Search For wordpress/

Recently I started using WordPress. Love the easy add-ons and upgrades, but hate the lousy page load time. Really can't complain too loud 'cause it's free

12 3 4 5 6

Real-Life Htaccess Files from My Server

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | Published on 04/17/2010 |4 Comments »

30x Faster WP-Super Cache Site Speed

NOT a typo.. 30x is measurable, well-documented, and easily tested. This is what open-source is about. I haven’t had time to post much the past year, I’m always working! So I wanted to make up for that by publishing an article on a topic that would blow your mind and be something that you could actually start using and really get some benefit out of it. This is one of those articles that the majority of web hosting companies would love to see in paperback, so they could burn it.

Tags: Advanced, Apache, askapache, Backups, Bandwidth, Boot, Cache, chmod, console, devshm, DreamHost, File System, filesystem, grep, Hard Drive, HowTo, HTTPS SSL, ionice, Linux, memory bandwidth, mysql, Private Server, ram, rsync, Scripts, Security, server, servers, Shell, shell script, SLRAM, SPEED, speed improvements, SSI, stat, SymLinks, tmpfs, trick, Vulnerability, Web Hosting, webhosts, WordPress, WP-Super Cache
Posted in Apache, Cache, DNS, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting, Web Design, Web Hosting, Web Tools, Webmaster, WiredTree, WordPress, WordPress Plugins | Published on 03/18/2010 |7 Comments »

Advanced WordPress wp-config.php Tweaks

The bottom line for this article is that I want to make WordPress as fast, secure, and easy to install, run, and manage because I am using it more and more for client production sites, I will work for days in order to solve an issue so that I never have to spend time on that issue again. Time is money in this industry and that is ultimately (time) what there is to gain by tweaking WordPress.

Note: I spent no time on readability, this is primarily a read the code and figure it out article.. This is for advanced users looking for a reference or discussion and for those of you looking to advance. Feedback would be great if you make it that far..

Tags: 301 Redirect, admin, Advanced, Ajax, Anti-Spam, Apache, askapache, bash, bash_profile, Cache, caching, cheatsheet, chmod, Cookies, CSS, debugging, Elite, encryption, error log, Examples, feed, File Permissions, File System, filesystem, GET, grep, HowTo, Htaccess, HTTP Headers, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Mod_Rewrite cheatsheet, mysql, password, PHP, php.ini, phpinfo, Port, post, Rewrite Tricks, rewritecond, rewriterule, Security, server, Sessions, Shell, Socket, SPEED, SSH, SSI, stat, trick, umask, Username, Web Hosting, WordPress, wp-config.php
Posted in CSS, Cache, Featured, Hacking, Htaccess, Javascript, Linux Unix BSD, Mod_Rewrite, PHP, SEO, Security, Server Administration, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress, WordPress Plugins | Published on 03/03/2010 |5 Comments »

Optimize a Website for Speed, Security, and Easy Management

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | Published on 02/18/2010 |9 Comments »

HTTP Status Codes and .htaccess ErrorDocuments

There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn’t you like to see what all those headers and their output, ErrorDocuments look like?

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, askapache, authorization, Bandwidth, curl, Dig, error log, errordocument, Flash, Forms, GET, Google, Htaccess, HTTP Error, HTTP Headers, HTTP Status Codes, httpd, HTTPS SSL, If-Modified-Since, password, Perl, PHP, phpBB, Port, post, ram, Redirect, Redirection, Request Method, Security, SEO, server, servers, Sniffing, Source Code, SSI, stat, tutorial, Wget, Wireshark, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Server Administration, Web Hosting, Webmaster, WiredTree | Published on 01/04/2010 |22 Comments »

Vetted – Top 3 WordPress Speed Plugins

There are so many WordPress plugins out there now that I wanted to post my favorite 3 plugins for speeding up a WP-Powered blog. These are the 3 plugins that I install for pretty much all of my WP-Powered sites, which I run about 300 now. They work together to provide a very optimized blog for speed.

DB-Cache Reloaded does something entirely different, it saves the mysql queries that are made to the WP-database, as well as the mysql results to static files, and then through php serves those cached-files instead of re-querying the mysql database. Most mysql databases are stored on separate servers, and although many are on the same local network there is a limit to how many queries, and how many connections can take place.

So DB-Cache Reloaded basically makes WP-Super Cache work alot faster when generating the cache files, and DB-Cache Reloaded helps in a number of areas un-related to WP-Super Cache, like in the admin panel. And DB-Cache without WP-Super-Cache is a joke because it still uses the application-level and php for everything. Gotta use both (or just WPSC).

