FREE THOUGHT · FREE SOFTWARE · FREE WORLD

Actual Htaccess Files from My Server

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]

# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login.php).*$ [NC,OR]

# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]

# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]

RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www.askapache.com$ [NC]
RewriteRule .* https://www.askapache.com%{REQUEST_URI} [R=301,L]

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /(wp-admin/.*|wp-login.php.*) HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Htaccess

THE Ultimate Htaccess

htaccess file .htaccess is a very ancient configuration file for web servers, and is one of the most powerful configuration files most webmasters will ever come across. This htaccess guide shows off the very best of the best htaccess tricks and code snippets from hackers and server administrators.

You've come to the right place if you are looking to acquire mad skills for using .htaccess files!

Apache, Hosting, Htaccess, Optimization, Security, SEO, Web Development, WordPress

RewriteCond Cheatsheet

Request to https://www.askapache.com/cg/rewrite-test/?catch=caught&this=that

RewriteCond %{THE_REQUEST} = GET /cgi-bin/php/pro/rewrite-test/?catch=caught&this=that HTTP/1.1
RewriteCond %{REQUEST_URI} = /cg/rewrite-test/?catch=caught&this=that
RewriteCond %{QUERY_STRING} = catch=caught&this=that
RewriteCond %{HTTP_HOST} = www.askapache.com
RewriteCond %{HTTP_USER_AGENT} = Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
RewriteCond %{REMOTE_ADDR} = 8.8.8.8

Htaccess

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

.htaccess security plugin 2

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I'm including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

WordPress

Smart HTTP and HTTPS .htaccess Rewrite

This is freaking sweet if you use SSL I promise you! Basically instead of having to check for HTTPS using a RewriteCond %{HTTPS} =on for every redirect that can be either HTTP or HTTPS, I set an environment variable once with the value "http" or "https" if HTTP or HTTPS is being used for that request, and use that env variable in the RewriteRule.

Htaccess

Redirecting RSS to Feedburner

FeedBurner, the best syndication company in the worldFeedBurner is so RAD! I love it. Here's an alternative method to redirect scrapers and feed requests to your feedburner url, in my case, I use Branding by feedburner, which is so hot, taking advantage of CNAMEs in your DNS record.

Htaccess

Serve Alternate Content based on Time

TIME_DAY Time RewriteCondTime-dependant rewriting uses mod_rewrite and apache server time variables to display different files depending on the time, while the URL stays the same. An often requested implementation of this is to display a different home page or image depending on if its morning, noon, or night.

Htaccess

3 Ways to Serve PDF Files using Htaccess Cookies, Headers, Rewrites

FYI, using the Mod_Rewrite Variables Cheatsheet makes this example, and all advanced .htaccess code easier to understand. This demo lets you set a cookie with 1 of 3 values, then you just request the pdf file with a normal link click and get 1 of 3 different responses. This is accomplished with a nice bit of .htaccess code.

Set PDF Viewing Mode - Make a selection, then click the view pdf button.

Inline Download Save As View PDF using selected mode »

Htaccess

Advanced .htaccess Tricks for Securing Sites

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual "locked gates" that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn't allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Htaccess

Mod_Rewrite Basic Examples

mod_rewrite is very useful in many situations. Yet some behaviors were not so obvious when I started to mess with it. After many testings, I understand it much better, now. Having said that, I do not pretend to know it perfectly. I also make mistakes.

Htaccess

Advanced WordPress wp-config.php Tweaks

The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.

Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..

WordPress

Redirect index.php to root

WordPress blogs show the same duplicate content for https://www.askapache.com/index.php and https://www.askapache.com/. If you've read about using a robots.txt file for WordPress SEO, than you already understand this setup results in Duplicate Content penalties being levied against your Blog and Web Site by Search Engines.

Htaccess

WordPress Plugin for Apache .htaccess Security

Askapache Password Protect Security Features

  1. gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
  2. Now also works for sites running on SSL (PHP version >4.3.0)
  3. Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
  4. Added a *real* check to see if mod_rewrite is installed
  5. Added Modules that remove directoryindexes
  6. Much more on the way..

WordPress

Notes from Apache HTTPD Source Code

thought I'd take a break from coding and post about how open-source is such a great tool for finding the best answers to the toughest questions,

/** is the status code informational */
#define ap_is_HTTP_INFO(x)         (((x) >= 100)&&((x) < 200))
/** is the status code OK ?*/

#define ap_is_HTTP_SUCCESS(x)      (((x) >= 200)&&((x) < 300))
/** is the status code a redirect */
#define ap_is_HTTP_REDIRECT(x)     (((x) >= 300)&&((x) < 400))

/** is the status code a error (client or server) */
#define ap_is_HTTP_ERROR(x)        (((x) >= 400)&&((x) < 600))
/** is the status code a client error  */

#define ap_is_HTTP_CLIENT_ERROR(x) (((x) >= 400)&&((x) < 500))
/** is the status code a server error  */
#define ap_is_HTTP_SERVER_ERROR(x) (((x) >= 500)&&((x) < 600))

/** is the status code a (potentially) valid response code?  */
#define ap_is_HTTP_VALID_RESPONSE(x) (((x) >= 100)&&((x) < 600))

Hacking