Advanced .htaccess Tricks for Securing Sites
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Tagged: advanced, Hacking, htaccess, mod_rewrite, phpBB, Security, ssl | 7 Comments | Continue...
About AskApache
Purpose and Goal of AskApache
To provide free access to knowledge and data with the goal of empowering people.. or more melodramatically: “Power to the People!”
Why the name AskApache? AskApache was chosen to show and pay respect to the contributors of the Apache Web Server. Literally it means to ask Apache when facing a problem, by searching the Open-Source, contacting a board/list, or browsing the documentation.
The Author
I work for a multimedia production / brand development & marketing company here in Indianapolis, the greatest city in the world! I started this blog in Dec., ‘06 to familiarize myself with WordPress as a blogging platform among other things for my job. I help expand/create a growing companies market-share online (and offline) by managing and building the brand and developing high-quality leads and loyal customers by building online funnels fed by SEO traffic and on/offline marketing campaigns. Other than the design and development costs for our minimum 12 month contract, we operate using a gain-share formula where we receive a percentage of the increased revenue that results from our services. This translates to fanatical attention to improving the bottom-line, and focus on long-term sustainable growth and overall success.
It’s important to me to note that unlike most systems set up like this, we are absolutely interested in creating customers/leads/whatever by providing real value for them. It’s much more difficult and takes a lot longer, but it is also self-sustaining as value attracts in an exponential manner. We are likely different than any model you’ve seen before in terms of lead-sales-marketing types.
My Background
I started on DOS, then Windows 2.11 (released 1989), and learned BASIC for my first language… then IBM PC assembly followed by Java, which I used as an excuse to stop learning assembly.. …
Encrypted WordPress / phpBB Backups
Enter your DOMAIN_ROOT and the location of your wp-config.php or config.php, and this script finds all the mysql settings by parsing the phpbb or wordpress config file, then creates GPG encrypted backups, and saves your settings for future automation.
Tagged: Backups, bash, encryption, GPG, linux, mysql, phpBB, shell script, unix, WordPress | 1 Comment | Continue...
AskApache Password Protection, For WordPress
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.
Is Your Password Crackable?
I’ve put up a new tool to check the strength of your password hash, that locates weak passwords by searching Rainbow Tables for md5 or sha1 hash match. Locate and fix this common security vulnerability before being exploited.
HTTP Status Codes and .htaccess ErrorDocuments
There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn’t you like to see what all those headers and their output, ErrorDocuments look like?
Tagged: Apache, errordocument, htaccess, HTTP Error, HTTP Status Codes, PHP, Redirect, Status Code | 19 Comments | Continue...
SEO with Robots.txt
Very nice tutorial dealing with the robots.txt file. Shows examples for google and other search engines. Wordpress robots.txt and phpBB robots.txt sample files.
Website SEO Score Tool
Check out this free online SEO site-scoring tool. The SEO generated report is simple, neat, and helpful. The main thing I like about it is how it is a stand-alone website, a residual money making machine.
WordPress robots.txt SEO
WordPress robots.txt file can make a huge impact on your WordPress blogs traffic and search engine rank. This is an SEO optimized robots.txt file.
SEO Redirects without mod_rewrite
Web Professionals use mod_rewrite to issue 301 and 302 Redirects for Search Engines. Sometimes you may not have mod_rewrite.c or you want an alternative redirect method. Using mod_alias RedirectMatch you can use REGEX in Redirect commands!
Tagged: htaccess, ultimate htaccess | 11 Comments | Continue...
301 Redirect with mod_rewrite or RedirectMatch
301 Redirects using Apache mod_rewrite or RedirectMatch in .htaccess or httpd.conf
Control htaccess Basic Authentication with PHP and mod_rewrite
Control htaccess Basic Authentication with PHP and mod_rewrite
Links to htaccess tutorials and articles
Links to htaccess tutorials and howtos in the htaccess forum
Make phpBB SEO friendly with htaccess
After I optimized the caching for my non-dynamic pages using apache modules mod_headers and mod_expires, I began to learn about phpbb seo..
My Picks
- THE Mod_Rewrite Cheatsheet
- AskApache .bash_profile
- Elite Log Viewing
- THE Ultimate Htaccess
- Intense Windows Speed
- DNS: Round Robin Speed
- Fsockopen: Nuts
- Rsync and SSH
The love of liberty is the love of others; the love of power is the love of ourselves.
-- William Hazlitt
Someone's Reading
Most Popular 100
- HTTP Status Codes and .htaccess ErrorDocuments
- .Htaccess rewrites, Mod_Rewrite Tricks and Tips
- AskApache Password Protection, For WordPress
- Sending POST form data with php CURL
- Ultimate Htaccess Tutorial for .htaccess files
Newest Posts
- 30x Faster WP-Super Cache and Site Speed with TMPFS
- Tips and Tricks for a BASH Power Prompt
- PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG
Tech Topics
- WordPress Plugins
- Google + SEO
- .htaccess Tips and Tricks
- Apache HTTPD
- Computer Security Articles
- Search Engine Experiments
- PHP Programming
- Linux / Unix / BSD
- Shell Scripting
- CSS, DOM, XHTML
- Advanced Shell-Scripting
htaccess Guide
- htaccess tricks for Webmasters
- HTTP Header control with htaccess
- PHP on Apache tips and tricks
- SEO Redirects without mod_rewrite
- mod_rewrite examples, tips, and tricks
- HTTP Caching and Site Speedups
- Authentication on Apache
- htaccess Security Tricks and Tips
- SSL tips and examples
- Variable Fun (mod_env) Section
- .htaccess Security with MOD_SECURITY
- SetEnvIf and SetEnvIfNoCase Examples
Website Speed Tips Series
- Turn On Compression
- Add Future Expires Header
- Add Cache-Control Headers
- Turn Off ETags
- Remove Last-Modified Header
- Use Multiple SubDomains
Donate
Please consider donating to support active development of the free software and articles here.
Good Causes
The power of the Web is in its universality. Access by everyone regardless of disability is an essential aspect. Tim Berners-Lee
It's very simple - you read the protocol and write the code. -Bill Joy
HTML | DCMI | GRDDL | XOXO | XDMP | XFN | DOM | XML | XHTML 1.1 Strict | CSS 2.1 | W3C | TLDP | WAI | DISA | ICSI | GIAC | SANS RR | GHOST | DEFCON | NIST | DHS CYBER | NIST | Phrack | GDB | IEEE | GIT | GNU LIBC
↑ TOPExcept where otherwise noted, content on this site is licensed under a Creative Commons Attribution 3.0 License, just credit with a link.
This site is not supported or endorsed by The Apache Software Foundation (ASF). All software and documentation produced by The ASF is licensed. "Apache" is a trademark of The ASF. HTTPD based on NCSA HTTPd