Tags: admin, Apache, askapache, AskApache Crazy Cache, Bandwidth, Bottleneck, Cache, caching, compression, Dig, filesystem, GET, httpd, mysql, Networking, password, PHP, post, Private Server, ram, Scripts, server, servers, SPEED, SSI, stat, Web Hosting, WordPress, WordPress Optimizing, WordPress Plugins, WordPress Speed, WP-Super Cache
Posted in Apache, Cache, Featured, Mod_Rewrite, Review, Server Administration, Web Hosting, Webmaster, WordPress, WordPress Plugins | Published on 11/29/2009 |13 Comments »

Custom bash_profile for Advanced Shell Users

Looking for some advanced uses for the shell? Here is ~~some of~~ my best. The shell is where 70% of my work takes place, and I have at least one terminal open almost 100% of the time, for viewing tailing color-coded logs, and of course for the SSH Tunnels that I use to route various networking through, like my email. So I decided that to standardize and create a bash_profile containing the most time-saving and helpful functions that I could use on all the various hosting environments would really be some sweet sugar, so here is my constant Work-in-progress.

It works for all shells I encounter, including BackTrack, Debian, Knoppix, Arch Linux, etc. Also works for many hosting environments I use including DreamHost, HostGator, WiredTree, and pretty much any linux VPS.

I also rely on this heavily from within shell scripts I write to access all the functions and stuff in this .bash_profile, and to do that I just do like:

#!/bin/bash
 
source ~/.bash_profile &>/dev/nulll
 
pm "PM is a function to output nice messages with color"
yn "Are you enjoying the shell" && pm "Thats great!" || pm "Perhaps you're better suited for DOS"
yn "Show Calendar" && aa_calendar
yn "Show Fortune" && aa_fortune

Tags: .bashrc, 500, admin, Advanced, Apache, askapache, Backups, bash, bash alias, bash_profile, CCZE, chmod, CNAME, Cookies, curl, Dig, DreamHost, Firefox, Forms, GET, Google, GPG, grep, HostGator, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, ionice, iostat, Linux, Networking, Nice, PHP, Port, Prompt, PS1, Python, Redirect, Redirection, Renice, Scripts, server, servers, Shell, shell script, Shell Scripting, Socket, SOCKS, SPEED, SSH, SSI, stat, SymLinks, Ulimit, Web Hosting, Wget, WiredTree, WordPress, wp-config.php, xargs
Posted in Featured, Hacking, Linux Unix BSD, Security, Shell Scripting, Web Hosting | Published on 11/23/2009 |5 Comments »

Firefox Add-ons for Web Developers

Advanced Web Development by AskApache is a Firefox Collection I created since I’m always trying new Addons out and using multiple computers and I wanted a quick and easy way to install my favorite’s and keep a running list. Firebug, YSlow, LastPass, and Web Developer are the only ones I always use regularly.

I like the idea of the last.fm but it’s not as powerful as the site, which is awesome. Lately listening to Kings of Leon Radio…

Tags: 401, 403 Forbidden, 500, Accessibility, Advanced, Ajax, Apache, askapache, Backups, Cache, caching, CommandLine, console, Cookies, CSS, debugging, Dig, DNS, Email, encryption, feed, Firebug, Firefox, Flash, Forms, GET, Gmail, Google, HTTP Headers, HTTPS SSL, Javascript, Login, Networking, Nice, Pagerank, password, Performance, PHP, Port, post, ram, Scripts, Security, SEO, server, servers, SOCKS, Source Code, SPEED, SSH, SSH Tunnels, SSI, stat, tmpfs, trick, Username, Web Development, Wireshark, WordPress, YSlow
Posted in Cache, Firefox, Google, Hacking, Javascript, Making Money, Music, Review, SEO, Security, Web Design, Web Tools, Webmaster, Windows | Published on 10/18/2009 |4 Comments »

Optimizing Servers and Processes for Speed with ionice, nice, ulimit

To prepare for several upcoming articles on AskApache that are focused on optimizing Servers and Sites from a server admin level, here is an article to introduce the main tools that we will be using. These tools are used to optimize CPU time for each process using nice and renice, and other tools like ionice are used to optimize the Disk IO, or Disk speed / Disk traffic for each process. Then you can make sure your mysqld and httpd processes are always fast and prioritized.

