelective HTTP_Content-Type "image/.*" "msg:'image shell 1'"
#SecFilterSelective POST_PAYLOAD "chr\(" "msg:'image shell2'"
 
#bogus graphics file
#SecFilterSelective HTTP_Content-Disposition "\.php"  "chain,msg:'bogus graphics'"
#SecFilterSelective HTTP_Content-Type "(image/gif|image/jpg|image/png|image/bmp)"
 
# Allow only letters, digits, underscore, and square brackets (for arrays)
# in variable names#
#SecFilterSelective ARGS_NAMES "!^[][a-zA-Z0-9_]+$"
 
#---------------------------------------------
# reject keywords that appear in POST or GET
#=============================================
SecFilterSignatureAction "nolog,auditlog,deny,severity:6,status:403"
 
SecFilterSelective REQUEST_URI  "^/.*/wp-comments-post\.php" "id:50200,msg:'WORDPRESS SPAM bad wp-comments-post location'"
 
<files wp-comments-post.php>
# fail for empty comment fields
SecFilterSelective "ARG_comment_post_ID|ARG_submit" "^$" "id:50300,msg:'WORDPRESS SPAM MISSING comment_post_ID'"
SecFilterSelective "ARG_comment_post_ID" "!^[0-9]{1,6}$" "id:50301,msg:'WORDPRESS SPAM BAD comment_post_ID'"
SecFilterSelective "HTTP_Cookie" "^$" "id:50302,msg:'WORDPRESS SPAM No cookie'"
 
##SecFilterSelective "comment_post_DI" "^$" "id:50310,msg:'WORDPRESS SPAM MISSING comment_post_DI'"
##SecFilterSelective "comment_post_DI" "!^[0-9]{1,2}$" "id:50311,msg:'WORDPRESS SPAM MISSING comment_post_DI'"
</files>
<pre>
 
<h2>MODSEC Continued.. Custom Anti-Spam (WordPress) I made</h2>
<pre>
SecFilterSignatureAction "nolog,noauditlog,deny,severity:6,redirect:http://www.askapache.com/feed/"
SecFilterSelective ARGS|THE_REQUEST "00bp\.com|360\.yahoo|987mb\.com|Ambien|American airline" "id:50010,msg:'SPAM 10'
SecFilterSelective ARGS|THE_REQUEST "Ativan|Caresoprodol|Darvocet|Ephedra|Ephedrine" "id:50011,msg:'SPAM 11'
SecFilterSelective ARGS|THE_REQUEST "Gambling|Lexapro|Tramadol|Venlafaxine" "id:50012,msg:'SPAM 12'
SecFilterSelective ARGS|THE_REQUEST "\[URL=|abgood|acura|acyclovir|adderall" "id:50013,msg:'SPAM 13'
SecFilterSelective ARGS|THE_REQUEST "adipex|alcohol|alprazolam|amateur|amrit" "id:50014,msg:'SPAM 14'
SecFilterSelective ARGS|THE_REQUEST "anal sex|analfinder|angelina jolie|asshole|axspace\.com" "id:50015,msg:'SPAM 15'
SecFilterSelective ARGS|THE_REQUEST "baccarat|bankrupt|bikini|biotic|black jack|blowjob" "id:50016,msg:'SPAM 16'
SecFilterSelective ARGS|THE_REQUEST "blackjack|blog\.360|brutality|buddhism|butalbital" "id:50017,msg:'SPAM 17'
SecFilterSelective ARGS|THE_REQUEST "cadillac|canalis|card credit|card stud|carisoprodol" "id:50018,msg:'SPAM 18'
SecFilterSelective ARGS|THE_REQUEST "carmen|cash advance|cash credit|casino|catch\.com" "id:50019,msg:'SPAM 19'
SecFilterSelective ARGS|THE_REQUEST "celebrex|celexa|cellulite|cheap|cheerleader" "id:50020,msg:'SPAM 20'
SecFilterSelective ARGS|THE_REQUEST "chevrolet|child abuse|cialis|cigarette|cipro" "id:50021,msg:'SPAM 21'
SecFilterSelective ARGS|THE_REQUEST "citroen|claritin|cleavage|clomid|codeine" "id:50022,msg:'SPAM 22'
SecFilterSelective ARGS|THE_REQUEST "consulting23|craps online|credit card|credit debt|crestor" "id:50023,msg:'SPAM 23'
SecFilterSelective ARGS|THE_REQUEST "dealership|debt free|desnudas|diazepam|dick" "id:50024,msg:'SPAM 24'
SecFilterSelective ARGS|THE_REQUEST "dildo|drugstore|earrings|endometrioma|endowment" "id:50025,msg:'SPAM 25'
SecFilterSelective ARGS|THE_REQUEST "erotic|estrogen|fioricet|francaise|freehost\.com" "id:50026,msg:'SPAM 26'
SecFilterSelective ARGS|THE_REQUEST "freehostia|freemb\.com|fuck|geocities\.com|hacking myspace" "id:50027,msg:'SPAM 27'
SecFilterSelective ARGS|THE_REQUEST "holdem|honda|hotels|hydrocodone|hypnotic" "id:50028,msg:'SPAM 28'
SecFilterSelective ARGS|THE_REQUEST "hyundai|implants|incest|instant approval|insurance" "id:50029,msg:'SPAM 29'
SecFilterSelective ARGS|THE_REQUEST "interracial|jaguar|jenny movie|johanson|kasino" "id:50030,msg:'SPAM 30'
SecFilterSelective ARGS|THE_REQUEST "lesbian|levitra|lipitor|loan|lolita" "id:50031,msg:'SPAM 31'
SecFilterSelective ARGS|THE_REQUEST "lorazepam|lorcet|lyrics|madamic|majorette" "id:50032,msg:'SPAM 32'
SecFilterSelective ARGS|THE_REQUEST "malaria|mastercar|masturbate|masturbation|maturewomen" "id:50033,msg:'SPAM 33'
SecFilterSelective ARGS|THE_REQUEST "mazda|medication|medicine|megsfree5\.com|mercedes" "id:50034,msg:'SPAM 34'
SecFilterSelective ARGS|THE_REQUEST "meridia|metformin|mitsubishi|mortgage|myspace profile" "id:50035,msg:'SPAM 35'
SecFilterSelective ARGS|THE_REQUEST "naked|neocool|nexium|nimire\.com|nissan" "id:50036,msg:'SPAM 36'
SecFilterSelective ARGS|THE_REQUEST "nokia|nude|nudism|nymph|open toe" "id:50037,msg:'SPAM 37'
SecFilterSelective ARGS|THE_REQUEST "oprodol|orgasm|oxycodone|oxycontin|packages" "id:50038,msg:'SPAM 38'
SecFilterSelective ARGS|THE_REQUEST "painrelief|pantyhose|paxil|payday|penis" "id:50039,msg:'SPAM 39'
SecFilterSelective ARGS|THE_REQUEST "percocet|pharmacy|phentermine|phetermine|phpbb_root" "id:50040,msg:'SPAM 40'
SecFilterSelective ARGS|THE_REQUEST "pictaboo|pictorial|pills|pissing|play craps" "id:50041,msg:'SPAM 41'
SecFilterSelective ARGS|THE_REQUEST "playgirl|pocker web|poker|pontiac|poquer" "id:50042,msg:'SPAM 42'
SecFilterSelective ARGS|THE_REQUEST "porn|pounder|prescription|preteen|prevacid" "id:50043,msg:'SPAM 43'
SecFilterSelective ARGS|THE_REQUEST "price1|prilosec|propecia|proza|prozac" "id:50044,msg:'SPAM 44'
SecFilterSelective ARGS|THE_REQUEST "puddled|pussy|refinance|rentals|replica" "id:50045,msg:'SPAM 45'
SecFilterSelective ARGS|THE_REQUEST "ringtones|roulette|screensaver|seduced|sexual" "id:50046,msg:'SPAM 46'
SecFilterSelective ARGS|THE_REQUEST "sexy|shemale|shiloh|singulair|site-host" "id:50047,msg:'SPAM 47'
SecFilterSelective ARGS|THE_REQUEST "slot machine|slot maschine|slots machine|solpip\.com|soma" "id:50048,msg:'SPAM 48'
SecFilterSelective ARGS|THE_REQUEST "sperm|starlets|supplier|suzuki|tadalafil" "id:50049,msg:'SPAM 49'
SecFilterSelective ARGS|THE_REQUEST "toyota|tylenol|ultram|valium|viagra" "id:50050,msg:'SPAM 50'
SecFilterSelective ARGS|THE_REQUEST "vigora|vioxx|wallpaper|warez|webcam" "id:50051,msg:'SPAM 51'
SecFilterSelective ARGS|THE_REQUEST "webpages\.com|wellbutrin|whitesluts|wholesale|whore" "id:50052,msg:'SPAM 52'
SecFilterSelective ARGS|THE_REQUEST "windshield|xanax|xenical|y lohan|yourgirls" "id:50053,msg:'SPAM 53'
SecFilterSelective ARGS|THE_REQUEST "youtube\.com|zantac|sex offenders|hotgay|Zoloft|celtic women" "id:50054,msg:'SPAM 54'
SecFilterSelective ARGS|THE_REQUEST "dollhouse|freehot|kardashian|oralsex" "id:50055,msg:'SPAM 55'
SecFilterSelective ARGS|THE_REQUEST "freeimghost" "id:50056,msg:'SPAM 56'