Tags: 503, Advanced, Apache, askapache, Backups, Bandwidth, bash, Blocking, Boot, Bottleneck, caching, compression, CPU, CSS, curl, Disk IO, DNS, Examples, feed, fifo, GET, httpd, ionice, iostat, Javascript, Linux, mysql, Nice, Optimization, pagefile, Performance, Perl, PHP, Port, ram, Renice, Round Robin, rsync, Scripts, Security, server, servers, Shell, shell script, Shell Scripting, Socket, SPEED, SSH, SSI, stat, taskset, trick, Ulimit, Web Hosting, WordPress, wp-config.php
Posted in Apache, Cache, Featured, Linux Unix BSD, Review, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster | Published on 10/10/2009 |3 Comments »

Protecting Files with Advanced Mod_Rewrite Anti-Hotlinking

If you have files on your site that you don’t want indexed by malicious search engines, grabbed and leeched by malicious spammers, or stolen and made available elsewhere, you can use mod_rewrite to drastically reduce or totally reduce that activity.

Tags: Advanced, Apache, askapache, Blocking, Cookies, CSS, Firefox, GET, hotlinking, Htaccess, htaccess tutorial, HTTP Headers, Javascript, Mod_Rewrite, ram, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, robots.txt, SEO, server, stat, tutorial, WordPress
Posted in Apache, Apache Modules, Featured, Hacking, Htaccess, Javascript, Linux Unix BSD, Security, Webmaster | Published on 09/16/2009 |1 Comment »

Hire AskApache

Hi there, do you want help with a project (SEO, site/server optimization, setup, wordpress plugin development, other programming, server issues, security issues, etc.) or need some expert consulting? I’m very comfortable working freelance for clients from all across the globe. I enjoy helping good causes or sites/webmasters similar to mine, and I enjoy making new friends and networking. Personally, I love to chat on the phone or instant message with fellow webmasters and web entrepreneurs, and I like networking with like-minded individuals. Once my services are retained we will communicate any way that works best for you.. Billing is pretty…

Tags: Apache, askapache, Email, GET, Htaccess, HTTPS SSL, Mod_Rewrite, Networking, Nice, Optimization, Performance, Port, ram, Rewrite Tricks, Security, SEO, server, SSI, stat, WordPress
Posted in | Published on 09/04/2009 |No Comments »

An AskApache Plugin Upgrade to Rule them All

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

Tags: 401, 404 Not Found, admin, Advanced, Apache, askapache, AskApache Google 404, AskApache Password Protection, ASP, authorization, bash, Cache, Cache-Control, chmod, compression, Cookies, debugging, Dig, Email, errordocument, Etags, Examples, FilesMatch, Fsockopen, GET, Google, Htaccess, htaccess files, htaccess tricks, HTTP Headers, httpd, HTTPS SSL, Javascript, Last-Modified, Logs, mod_include, Mod_Rewrite, Mod_Setenvif, Networking, Nice, password, password protection, Perl, PHP, Port, post, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SSH, SSI, stat, trick, Username, Web Hosting, Wireshark, WordPress, WordPress Plugins, WordPress Security
Posted in Apache, Apache Modules, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Web Hosting, Web Tools, Webmaster, Windows, WordPress, WordPress Plugins | Published on 07/29/2009 |1 Comment »

Mirroring an Entire Site using Rsync over SSH

Sometimes there is an urgent need for creating an exact duplicate or “mirror” of a web site on a separate server. This could be needed for creating Round Robin Setups, Load-Balancing, Failovers, or for just plain vanilla backups. In the past I have used a lot of different methods to copy data from one server to another, including creating an archive of the whole directory and then using scp to send the file over, creating an archive and then encrypting it and then sending that file over using ftp, curl, etc., and my persistence at learning new ways to do things has paid off because now I use rsync to keep an exact replica of the entire directory on an external server, without having to use all the CPU and resources of other mirroring methods.

Tags: admin, Apache, askapache, Backups, Bandwidth, bash, chmod, compression, curl, debugging, DreamHost, Email, encryption, Forms, GET, Gmail, HostGator, HTTPS SSL, Linux, Login, Logs, password, PHP, Port, ram, Round Robin, rsync, Security, server, Shell, shell script, SPEED, SSH, SSH Tunnels, SSI, stat, WordPress
Posted in Apache, Featured, Linux Unix BSD, Security, Shell Scripting, Web Hosting | Published on 04/10/2009 |2 Comments »

AskApache Debug Viewer Plugin for WordPress

The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.