Unreleased AskApache Lightning code - caching plugin for WordPress

RewriteEngine On
RewriteBase /
 
RewriteCond %{REQUEST_URI} ^/(stats/|missing\.html|failed_auth\.html|test/).* [NC,OR]
RewriteCond %{ENV:REDIRECT_STATUS} =200
RewriteRule .* - [L]
 
RewriteCond %{HTTP_HOST} !=www.askapache.com
RewriteCond %{HTTP_HOST} !=z.askapache.com
RewriteRule .? http://www.askapache.com%{REQUEST_URI}%{QUERY_STRING} [R=301,L]
 
#RewriteCond %{HTTPS} =on
#RewriteCond %{THE_REQUEST} !^[A-Z]{3,9}\ /(wp-login.php|wp-admin)(.*)\ HTTP/ [NC]
#RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.*)\ HTTP/ [NC]
#RewriteRule .* http://www.askapache.com/$1 [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.+)%20(.+)\ HTTP/ [NC]
RewriteRule .* http://www.askapache.com/%1-%2 [R=301,L]
 
RewriteCond %{THE_REQUEST} ^GET\ /valid-html/.*\ HTTP/ [NC]
RewriteCond %{HTTP_REFERER} ^https?://www.askapache.com(.+).*$ [NC]
RewriteRule .* http://validator.w3.org/check?uri=http://www.askapache.com%1;ss=1;outline=1;debug [R=307,L,NE]
 
RewriteCond %{THE_REQUEST} ^GET\ /valid-css/.*\ HTTP/ [NC]
RewriteRule .* http://jigsaw.w3.org/css-validator/validator?uri=z.askapache.com/z/c/apache-10.css [R=301,L]
 
RewriteCond %{THE_REQUEST} ^GET\ /search/.*\ HTTP/ [NC]
RewriteCond %{QUERY_STRING} ^s=(.+)$ [NC]
RewriteRule .* http://www.askapache.com/search/%1? [R=302,L]
 
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/X%{REQUEST_URI}index.html -f
RewriteRule ^(.*)$ /X%{REQUEST_URI}index.html [L]
 
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/X%{REQUEST_URI} -f
RewriteRule ^(.*)$ /X%{REQUEST_URI} [L]

Passing Parameters to CGI through HTTP Headers

This deserves a note.. this trick lets you bypass so many hosting environment restrictions it's not even funny... like you can run bash as your webserver instead of apache! (kinda...)

RewriteCond %{REQUEST_URI} ^/cgi-bin/(hash|java)\.cgi$ [NC]
RewriteCond %{HTTP:P3P} ^(([^:]+):(.+))$ [NC]
RewriteRule .* - [E=HTTP_JS:%{HTTP:P3P},E=HTTP_US:%2,E=HTTP_PA:%3]

Redirect to FeedBurner

Yes.. I was the first to do this (parse the real rewrites internally in wordpress for no bypassing possibilities)... 

#RewriteCond %{REQUEST_URI} ^/feed/.*?$ [NC,OR]
#RewriteCond %{HTTP_REFERER} ^https?://www.askapache.com/wp-admin(.+).*$ [NC]
RewriteCond %{HTTP_USER_AGENT} FeedBurner [NC]
RewriteRule .* - [S=1]
 
RewriteCond %{REQUEST_URI} ^/(feed|rdf|rss|rss2|atom).* [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-(feed|rdf|rss|rss2|atom).* [NC,OR]
RewriteCond %{REQUEST_FILENAME} ^.*/(wp-atom|wp-feed|wp-rdf|wp-rss|wp-rss2)\.php$ [NC,OR]
RewriteCond %{REQUEST_FILENAME} ^.*/wp-includes/feed[^\.]*\.php$ [NC,OR]
RewriteCond %{QUERY_STRING} .*(feed|rdf|rss|rss2|atom).* [NC]
RewriteRule .* http://feeds.askapache.com/apache/htaccess? [R=302,L]

More Unreleased Caching Tests

# +ASKAPACHE CRAZYCACHE 2.3
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +ACACHE RULES
# +RULE
RewriteCond %{THE_REQUEST} ^(GET|HEAD)\ //?(.+)\.rdf\ HTTP/ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-cache/%2.html/index.rdf -f
RewriteRule ^(.+)\.rdf$ /wp-cache/%2.html/index.rdf [L,S=3]
 
RewriteCond %{QUERY_STRING} !^.*cacheit.* [NC]
#RewriteCond %{HTTP_USER_AGENT} W3C_Validator [OR,NC]
#RewriteCond %{REMOTE_ADDR} = [OR]
 
RewriteCond %{REQUEST_METHOD} =POST [OR]
RewriteCond %{THE_REQUEST} ^$ [OR]
RewriteCond %{QUERY_STRING} nocache [OR]
RewriteCond %{REMOTE_ADDR} = [OR]
RewriteCond %{HTTP_COOKIE} ^.*wordpress_logged_in_.*$ [NC]
RewriteRule .+ - [S=2]
 
RewriteCond %{DOCUMENT_ROOT}/wp-cache%{REQUEST_URI} !-d
RewriteRule .+ - [S=1]
 
RewriteCond %{DOCUMENT_ROOT}/wp-cache%{REQUEST_URI}/index.html -f
RewriteRule .+ /wp-cache%{REQUEST_URI}/index.html [L]
# -RULE
# -ACACHE RULES
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE CRAZYCACHE 2.3
 
# +ASKAPACHE CRAZYCACHE 2.3
#######################################################
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
# +ACACHE RULES
# +RULE
FileETag None
AddOutputFilterByType DEFLATE text/html
 
AddType 'text/html; charset=UTF-8' .html
 
Header set P3P "policyref=\"http://www.askapache.com/w3c/p3p.xml\""
Header set X-Pingback "http://www.askapache.com/xmlrpc.php"
Header set Content-Language "en-US"
Header set Vary "Accept-Encoding,Accept"
 
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault M7200
</ifModule>
# -RULE
# -ACACHE RULES
# - - - - - - - - - - - - - - - - - - - - - - - - - - -
#               __                          __
#   ____ ______/ /______ _____  ____ ______/ /_  ___
#  / __ `/ ___/ //_/ __ `/ __ \/ __ `/ ___/ __ \/ _ \
# / /_/ (__  ) ,< / /_/ / /_/ / /_/ / /__/ / / /  __/
# \__,_/____/_/|_|\__,_/ .___/\__,_/\___/_/ /_/\___/
#                     /_/
#######################################################
# -ASKAPACHE CRAZYCACHE 2.3
 
Options +IndexesOptions +FollowSymLinks
AddHandler application/x-httpd-php .php
 
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !^tyy+$ [NC]
RewriteCond %{REMOTE_USER} ^(.+)$
RewriteRule ^(.*)$ $1/-%1 [R=302,L]
Options +FollowSymLinks
DirectoryIndex index.php
ErrorDocument 404 /cgi-bin/pro/index.php
 
AuthName "Protection"
AuthUserFile /home/askapache/sites/askapache.com/.htpasswda1
AuthGroupFile /dev/null
AuthType Basic
Require valid-user
Satisfy Any
 
<ifModule mod_security.c>
SecFilterEngine Off
</ifModule>
Options +ExecCGI -Indexes -Includes +FollowSymLinks
Order Deny,Allow
Deny from All
Allow from 208.113.134.190 64.111.114.111  env=REDIRECT_STATUS
 
#SetEnvIf Remote_Addr ^$ MODSEC_ENABLE=Off
#SetEnvIf Server_Addr ^$ MODSEC_ENABLE=Off
#SetEnvIf Remote_Addr ^({SERVER_ADDR}e)$ GOOD=$1
#SetEnvIf Server_Addr GOOD R

Default HTACCESS

#
# Directives controlling the display of server-generated directory listings.
#
# Required modules: mod_autoindex, mod_alias
#
# To see the listing of a directory, the Options directive for the
# directory must include "Indexes", and the directory must not contain
# a file matching those listed in the DirectoryIndex directive.
#
Options +Indexes +MultiViews -ExecCGI +FollowSymLinks
DirectoryIndex index.html
 
#
#
# IndexOptions: Controls the appearance of server-generated directory
# listings.
#
IndexOptions FancyIndexing IconHeight=22 IconWidth=20 IgnoreClient NameWidth=* DescriptionWidth=* ScanHTMLTitles SuppressLastModified XHTML FoldersFirst SuppressHTMLPreamble
 
#
# AddIcon* directives tell the server which icon to show for different
# files or filename extensions.  These are only displayed for
# FancyIndexed directories.
#
 
AddIconByEncoding (CMP,http://z.askapache.com/i/s/compressed.gif) x-compress x-gzip
 
AddIconByType (IMG,http://z.askapache.com/i/s/image.gif) image/*
AddIconByType (SND,http://z.askapache.com/i/s/sound2.gif) audio/*
AddIconByType (TXT,http://z.askapache.com/i/s/text.gif) text/*
AddIconByType (VID,http://z.askapache.com/i/s/movie.gif) video/*
 
AddIcon http://z.askapache.com/i/s/hand.right.gif README
AddIcon http://z.askapache.com/i/s/folder.gif ^^DIRECTORY^^
AddIcon http://z.askapache.com/i/s/dir.png ^^DIRECTORY^^
AddIcon http://z.askapache.com/i/s/blank.gif ^^BLANKICON^^
AddDescription "100 Continue" 100* 100/index.html
AddDescription "101 Switching Protocols" 101* 101/index.html
AddDescription "102 Processing" 102* 102/index.html
AddDescription "200 OK" 200* 200/index.html
AddDescription "201 Created" 201* 201/index.html
AddDescription "202 Accepted" 202* 202/index.html
AddDescription "203 Non-Authoritative Information" 203* 203/index.html
AddDescription "204 No Content" 204* 204/index.html
AddDescription "205 Reset Content" 205* 205/index.html
AddDescription "206 Partial Content" 206* 206/index.html
AddDescription "207 Multi-Status" 207* 207/index.html
AddDescription "300 Multiple Choices" 300* 300/index.html
AddDescription "301 Moved Permanently" 301* 301/index.html
AddDescription "302 Found" 302* 302/index.html
AddDescription "303 See Other" 303* 303/index.html
AddDescription "304 Not Modified" 304* 304/index.html
AddDescription "305 Use Proxy" 305* 305/index.html
AddDescription "306 unused" 306* 306/index.html
AddDescription "307 Temporary Redirect" 307* 307/index.html
AddDescription "400 Bad Request" 400* 400/index.html
AddDescription "401 Authorization Required" 401* 401/index.html
AddDescription "402 Payment Required" 402* 402/index.html
AddDescription "403 Forbidden" 403* 403/index.html
AddDescription "404 Not Found" 404* 404/index.html
AddDescription "405 Method Not Allowed" 405* 405/index.html
AddDescription "406 Not Acceptable" 406* 406/index.html
AddDescription "407 Proxy Authentication Required" 407* 407/index.html
AddDescription "408 Request Time-out" 408* 408/index.html
AddDescription "409 Conflict" 409* 409/index.html
AddDescription "410 Gone" 410* 410/index.html
AddDescription "411 Length Required" 411* 411/index.html
AddDescription "412 Precondition Failed" 412* 412/index.html
AddDescription "413 Request Entity Too Large" 413* 413/index.html
AddDescription "414 Request-URI Too Large" 414* 414/index.html
AddDescription "415 Unsupported Media Type" 415* 415/index.html
AddDescription "416 Requested Range Not Satisfiable" 416* 416/index.html
AddDescription "417 Expectation Failed" 417* 417/index.html
AddDescription "418 unused" 418* 418/index.html
AddDescription "419 unused" 419* 419/index.html
AddDescription "420 unused" 420* 420/index.html
AddDescription "421 unused" 421* 421/index.html
AddDescription "422 Unprocessable Entity" 422* 422/index.html
AddDescription "423 Locked" 423* 423/index.html
AddDescription "424 Failed Dependency" 424* 424/index.html
AddDescription "425 No code" 425* 425/index.html
AddDescription "426 Upgrade Required" 426* 426/index.html
AddDescription "500 Internal Server Error" 500* 500/index.html
AddDescription "501 Method Not Implemented" 501* 501/index.html
AddDescription "502 Bad Gateway" 502* 502/index.html
AddDescription "503 Service Temporarily Unavailable" 503* 503/index.html
AddDescription "504 Gateway Time-out" 504* 504/index.html
AddDescription "505 HTTP Version Not Supported" 505* 505/index.html
AddDescription "506 Variant Also Negotiates" 506* 506/index.html
AddDescription "507 Insufficient Storage" 507* 507/index.html
AddDescription "508 unused" 508* 508/index.html
AddDescription "509 unused" 509* 509/index.html
AddDescription "510 Not Extended" 510* 510/index.html
AddDescription ".htaccess ErrorDocuments" *
 
#
# HeaderName is the name of a file which should be prepended to
# directory indexes.
ReadmeName /X/error/README.html
HeaderName /X/error/HEADER.html
 
# DefaultIcon is which icon to show for where none is explicitly set.
DefaultIcon http://z.askapache.com/i/s/generic.gif

Ok I'm done commenting..

#
# IndexIgnore is a set of filenames which directory indexing should ignore
# and not include in the listing.  Shell-style wildcarding is permitted.
#
IndexIgnore .??*  *_notes *~
RewriteEngine On
RewriteCond %{HTTPS} !=on [NC]
RewriteRule .* https://www.askapache.com%{REQUEST_URI}
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},E=REMOTE_USER:%{HTTP:Authorization}]
 
#RewriteCond %{QUERY_STRING} openid.mode=authorize
#RewriteCond %{REQUEST_URI} ^/openid.*$ [NC]
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},E=REMOTE_USER:%{HTTP:Authorization}]
Options +FollowSymLinks
DirectoryIndex index.html
 
#SetEnvIfNoCase ^Cookie$ "(.*)" HTTP_MY_COOKIE=$1
#SetEnvIfNoCase Remote_Addr "(.*)" HTTP_MY_REMOTE_ADDR=$1
ExpiresActive Off
FileETag None
Header unset Connection
Header set Connection "close"
Header unset Last-Modified
Header unset ETag
Header unset Accept-Ranges
Header unset Vary
Header unset Content-Type
Header unset X-Pingback
Header unset P3P
#Header add RouterBits "%D %t"
#Header add Location "http://www.askapache.com/feed/"
#Header add Found "http://askapache.com/feed/"
#Header add Content-Location "http://www.askapache.com/feed/"
#Header add Refresh "http://www.askapache.com/feed/"
#Header set Hi "%{HTTP_MY_REMOTE_ADDR}e"
### Section 1: Global Environment
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests it can handle or where it
# can find its configuration files.
#
#
# TZ: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv TZ America/Indianapolis
 
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed.  This address appears on some server-generated pages, such
# as error documents.  e.g. admin@your-domain.com
#
SetEnv SERVER_ADMIN webmaster@askapache.com
 
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# The Options directive is both complicated and important.  Please see
# http://httpd.apache.org/docs/2.0/mod/core.html#options
# for more information.
#
Options  +FollowSymLinks -ExecCGI -Indexes -Includes -MultiViews
 
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
DirectoryIndex index.html index.php /index.php
 
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<filesMatch "^\.ht">
    Order allow,deny
    Deny from all
  Satisfy All
</filesMatch>
 
#
# DefaultType: the default MIME type the server will use for a document
# if it cannot otherwise determine one, such as from filename extensions.
# If your server contains mostly text or HTML documents, "text/plain" is
# a good value.  If most of your content is binary, such as applications
# or images, you may want to use "application/octet-stream" instead to
# keep browsers from trying to display binary files as though they are
# text.
#
DefaultType text/html
 
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
ServerSignature Off
 
##############################################
#           HEADERS and CACHING              #
##############################################
Header unset Pragma
Header unset Last-Modified
FileETag None
 
Redirect 400 /e/400
Redirect 401 /e/401
Redirect 402 /e/402
Redirect 403 /e/403
Redirect 404 /e/404
Redirect 405 /e/405
Redirect 406 /e/406
Redirect 407 /e/407
Redirect 408 /e/408
Redirect 409 /e/409
Redirect 410 /e/410
Redirect 411 /e/411
Redirect 412 /e/412
Redirect 413 /e/413
Redirect 414 /e/414
Redirect 415 /e/415
Redirect 416 /e/416
Redirect 417 /e/417
Redirect 418 /e/418
Redirect 419 /e/419
Redirect 420 /e/420
Redirect 421 /e/421
Redirect 422 /e/422
Redirect 423 /e/423
Redirect 424 /e/424
Redirect 425 /e/425
Redirect 426 /e/426
Redirect 500 /e/500
Redirect 501 /e/501
Redirect 502 /e/502
Redirect 503 /e/503
Redirect 504 /e/504
Redirect 505 /e/505
Redirect 506 /e/506
Redirect 507 /e/507
Redirect 508 /e/508
Redirect 509 /e/509
Redirect 510 /e/510
 