Tags: admin, Ajax, Apache, Apache Modules, askapache, authorization, Cache, chmod, Cookies, debugging, error log, fifo, File Permissions, GET, Htaccess, Login, Nice, password, password protection, PHP, php.ini, phpinfo, Port, post, ram, Rewrite Tricks, Security, server, servers, Socket, SSI, stat, umask, Username, WordPress, WordPress Development
Posted in WordPress, WordPress Plugins | Published on 04/05/2009 |1 Comment »

Advanced Htaccess – SSI, ErrorDocuments, DirectoryIndexing SEO

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site’s error handling to the next level, enhanced ErrorDocuments that go beyond 404′s.

Tags: 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, askapache, AskApache Google 404, ASP, bash, Cache, Cookies, CSS, Dig, Email, errordocument, feed, Firefox, Forms, GET, Google, HowTo, Htaccess, htaccess files, htaccess rewrite, HTTP Headers, HTTP-EQUIV, httpd, HTTPS SSL, Javascript, Linux, mod_include, Nice, password, Perl, PHP, Port, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, SEO, server, Server Side Includes, servers, SetEnvIf, Source Code, SSH, SSI, stat, SymLinks, trick, WordPress
Posted in Apache, Apache Modules, Cache, DNS, DreamHost, Featured, Hacking, Htaccess, Mod_Rewrite, SEO, Security, Web Hosting, Webmaster, WiredTree | Published on 03/09/2009 |1 Comment »

Password Protection Plugin Status

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

Tags: .htaccess plugin, 500, admin, Apache, apache security, askapache, AskApache Password Protection, ASP, authorization, chmod, curl, debugging, Dig, DNS, feed, File Permissions, File System, filesystem, Fsockopen, GET, Hacking, Htaccess, HTTP Headers, httpd, HTTPS SSL, Login, Networking, nsa, password, password protection, PHP, php interpreter, Port, post, ram, Redirect, Robot, robots, Scripts, Security, security reasons, security tips, server, server config, servers, Socket, SSH, SSI, stat, Username, Web Hosting, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, PHP, Security, Web Hosting, WordPress, WordPress Plugins | Published on 03/01/2009 |2 Comments »

The Ultimate Htaccess

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | Published on 01/10/2009 |66 Comments »

Advanced .htaccess Tricks for Securing Sites

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Tags: 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Advanced, Apache, askapache, Cookies, Dig, errordocument, GET, Google, Hacking, Htaccess, htaccess tricks, Htpasswd, httpd, HTTPS SSL, Linux, Login, Mod_Rewrite, password, PHP, phpBB, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, SetEnvIf, Sniffing, SSI, stat, trick, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, Security | Published on 12/19/2008 |7 Comments »

Htaccess SetEnvIf and SetEnvIfNoCase Examples

SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.

Tags: 301 Redirect, 401, 403 Forbidden, Apache, apache ssl, askapache, ASP, authorization, Cache, Cache-Control, caching, Cookies, curl, debugging, Examples, FilesMatch, Fsockopen, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, HTTPS SSL, If-Modified-Since, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, Nice, PHP, Port, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, robots.txt, Scripts, Security, SEO, server, server config, SetEnvIf, Shell, shell script, SPEED, SSI, stat, trick, tutorial, Wget, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Mod_Rewrite, SEO, Server Administration, Webmaster | Published on 12/07/2008 |4 Comments »

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I’m including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Tags: .htaccess plugin, 301 Redirect, 401, 403 Forbidden, admin, Advanced, Anti-Spam, Apache, askapache, ASP, Cache, Cookies, CSS, Dig, Email, errordocument, feed, FilesMatch, Firefox, GET, Hacking, hotlinking, Htaccess, htaccess files, htaccess rewrite, htaccess tricks, Htpasswd, HTTP Headers, httpd, HTTPS SSL, Login, mod_include, Mod_Rewrite, Mod_Security, Mod_Setenvif, password, PDF, PHP, Port, post, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, server, servers, SetEnvIf, Source Code, SSI, stat, SymLinks, trick, WordPress
Posted in Apache, Cache, Featured, Hacking, Htaccess, PHP, SEO, Security, WordPress, WordPress Plugins | Published on 11/22/2008 |39 Comments »

Search Feed
Comments Feed

Search Results

My Picks

Support Freedom or Die

Newest Posts

htaccess Guide

Website Speed Tips Series