#
# Redirect allows you to tell clients about documents which used to exist in
# your server's namespace, but do not anymore. This allows you to tell the
# clients where to look for the relocated document.
##############################################
#          PERMANENT REDIRECTS               #
##############################################
Redirect 301 /12-lessons-for-those-afraid-of-css.html http://www.askapache.com/css/12-lessons-for-those-afraid-of-css.html
Redirect 301 /2006/htaccess/htaccesselite-ultimate-htaccess-article.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /2007/phpbb/sending-post-form-data-with-php-curl.html http://www.askapache.com/htaccess/sending-post-form-data-with-php-curl.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/custom-phpini-with-fastcgi-on-dreamhost.html http://www.askapache.com/dreamhost/custom-phpini-with-fastcgi-on-dreamhost.html
Redirect 301 /2007/webmaster/php-and-ajax-shell-console.html http://www.askapache.com/tools/php-and-ajax-shell-console.html
Redirect 301 /27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html http://www.askapache.com/htaccess/27-request-methods-for-use-with-apache-and-rewritecond-and-htaccess.html
Redirect 301 /404-google-wordpress-plugin.html http://www.askapache.com/seo/404-google-wordpress-plugin.html
Redirect 301 /503-service-temporarily-unavailable.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /Overview-about.rdf http://www.askapache.com/askapache-home.rdf
Redirect 301 /abbr-acronym.html http://www.askapache.com/xhtml/abbr-acronym.html
Redirect 301 /adsense-robots.html http://www.askapache.com/google/adsense-robots.html
Redirect 301 /alexa-toolbar-firefox.html http://www.askapache.com/tools/alexa-toolbar-firefox.html
Redirect 301 /allowing-access-from-1-static-ip-and-deny-the-rest.html http://www.askapache.com/htaccess/apache-htaccess.html
Redirect 301 /anti-virus-spyware-rootkit.html http://www.askapache.com/security/anti-virus-spyware-rootkit.html
Redirect 301 /apache-ssl-in-htaccess-examples.html http://www.askapache.com/htaccess/apache-ssl-in-htaccess-examples.html
Redirect 301 /awk-tutorial.html http://www.askapache.com/awk/awk-tutorial.html
Redirect 301 /best-adsense-optimization.html http://www.askapache.com/wordpress/best-adsense-optimization.html
Redirect 301 /commonly-used-htaccess-code-examples.html http://www.askapache.com/htaccess/commonly-used-htaccess-code-examples.html
Redirect 301 /css-background-image-sprite.html http://www.askapache.com/css/css-background-image-sprite.html
Redirect 301 /css-browser-screenshots.html http://www.askapache.com/tools/css-browser-screenshots.html
Redirect 301 /css-class-example.html http://www.askapache.com/css/css-class-example.html
Redirect 301 /curl-multi-downloads.html http://www.askapache.com/php/curl-multi-downloads.html
Redirect 301 /custom-boot-menu-in-windows-xp.html http://www.askapache.com/windows/custom-boot-menu-in-windows-xp.html
Redirect 301 /donate http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /donate/ http://www.dreamhost.com/donate.cgi?id=8261
Redirect 301 /htaccess.txt http://z.askapache.com/p/htaccess.txt
Redirect 301 /htaccess/404-errorpages.html http://www.askapache.com/seo/google-ajax-search-seo-tips.html
Redirect 301 /htaccess/feedsmith http://www.askapache.com/htaccess/feedsmith-htaccess.html
Redirect 301 /htaccess/http-status-codes.html http://www.askapache.com/htaccess/apache-status-code-headers-errordocument.html
Redirect 301 /htaccess/instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /htaccess/speed-up-the-apache-web-server-with-configuration-hacks.html http://www.askapache.com/htaccess/apache-web-server-speed-configuration-hacks.html
Redirect 301 /instruct-search-engines-to-come-back-to-site-after-you-finish-working-on-it.html http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html
Redirect 301 /security/bypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/bypassing-vlanbypassing-vlan.html http://www.askapache.com/security/hacking-vlan-switched-networks.html
Redirect 301 /security/rigging-the-dreamhost-site-of-the-month-contest.html http://www.askapache.com/dreamhost/rigging-the-dreamhost-site-of-the-month-contest.html
Redirect 301 /seo/tailrankcom-robot.html http://www.askapache.com/seo/tailrank-robot.html
Redirect 301 /webmaster/caching-tutorial-for-webmasters.html http://www.askapache.com/htaccess/caching-tutorial-for-webmasters.html
Redirect 301 /webmaster/lft-traceroute-tool.html http://www.askapache.com/tools/lft-traceroute-tool.html
 
##############################################
#          PERMANENT REDIRECTMATCH           #
##############################################
#RedirectMatch 301 ^/&(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/&amp(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/([^/]+)//$ http://www.askapache.com/$1/
RedirectMatch 301 ^/(.+)/htaccesselite-ultimate-htaccess-article.html(.*) http://www.askapache.com/htaccess/apache-htaccess.html
RedirectMatch 301 ^/(.+)\.html/([a-z][a-z])/$ http://www.askapache.com/$1.html
RedirectMatch 301 ^/([\(]+)(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/([^9]*)9O1X.3y(.*)/(.*)$ http://www.askapache.com/$2
RedirectMatch 301 ^/.3y(.*)$ http://www.askapache.com/
RedirectMatch 301 ^/200([0-9])/([0-9])(.*)$ http://www.askapache.com/top-100/
RedirectMatch 301 ^/200([0-9])/([^01])(.*)$ http://www.askapache.com/$2$3
RedirectMatch 301 ^/about/glossary(.*)$ http://www.askapache.com/glossary$1
RedirectMatch 301 ^/apache-speed(.*)$ http://www.askapache.com/htaccess/apache-speed$1
RedirectMatch 301 ^/category/(.+)$ http://www.askapache.com/$1
RedirectMatch 301 ^/docs/(.*)$ http://askapache.info/$1
RedirectMatch 301 ^/htaccess/feedsmith-htaccess(.*) http://www.askapache.com/htaccess/redirecting-wordpress-feeds-to-feedburner.html
RedirectMatch 301 ^/robots-txt(.*)$ http://www.askapache.com/robots.txt
#RedirectMatch 301 ^/wp-content/uploads/(.*)$ http://z.askapache.com/uploads/$1
RedirectMatch 301 ^/z/(.+)$ http://z.askapache.com/$1
RedirectMatch 301 ^/(z|t|i|j|c|p)/(.*)$ http://z.askapache.com/$1/$2
RedirectMatch 301 ^/hosting/?$ http://www.askapache.com/hosting/
 
##############################################
#          TEMPORARY REDIRECTMATCH           #
##############################################
RedirectMatch 307 ^/getflash/?$ http://www.adobe.com/shockwave/download/download.cgi?P1_Prod_Version=ShockwaveFlash
RedirectMatch 307 ^/dream/?$ http://www.askapache.com/dreamhost/
RedirectMatch 307 ^/(cse|apachecse|apachecsetest|apachesearch)/?$ http://www.google.com/coop/cse?cx=002660089121042511758%3Akk7rwc2gx0i
 
#
# Commonly used filename extensions to character sets. You probably
# want to avoid clashes with the language extensions, unless you
# are good at carefully testing your setup after each change.
# See http://www.iana.org/assignments/character-sets for the
# official list of charset names and their respective RFCs.
#
AddDefaultCharset UTF-8
 
#
# AddType allows you to add to or override the MIME configuration
# file mime.types for specific file types.
#
#
AddType 'application/rdf+xml; charset=UTF-8' .rdf
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml
AddType 'application/xhtml+xml; charset=UTF-8' .xhtml.gz
AddType 'text/html; charset=UTF-8' .html
AddType 'text/html; charset=UTF-8' .html.gz
AddType application/octet-stream .rar .chm .bz2 .tgz .msi .pdf .exe
AddType application/vnd.ms-excel .csv
AddType application/x-httpd-php-source .phps
AddType application/x-pilot .prc .pdb
AddType application/x-shockwave-flash .swf
AddType application/xrds+xml .xrdf
AddType text/plain .ini .sh .bsh .bash .awk .nawk .gawk .csh .var .c .in .h .asc .md5 .sha .sha1
AddType video/x-flv .flv
 
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
# Despite the name similarity, the following Add* directives have nothing
# to do with the FancyIndexing customization directives above.
#
AddEncoding x-compress .Z
AddEncoding x-gzip .gz .tgz
 
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
AddHandler php-cgi .php
 
#
# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#
Action php-cgi /cgi-bin/php.cgi
 
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
#100 Continue
#101 Switching Protocols
#102 Processing
#200 OK
#201 Created
#202 Accepted
#203 Non-Authoritative Information
#204 No Content
#205 Reset Content
#206 Partial Content
#207 Multi-Status
#300 Multiple Choices
#301 Moved Permanently
#302 Found
#303 See Other
#304 Not Modified
#305 Use Proxy
#306 unused
#307 Temporary Redirect
#400 Bad Request
#401 Authorization Required
#402 Payment Required
#403 Forbidden
#404 Not Found
#405 Method Not Allowed
#406 Not Acceptable
#407 Proxy Authentication Required
#408 Request Time-out
#409 Conflict
#410 Gone
#411 Length Required
#412 Precondition Failed
#413 Request Entity Too Large
#414 Request-URI Too Large
#415 Unsupported Media Type
#416 Requested Range Not Satisfiable
#417 Expectation Failed
#418 unused
#419 unused
#420 unused
#421 unused
#422 Unprocessable Entity
#423 Locked
#424 Failed Dependency
#425 No code
#426 Upgrade Required
#500 Internal Server Error
#501 Method Not Implemented
#502 Bad Gateway
#503 Service Temporarily Unavailable
#504 Gateway Time-out
#505 HTTP Version Not Supported
#506 Variant Also Negotiates
#507 Insufficient Storage
#508 unused
#509 unused
#510 Not Extended
 
#ErrorDocument 100 /X/err/1/HTTP_CONTINUE.html
#ErrorDocument 101 /X/err/1/HTTP_SWITCHING_PROTOCOLS.html
#ErrorDocument 102 /X/err/1/HTTP_PROCESSING.html
 
#ErrorDocument 200 /X/err/2/HTTP_OK.html
#ErrorDocument 201 /X/err/2/HTTP_CREATED.html
#ErrorDocument 202 /X/err/2/HTTP_ACCEPTED.html
#ErrorDocument 203 /X/err/2/HTTP_NON_AUTHORITATIVE.html
#ErrorDocument 204 /X/err/2/HTTP_NO_CONTENT.html
#ErrorDocument 205 /X/err/2/HTTP_RESET_CONTENT.html
#ErrorDocument 206 /X/err/2/HTTP_PARTIAL_CONTENT.html
#ErrorDocument 207 /X/err/2/HTTP_MULTI_STATUS.html
 
#ErrorDocument 300 /X/err/HTTP_MULTIPLE_CHOICES.html
#ErrorDocument 301 /X/err/HTTP_MOVED_PERMANENTLY.html
#ErrorDocument 302 /X/err/HTTP_MOVED_TEMPORARILY.html
#ErrorDocument 303 /X/err/HTTP_SEE_OTHER.html
#ErrorDocument 304 /X/err/HTTP_NOT_MODIFIED.html
#ErrorDocument 305 /X/err/HTTP_USE_PROXY.html
#ErrorDocument 307 /X/err/HTTP_TEMPORARY_REDIRECT.html
#ErrorDocument 404 /X/err/HTTP_NOT_FOUND.html
 
ErrorDocument 400 /X/err/4/HTTP_BAD_REQUEST.html
ErrorDocument 401 /X/err/4/HTTP_UNAUTHORIZED.html
ErrorDocument 402 /X/err/4/HTTP_PAYMENT_REQUIRED.html
ErrorDocument 403 /X/err/4/HTTP_FORBIDDEN.html
ErrorDocument 405 /X/err/4/HTTP_METHOD_NOT_ALLOWED.html
ErrorDocument 406 /X/err/4/HTTP_NOT_ACCEPTABLE.html
ErrorDocument 407 /X/err/4/HTTP_PROXY_AUTHENTICATION_REQUIRED.html
ErrorDocument 408 /X/err/4/HTTP_REQUEST_TIME_OUT.html
ErrorDocument 409 /X/err/4/HTTP_CONFLICT.html
ErrorDocument 410 /X/err/4/HTTP_GONE.html
ErrorDocument 411 /X/err/4/HTTP_LENGTH_REQUIRED.html
ErrorDocument 412 /X/err/4/HTTP_PRECONDITION_FAILED.html
ErrorDocument 413 /X/err/4/HTTP_REQUEST_ENTITY_TOO_LARGE.html
ErrorDocument 414 /X/err/4/HTTP_REQUEST_URI_TOO_LARGE.html
ErrorDocument 415 /X/err/4/TTP_UNSUPPORTED_MEDIA_TYPE.html
ErrorDocument 416 /X/err/4/HTTP_RANGE_NOT_SATISFIABLE.html
ErrorDocument 417 /X/err/4/HTTP_EXPECTATION_FAILED.html
ErrorDocument 422 /X/err/4/HTTP_UNPROCESSABLE_ENTITY.html
ErrorDocument 423 /X/err/4/HTTP_LOCKED.html
ErrorDocument 424 /X/err/4/HTTP_FAILED_DEPENDENCY.html
ErrorDocument 426 /X/err/4/HTTP_UPGRADE_REQUIRED.html
 
ErrorDocument 500 /X/err/5/HTTP_INTERNAL_SERVER_ERROR.html
ErrorDocument 501 /X/err/5/HTTP_NOT_IMPLEMENTED.html
ErrorDocument 502 /X/err/5/HTTP_BAD_GATEWAY.html
ErrorDocument 503 /X/err/5/HTTP_SERVICE_UNAVAILABLE.html
ErrorDocument 504 /X/err/5/HTTP_GATEWAY_TIME_OUT.html
ErrorDocument 505 /X/err/5/HTTP_VERSION_NOT_SUPPORTED.html
ErrorDocument 506 /X/err/5/HTTP_VARIANT_ALSO_VARIES.html
ErrorDocument 507 /X/err/5/HTTP_INSUFFICIENT_STORAGE.html
ErrorDocument 510 /X/err/5/HTTP_NOT_EXTENDED.html
ErrorDocument 404 /index.php?error=404
 
# 1 YEAR
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|swf)$">
Header unset P3P
Header set Cache-Control "public"
Header set Expires "Thu, 15 Apr 2010 20:00:00 GMT"
</filesMatch>
 
# 2 HOURS
<filesMatch "\.(html|htm|xml|txt|xsl)$">
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault A3600
</ifModule>
</filesMatch>
 
RewriteEngine On
RewriteBase /
 
RewriteCond %{ENV:REDIRECT_STATUS} =200
RewriteRule .* - [L]
 
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD) [OR]
#RewriteCond %{QUERY_STRING} !^$ [OR]
RewriteCond %{HTTP_COOKIE} ^.*(comment_author_|wordpress|wp-postpass_).*$ [NC]
RewriteRule ^(.*)$ - [S=6]
 
RewriteCond %{HTTP_USER_AGENT} .*W3C_Validator.* [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml.gz -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml.gz [L,S=5]
 
RewriteCond %{HTTP:Accept} application/xhtml\+xml [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml.gz -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml.gz [L,S=4]
 
RewriteCond %{HTTP:Accept-Encoding} gzip [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.html.gz -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.html.gz [L,S=3]
 
RewriteCond %{HTTP_USER_AGENT} .*W3C_Validator.* [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml [L,S=2]
 
RewriteCond %{HTTP:Accept} application/xhtml\+xml [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.xhtml -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.xhtml [L,S=1]
 
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/aa/$1/index.html -f
RewriteRule ^(.*)$ /wp-content/cache/aa/$1/index.html [L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(.+)\.rdf\ HTTP/ [NC]
RewriteCond %{DOCUMENT_ROOT}/wp-content/rdf/%1.html/index.rdf -f
RewriteRule ^(.*)$ /wp-content/rdf/%1.html/index.rdf [L,S=1]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(error|w3c|openid)(/?.*)\ HTTP/ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /X/%1%2 [L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(y_key_bf61afd498f7623a\.html|google3bb7b7e1032ad0d4\.html|yadis\.xrdf|askapache-home\.rdf|os-description\.xml|labels\.rdf|gnu-fdl\.txt|wlmmanifest\.xml|robots\.txt)\ HTTP/ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /X/%1 [L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /X(.*)\ HTTP/ [NC]
RewriteRule .* - [F]
 
RewriteRule ^osq?(.*)$ /wp-content/plugins/wp-opensearch.php?$1 [QSA,L]
 
#RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /wp-login(.+)\ HTTP/ [NC]
#RewriteRule .+ https://www.askapache.com/wp-login%1 [R,L]
 
RewriteCond %{REQUEST_URI} ^/cgi-bin/(hash|java)\.cgi$ [NC]
RewriteCond %{HTTP:P3P} ^(([^:]+):(.+))$ [NC]
RewriteRule .* - [E=HTTP_JS:%{HTTP:P3P},E=HTTP_US:%2,E=HTTP_PA:%3]
 
RewriteCond %{HTTP_ACCEPT} application/xrds\+xml
RewriteCond %{HTTP_ACCEPT} !application/xrds\+xml\s*;\s*q\s*=\s*0(\.0{1,3})?\s*(,|$)
RewriteRule ^$ http://www.askapache.com/yadis.xrdf [R,L]
 
RewriteCond %{HTTP_USER_AGENT} !^(FeedBurner|FeedValidator|talkr.com).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(feed|rdf|rss|rss2|atom)/?.*\ HTTP/ [NC]
#RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(feed|rdf|rss|rss2|atom|wp-atom|wp-feed|wp-rdf|wp-rss|wp-rss2).*\ HTTP/ [NC]
RewriteRule .* http://feeds.askapache.com/apache/htaccess? [R=302,L]
 
#RewriteCond %{REMOTE_ADDR} ^$
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule ^(.+)\.phps$ /cgi-bin/phps.php?file=$1.php [L,NC]

Actual Htaccess Files from My Server originally appeared on AskApache.com

]]> http://www.askapache.com/htaccess/real-world-htaccess-files.html/feed 6 Upgrading to DreamHost Private Servers http://www.askapache.com/hosting/dreamhostps-private-server.html http://www.askapache.com/hosting/dreamhostps-private-server.html#comments Sat, 31 May 2008 21:14:27 +0000 AskApache http://www.askapache.com/?p=1004 DreamHost PS gives you your own "virtual machine", protecting your CPU and RAM on your physical machine for faster websites. Here's what I like and dislike about DreamHostPS, and some of the issues and solutions for migrating.

]]> AskApache.com

I've recently relocated to the DreamHost private server setup, not for any reason other than its such a cool offer that I had to take advantage of it to learn more about it.

DreamHost Private Server

DreamHost PS uses Linux-VServer to give you your own "virtual machine", thereby protecting your CPU and RAM from all other users on your physical machine.

Linux-VServer

Linux-VServerLinux-VServer provides virtualization for GNU/Linux systems. This is accomplished by kernel level isolation. It allows to run multiple virtual units at once. Those units are sufficiently isolated to guarantee the required security, but utilize available resources efficiently, as they run on the same kernel. This particular virtual server model is implemented through a combination of "security contexts", segmented routing, chroot, extended quotas and some other standard tools.

What Bothers Me about DreamHostPS

  1. They don't have the skill/desire to let you run only certain sites/usernames on the PS, its all or nothing, which completely sucks!
  2. It's so darn expensive, I spent more after the first 24 hours than I usually do in a MONTH
  3. Although they say you still have the backups of your site, the .snapshot folder is no longer accessible and you have to manually contact support to ask for a backup! Ahh!
  4. The environment on the shell doesn't have as much access to good stuff like using locate
  5. Processes can get out of control and use up to much memory if you have a busy site like me, which results in the sending of 503's to everyone else!
  6. Still uses NFS, the slowest thing in the world and not worth it now that backups aren't even accessible.. it can also cause some hard-to-detect issues with caching setups

What Thrills me about DreamHostPS

  1. I have more access and control over my server, sites, memory, and files via SSH login
  2. I can scale the CPU and Memory whenever I want, and just like the static IP's you only pay for the time you use, making experimenting affordable!
  3. I can reboot the whole server at anytime! Sometimes useful if a script I'm experimenting with locks the whole server..
  4. Only my shell accounts can access the server! Security is much stronger!
  5. You can configure other webservers like lighttpd, nginx, and fnord to serve content on sites that are mostly static content!
  6. I've only had it for 3 days, so I'm sure I'll find alot more awesome capabilities

Scale DreamHost CPU and Memory

Problems migrating to DreamHostPS

Here are some issues I experienced during migration and the solutions I've used.

During this process it is important to note how helpful the DreamHost Support Staff were in putting up with my sometimes overly technical and detailed support requests. Thanks John, Brian, and Robert R!

PHP and HTTPD processes hogging all memory

Unlike on shared hosting accounts, where DH technical people have set up a very robust system, it appears they are missing the expertise of a past employee or something because this new setup is not as robust.. YET!

For instance I started out my account CPU and memory at the MAX (2300 MB / 2300 Mhz) but my sites were all still taking forever to serve content, simply because instead of on the shared servers where user processes and HTTPD instances are more controlled, this account seems to not have very well-thought out limits on it. So if 100 people asked for a page on my site, this server loads up 100 HTTPD processes under dhapache user and loads up 100 processes for the custom-compiled php.cgi I am running. This sounds like a cool thing but in reality it takes up so much of my memory that my bash shell login under SSH runs out of memory and won't even let me do a simple ps, and it just keeps serving 503's to anyone else who requests something on my site. DH will have to fix this soon or someone will launch a DDOS attack that will cripple them, unless a googlebot does it first!

Solution I contacted support and received a very friendly and prompt reply suggesting a bad script and offering to setup a process watcher and killer, which I accepted. Eventually I located the problem to be an ErrorDocument 500 directive in my .htaccess that was pointing to a php file instead of a static .html

No crontabs or cronjobs

None of my crontab files were moved to my new server and in fact I was receiving permission denied just to access my crontab.

Solution I contacted support and they installed new crontabs for me and offered to copy my old ones.

Static IP Changed for site with non-DreamHost DNS

One site uses DNS from Network Solutions, so when my site was migrated and got a new static IP address, my site went down. It would have been nice and should be expected that in this situation DreamHost would alert you that the change is going to happen so you can update your DNS without your site going offline.

Solution Logged into my Network Solutions account and updated the DNS for my site to point to the new Static IP.

SSH Hosts, Authorized Keys Broken

Some of my sites and user accounts use passwordless SSH to make some things work, and all of these were made useless when I moved to my new private server.

Solution

  1. Logged into my user accounts with SSH
  2. Deleted the old files in folder .ssh
  3. Created new keys and added them to other accounts
  4. Logged in to new accounts to add to host files

Old Server and Static IP References in Site Files

I have some pretty technical and complex cgi's, .htaccess files, shell scripts run by cronjobs, php scripts, etc., on some sites and shell accounts, and many of my files contain code to the Static IP and/or dreamhost server, either for access control or for faster connects by connecting straight to an IP instead of having to perform a DNS lookup. So when both the Static IP's and dreamhost server changed it broke all my files.

Solution Basically I knew I had to search all of my files and replace the old IP with the new IP. I also had to search files relacing the old server with my new server. To make life simpler, I wrote a simple shell script that I run from my account while logged in using SSH that does this automatically with the added feature of asking me if I would like to make the replacement for each file it finds, which is nice because I don't want to replace this for old log files and misc stuff.

dreamhostps migration shell script

#!/bin/bash
# Version 1.0 by AskApache 5/29/2008
 
shopt -s extglob
renice 19 $$
 
OLDSERVER=208.113.183.103
NEWSERVER=208.113.134.190
 
FIXFILES=$(grep -R -l -i $OLDSERVER $HOME/!(Maildir|logs|backups|source|tmp|doit|php5|php526|ip_abuse) 2>/dev/null)
 
for thefile in ${FIXFILES[@]}; do
 if [ -f "$thefile" ]; then
  echo -e "\n\n\n\n"
  echo "___________________________________________________________________"
  echo "Name:  ${thefile}"
  echo "Type:  $(command file -b ${thefile})"
  echo "Size:  $(command du -hs ${thefile}|awk '{ print $1}')"
  echo "Matching Lines:"
  grep -i --color=auto $OLDSERVER $thefile
  echo -e "___________________________________________________________________\n"
  echo -en "Replace occurances of $OLDSERVER with $NEWSERVER? [y/N] " ; read -n 1 ans
  case "$ans" in
   n|N) echo -e "\nSKIPPING..."; ;;
   y|Y) echo -e "\nREPLACING..."
        cp $thefile $thefile.b1 &>/dev/null
        cat $thefile.b1 | sed "s/${OLDSERVER}/${NEWSERVER}/g" 1>$thefile
        rm $thefile.b1 &>/dev/null
        echo "DONE"; ;;
  esac
 fi
done
exit 0

Other Webservers Allowed on DreamHostPS

Lightweight web servers are Web servers which have been designed to run with very small resource overhead because of hardware, environment, or simply for the challenge of it. Many of these systems have been created as a mental exercise to determine if a modern webserver could be written to run on limited resources such as those provided in a graphing calculator, an ancient Commodore 64 machine, or in 64 kB (64 KiB) total of memory. Others have been written as commercial endeavors to create webservers with low overhead for embedded systems (network router configuration pages) or low memory environments.
Apache webserver on DH is configured in process-based mode. This means that each process serves one simultaneous connection and uses significant amount of memory for that, thus limiting concurrent user count. You can download and install some lightweight web-servers like (lighttpd) or (nginx). These servers use async i/o and can handle large count of concurrent connections without consuming much RAM, especially when serving static files. But default port 80 is already occupied by apache, and you cannot change that. So, you can use another port for new lightweight server, but visitors will see ugly port number in address and such solution will not work for some corporate firewalls.
  1. lighttpd - small memory footprint compared to other web-servers, effective management of the cpu-load, and advanced feature set
    • FastCGI
    • SCGI
    • Auth
    • Output-Compression
    • URL-Rewriting
    • many more
  2. nginx - lightweight web server/reverse proxy and e-mail (IMAP/POP3) proxy
    • Handling of static files, index files and auto-indexing
    • Reverse proxy without caching, load balancing, and fault tolerance
    • SSL support
    • FastCGI support
    • Name- and IP-based virtual servers
    • FLV streaming
  3. fnord - lightweight webserver written by Felix von Leitner. It aims to be a small, but extremely fast and secure webserver.
    • Small! (13k static Linux-x86 binary without CGI, 18k with CGI)
    • Fast! Uses mmap (and on Linux, sendfile)
    • connection keep-alive
    • el-cheapo virtual domains (similar to thttpd)
    • IPv6 support (through tcpserver)
    • CGI (through pipes, not temp files like Apache)
    • Content-Range (not the full specs, just a-b or a- byte ranges)
    • transparent content negotiation
    • Directory index generation

DreamHost PS Troubleshooting

  1. Symptoms of an Overloaded DreamHost PS
  2. Checking your Daily & Monthly Resource Usage
  3. Changing your CPU & Memory Allocation
  4. Rebooting your DreamHost PS
  5. Overloaded DreamHost PS
  6. Idle DreamHost PS
  7. Changing web server
  8. See also
  9. External link

Symptoms of an Overloaded DreamHost PS

If you experience any of the following symptoms, most likely you will need to increase the resource allocation (CPU & memory) to your Private Server:

  1. Out of memory
  2. Internal server errors ("500" errors)
  3. Killed scripts
  4. Inability to log in ("ssh_exchange_identification: Connection closed by remote host")

Checking your Daily & Monthly Resource Usage

Check the daily & monthly usage graph in the Control Panel under (PRIVATE SERVERS > CPU/MEMORY) to see if your usage is going beyond your currently guaranteed CPU and memory allocation.

Changing your CPU & Memory Allocation

You can increase or decrease your resource allocation by moving the green slider in the Control Panel under (PRIVATE SERVERS > CPU/MEMORY). As you move it the amount of CPU and memory will update automatically, along with the rate you'll be charged for that setting. Once you're happy with the setting click on the "Change {servername}'s CPU / Memory Now!" button to push the change into place. It will take a short period of time for the setting change to be reflected. Typically no reboot is necessary.

Rebooting your DreamHost PS

If you have a problem you can try rebooting your Private Server yourself in the Control Panel under (PRIVATE SERVERS > REBOOT SERVER). No need to contact support for that! Isn't that cool?! It may temporarily fix things, but if it doesn't provide a long-term solution, you will need to increase the resources allocated to your Private Server by using the green slider as mentioned in the previous paragraph.

Overloaded DreamHost PS

Club 150 (overloaded)

The image above is what your daily usage graph might look if you've got your settings too low. Notice that the actual usage routinely exceeds the guaranteed amount of 150MHz/MB. This is bound to cause problems for your sites. To rectify the situation it's recommended that you increase your resource allocation. Then keep an eye on the graph for several hours, and test our sites to see if you've allocated enough resources for things to run smoothly. It is recommended that you start out by doubling your current resource allocation to see if it's enough. Once you've verified that things are running properly you can reduce your resource allocation to the point where your peaks just barely exceed what you have allocated. Of course you'll want to routinely monitor your usage and increase the resource allocation as your needs increase. It's best to over allocate then under allocate! You don't want to find out that you've under allocated by your visitors/customers complaining about your sites not working properly.

Note that you're only charged for the period of time that you have the slider in a particular position. So it's safe to experiment. In fact, we recommend it. You can increase or decrease your resource allocation at any time.

You will typically see Apache processes running on your server and appearing to consume all of the memory. This is generally not the case because Apache processes share a significant amount of memory between one another. Additionally, we automatically configure Apache to work well within the memory allocation of your PS server. It is still possible for a busy website to overwhelm a DreamHost PS server, but it is not generally the fault of the apache webserver itself.

Of course you may also want to try to reduce your load on the server as well so you can reduce the resource allocation and save some money.

Idle DreamHost PS

Club 150 (idle)

The image above is what your daily usage graph might look if you've got nothing running under your DreamHost PS. This just shows the overhead resource usage. You could host a lightly loaded web page with this resource allocation (provided it uses static content), but probably not much more. If you've got your resource allocation set to 150MHz/MB it is recommendended that you monitor the usage very often.

Some Content on this page included from this article by Author History from the DreamHost Wiki and is licensed under the GNU FDL.

Upgrading to DreamHost Private Servers originally appeared on AskApache.com

]]> http://www.askapache.com/hosting/dreamhostps-private-server.html/feed 14 IP Abuse Detection for DreamHost http://www.askapache.com/security/htaccess-ip-blocking.html http://www.askapache.com/security/htaccess-ip-blocking.html#comments Sun, 16 Mar 2008 13:46:44 +0000 AskApache http://www.askapache.com/security/htaccess-ip-blocking.html Block IP Address .htaccessScan Apache logs for IP address that are probably evil, then generates an .htaccess file to DENY them all.

]]> AskApache.com

Block IP Address .htaccessAlot of people have asked me about the best way to block specific IP addresses that are attacking their servers. No easy answer for sure. Here's what I came up with.

Per-domain Error.log and Access.log checks

This shell script analyzes a specific domains apache logs, both error and access, and then finds the IP address that hit your server the most. Then it checks for a a reverse DNS for each of the IP addresses, if it doesn't have a reverse DNS, AND it results in a positive to one of the 3 other tests its added to a bad IP list.

Generates .htaccess blocking code

automatically generated .htaccess fileOnce the tests have concluded (on my machine it takes maybe 5 minutes) you have the choice to view an automatically generated .htaccess file that you can copy into your real .htaccess file, full of the correct code to Block the bad IP's. You can tell them bye bye with a 403 Forbidden.

IP Abuse / .htaccess Blocking Script

IP Abuse Detection from Apache Logs

#!/bin/sh
 
# User-contributed script. Not sponsored by DreamHost.
# Script created 2008-01-16 by AskApache (www.askapache.com)
 
### SHELL OPTIONS
set +o noclobber  # allowed to clobber files
set +o noglob     # globbing on
set +o xtrace     # change to - to enable tracing
set +o verbose    # change to - to enable verbose debugging
set -e            # abort on first error
 
# directory where log files, reports, and generated .htaccess files will be saved
TMPDI="$HOME/ip_abuse"
 
function exitt(){
 case $TERM in
  xterm*|vt*|ansi|rxvt|gnome*) echo -e "\033]0;$USER@`hostname`: $HOME\007" ;;
 esac
}
 
function ok_continue()
{ echo -en "\n\033[?25l\033[30;42m[ Press any key to continue ]\033[0m\n" ;read -n 1 ans;echo -en "\033[?25h"; }
 
function test_title()
{ echo -en "\n\n\033[0;32m\n>>>"; echo -e "\033[1;37m $1 \033[0m \n"; echo -e "\n\n[ ${1} ]\n" >> $REPORT; }
 
function error_abuse(){
 clear; title
 case "$2" in
  connlimit|1*) test_title "CONCURRENT CONNECTION TEST"; future=2
   echo -e "Shows IP's making more than 20 requests concurrently.\n\n"
   cat $TMPDI/$YD/logs/e* |grep 'concurrent\ connection\ limit'|awk -F ']' '{print $3}' |
   awk '{print $2}'|sort|uniq -c |sort -nr|sed 's/^ *//'|egrep "[0-9]{2}+\ " > $TMPDI/$YD/logs/out.txt ;;
  access|2*) test_title "TOP 50 IP TEST"; future=3
   echo -e "Displays the top 50 unique IP addresses that access your site."
   echo -e "If they don't have a reverse DNS maybe they should be blocked.\n\n"
   cat $TMPDI/$YD/logs/a* |awk '{print $1|"sort|uniq -dc|sort -nr"}' |egrep "[0-9]{3}+\ "|
   awk '{print $1,$2}' > $TMPDI/$YD/logs/out.txt ;;
  internal|3*) test_title "INTERNAL RECURSION TEST"; future="report"
   echo -e "Shows the IP's that triggered an Internal Recursion Error,"
   echo -e "meaning that their is a looping problem on your server.\n"
   cat $TMPDI/$YD/logs/e* |grep 'LimitInternalRecursion'|awk -F ']' '{print $3}'|awk '{print $2}' |
  sort|uniq -c|sort -nr|sed 's/^ *//'|egrep "[0-9]{2}+\ " > $TMPDI/$YD/logs/out.txt ;;
 esac
 
 echo -e "\033[?25l";t=0; h=0; cat $TMPDI/$YD/logs/out.txt |
 while read a
 do
 if [ $t -lt 50 ];then
  n=`echo "$a"|awk '{print $1}'`; ip=`echo "$a"|awk '{print $2}'`
  host=`nice -n 19 host -qQ -s 1 "${ip}" 2>&1|tr '\n' '\t'|awk '{print $2}'`;
  case "$host" in
   does) echo -en "\033[0;33m"; echo -e "$ip" >> $REPORT
    host=${host/does/!!!POSSIBLE-ABUSE!!!}; (( t++ )); (( h++ )); ips=" $ip$ips" ;;
   not) echo -en "\033[0;33m"; echo -e "$ip" >> $REPORT
    host=${host/not/!!!POSSIBLE-ABUSE!!!}; (( t++ )); (( h++ )); ips=" $ip$ips" ;;
   PTR) echo -en "\033[0;33m"; echo -e "$ip" >> $REPORT
    host=${host/PTR/!!!POSSIBLE-ABUSE!!!}; (( t++ )); (( h++ )); ips=" $ip$ips" ;;
   .) echo -en "\033[0;33m"; echo -e "$ip" >> $REPORT
    host=${host/\./!!!POSSIBLE-ABUSE!!!}; (( t++ )); (( h++ )); ips=" $ip$ips" ;;
  esac
  echo -en " ${n}\t${ip}\t${host}\033[0m\n"
  if [ $h -gt 3 ]; then
  echo -e "Deny from$ips" >> $TMPDI/$YD/.htaccess; h=0; ips=" ";
  fi
fi
done
[ $h -gt 0 ] && echo -e "Deny from$ips" >> $TMPDI/$YD/.htaccess
ok_continue; exec sh $0 "$1" "$future"
}
 
function menu(){
 PS3="`echo -e '\033[0;36m'`Please Select a Domain To Test: `echo -e '\033[0m'`"; echo -ne "\033[0m"
 select v
 do
  YD="$v"
  mkdir -p -m 0755 $TMPDI/$YD/reports
  mkdir -p -m 0755 $TMPDI/$YD/logs
  echo "" > $TMPDI/$YD/logs/out.txt
  echo "" > $TMPDI/$YD/.htaccess
  echo -e "## IP-ABUSE-LOOKUP\nOrder Allow,Deny\nAllow from All" > $TMPDI/$YD/.htaccess
  ELOG="$TMPDI/$YD/logs/error.log"
  ALOG="$TMPDI/$YD/logs/access.log"
  REPORT=$(echo -en "$TMPDI/$YD/reports/`date +%mx%dx%y`.txt");
  echo "" > $REPORT; echo -e "GENERATED REPORT FOR $YD \n`date`\n" >> $REPORT
  clear; title; cd ~/logs/$YD/http
  if [ ! -f $ELOG ]; then
   test_title "Creating Error log"
   `nice -n 19 gunzip -dc e*.gz | split -b 1m -a 4 -d - $TMPDI/$YD/logs/e.`; wait
   cp error.log $TMPDI/$YD/logs; echo -e "\033[0;31m [ DONE ]\n\n"
  fi
  if [ ! -f $ALOG ]; then
   test_title "Creating access log"
   `nice -n 19 gunzip -dc a*.gz | split -b 5m -a 4 -d - $TMPDI/$YD/logs/a.`; wait
   cp access.log $TMPDI/$YD/logs; echo -e "\033[0;31m [ DONE ]\n\n"
  fi
  cd $HOME; exec sh $0 "$YD" "1"
 done
}
 
function show_report(){
 clear; title;
 PS3="`echo -e '\033[0;36m'`Please select a course of action: `echo -e '\033[0m'`"; echo -ne "\033[0m"
 select v in "View Report" "View .htaccess" "Quit"
 do
  case "$v" in
   *Report) clear; title; test_title "VIEWING $REPORT"; cat $REPORT ;;
   *htaccess) clear; title; test_title "VIEWING $TMPDI/$YD/.htaccess"; cat $TMPDI/$YD/.htaccess ;;
   Quit) break;;
  esac
 done
exit 0
}
 
function title(){
 # pretty sweet!
 echo -e "\033[1;30m __________________________________________________________________________ "
 echo -e "|\033[1;32m                 ___                     __ __         __                 \033[1;30m|"
 echo -e "|\033[1;32m                / _ \_______ ___ ___ _  / // /__  ___ / /_                \033[1;30m|"
 echo -e '|\033[1;32m               / // / __/ -_) _ `/  ` \/ _  / _ \(_-</ __/                \033[1;30m|'
 echo -e "|\033[0;32m              /____/_/  \__/\_,_/_/_/_/_//_/\___/___/\__/                 \033[1;30m|"
 echo -e "|                                                                          |"
 echo -e "|            \033[1;37mDREAMHOST IP ABUSE DETECTION SCRIPT VERSION 0.1\033[1;30m               |";
 echo -e "\033[1;30m __________________________________________________________________________ \033[0m\n\n"
}
 
# catch non-kill exit to reset term / ncurses
trap exitt EXIT
 
# set window title if client is capable
case $TERM in
 xterm*|vt*|ansi|rxvt|gnome*) echo -e "\033]0;DREAMHOST IP ABUSE DETECTION SCRIPT\007" ;;
esac
 
if [ $# -lt 1 ]; then
 clear; title; [ -d $TMPDI ] || mkdir -m 755 $TMPDI
 cd ~/logs; DOMAINS=( `ls ~/logs/` ); cd $OLDPWD; menu ${DOMAINS[@]}
else
 YD="${1}"
 mkdir -p -m 0755 $TMPDI/$YD/reports; mkdir -p -m 0755 $TMPDI/$YD/logs
 touch $TMPDI/$YD/logs/out.txt;
 ELOG="$TMPDI/$YD/logs/error.log"
 ALOG="$TMPDI/$YD/logs/access.log"
 REPORT=$(echo -en "$TMPDI/$YD/reports/`date +%mx%dx%y`.txt");
 
 if [ "$2" == "report" ]; then
  show_report "$1" "$2"
 else
  error_abuse "$1" "$2"
 fi
fi
 
exit 0

Read more on the DreamHost wiki page: Block IP Abuse.

IP Abuse Detection for DreamHost originally appeared on AskApache.com

]]> http://www.askapache.com/security/htaccess-ip-blocking.html/feed 5 Privacy Statement and Terms of Use http://www.askapache.com/statements http://www.askapache.com/statements#comments Sat, 04 Aug 2007 22:52:10 +0000 AskApache http://www.askapache.com/about/statements/ AskApache.com

Please, read the definitions page before continuing.

AskApache respects privacy and recognizes it as an undisputed right of the internet user.

The following section outlines the kind of data that is collected when you visit or interact with the AskApache web site:

  • The web server, on which this site is hosted, automatically records information such as the IP address,
    • Read the rest
]]> AskApache.com

Please, read the definitions page before continuing.

AskApache respects privacy and recognizes it as an undisputed right of the internet user.

The following section outlines the kind of data that is collected when you visit or interact with the AskApache web site:

  • The web server, on which this site is hosted, automatically records information such as the IP address, browser type, date and time of your HTTP requests. This is a typical behaviour of all web servers.
  • When you interact with this web site in the form of submitting comments, the information you provide in the comment form fields is stored in the WordPress platform database and a cookie is stored in your harddrive. This cookie contains the name, the email address and your web site's URL (if provided), which you have used in the comment form. This is the WordPress Personal Publishing Platform's default behaviour and its only purpose is that you do not have to supply the same information when you submit another comment in this web site. This is the cookie's only functionality, but can be totally avoided by disabling the storage of cookies in your web browser. This is also the typical behaviour of the majority of web sites. By submitting information in the comment form you accept this functionality.
  • Interaction with the forums requires registration. Whenever you log into the forums, the login information is encrypted and stored in a cookie. The cookie's functionality is that it keeps you logged in, even if you close the browser's window. This functionality can be totally avoided by disabling the storage of cookies in your web browser.
  • No other information is collected, if this web site is used according to the guidelines expressed in this document. Additional information is collected in case of violations.

AskApache respects its user's personal information. Specifically for email addresses, we are bounded by the following two statements:

  • We will never reveal your email address to the public.
  • We will never use it to contact you, unless you request it.

We reserve the right though to disclose all the information you have submitted in a comment or forum post, accompanied by all the information the web server has automatically recorded for your HTTP requests, to any third party or authority worldwide, but also ask any third party worldwide for the disclosure of such information, in the following cases:

  • You abuse this web site, by submitting comments or forum posts that contain:
    • Links to any kind of pornographic material.
    • Links to any kind of illegal material.
    • Links to any kind of online marketplace, legal or illegal.
    • Information totally irrelevant to the presented post (as judged by a normal and totally sane person's objective evaluation).
    • Racism related content.
    • Abusive or insulting accent towards the author or any other reader.
  • We are enforced to proceed to this action by the law.
  • Your interaction with this web site violates the web site's license.

Generally, self promotion, company promotion, product or service promotion are strictly prohibited. You may provide a link to your personal web site in the Website field of the comment form or forum member profile form, only in the case it complies with the above guidelines.

We reserve the right to commit any of the previously mentioned actions and also to remove or moderate comments or block any range of IP addresses from accessing this web site without warning or notice.

We reserve the right, in case of violation of these guidelines, to collect and keep detailed files about the violator's information, personal or not. This information may include, but may not be restricted to, the following:

  • All the HTTP headers that are exchanged between the web server and the HTTP client in the most extreme detail.
  • All the information contained in the submitted comment, including detailed whois information about remote hosts or IP addresses that are included.
  • All the information, which third parties may disclose to us about the violator's identity.

Interaction with this web site using an HTTP client that does not comply with the internet standards is strictly prohibited. You are free to visit, read, browse and interact with this web site as long as your actions stay inside the boundaries of legality.

By submitting a comment or posting in our forums you explicitly accept all the functionality, all the reserved rights and the general policy which is expressed in this document.

If for any reason you cannot accept these terms and conditions or this web site's general policy and purpose of existence, you are encouraged to leave this place as soon as possible and never visit it again.

You are free to use any info posted in this web site as long as you comply with the site's license or any other license information that is stated. Read my License Information and Disclaimer.

Note

This page is under continuous construction and maintenance, so check back often for updates.

Privacy Statement and Terms of Use originally appeared on AskApache.com

]]> http://www.askapache.com/statements/feed 0 Trace Email Back to the Sender http://www.askapache.com/software/tracking-spam-and-email.html http://www.askapache.com/software/tracking-spam-and-email.html#comments Mon, 22 Jan 2007 20:09:53 +0000 AskApache http://www.askapache.com.com/security/tracking-spam-and-email.html Locate the sender of an email and their geographical location, including messages sent through anonymous email services like Gmail, Yahoo, and Hotmail.

]]> AskApache.com

Today I received an email from a site visitor who's been the recipient of some disturbing emails from an "anonymous" party. She was googling the net for a solution, hoping that tracing the emails back to the source was even possible.

Visualware

Visualware Security Suite's unique IP geo-tracking capabilities help you ascertain where an Internet threat is coming from by providing an easy-to-use graphical interface for tracing the location and owner of any web site, IP address or email.

Who sent you that email?

Who sent you that email and where are they located?

In many cases you can figure out who sent you that nasty email and report them to the proper authorities!

  1. Use eMailTrackerPro
  2. Email Internet Headers
  3. 'Received' Headers
  4. The Sender's IP Address
  5. Report Email Abuse
  6. Leaked Sender Information
  7. Final Warnings

Trace Email Back to the Sender originally appeared on AskApache.com

]]> http://www.askapache.com/software/tracking-spam-and-email.html/feed 0