Monday, January 4th, 2010
There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn’t you like to see what all those headers and their output, ErrorDocuments look like?
Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, askapache, authorization, Bandwidth, curl, Dig, error log, errordocument, Flash, Forms, GET, Google, Htaccess, HTTP Error, HTTP Headers, HTTP Status Codes, httpd, HTTPS SSL, If-Modified-Since, password, Perl, PHP, phpBB, Port, post, ram, Redirect, Redirection, Request Method, Security, SEO, server, servers, Sniffing, Source Code, SSI, stat, tutorial, Wget, Wireshark, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Server Administration, Web Hosting, Webmaster, WiredTree | 22 Comments »
Saturday, June 13th, 2009
Ever wanted to execute commands on your server through php? Now you can. I’m calling this file (see below) shell.php and it allows you to run commands on your web server with the same permissions that your php executable has.
Tags: 302 Redirect, 403 Forbidden, Ajax, Apache, Apache Htaccess, askapache, Backups, bash, chmod, console, errordocument, Flash, GET, Hacking, Htaccess, htaccess tutorial, HTTP-EQUIV, Javascript, Linux, Login, Mod_Rewrite, password, PHP, Port, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, server, Shell, shell console, shell script, Shell Scripting, SSI, stat, tutorial
Posted in Ajax, DreamHost, Featured, Hacking, Htaccess, Javascript, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster | 15 Comments »
Saturday, January 10th, 2009
Skip this – still under edit
I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!
Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.
Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)
Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »
Friday, December 19th, 2008
This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.
Tags: 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Advanced, Apache, askapache, Cookies, Dig, errordocument, GET, Google, Hacking, Htaccess, htaccess tricks, Htpasswd, httpd, HTTPS SSL, Linux, Login, Mod_Rewrite, password, PHP, phpBB, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, SetEnvIf, Sniffing, SSI, stat, trick, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, Security | 7 Comments »
Wednesday, November 19th, 2008
Unix file permissions are one of the more difficult subjects to grasp.. Well, ok maybe “grasp” isn’t the word.. Master is the right word.. Unix file permissions is a hard topic to fully master, mainly I think because there aren’t many instances when a computer user encounters them. I’ve done a lot of research on it the past couple weeks… and now here’s everything I’ve learned so far.. cuz you guys AskApache Regs Rock!
Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Apache, askapache, ASP, Backups, bash, bash_profile, Cache, chmod, Dig, DreamHost, fifo, File Permissions, File System, filesystem, Fsockopen, GET, Hacking, Htaccess, httpd, Linux, Login, password, Perl, PHP, php.ini, Port, Python, ram, Scripts, Security, server, servers, Sessions, Shell, Socket, Source Code, SSH, SSI, stat, trick, umask, Web Hosting
Posted in Apache, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster | 5 Comments »
Thursday, April 10th, 2008
htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.
Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | 86 Comments »
Saturday, March 29th, 2008
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com
Some of the Ins and Outs of using SSL Connections with Apache.
Tags: 301 Redirect, 302 Redirect, 403 Forbidden, admin, Apache, apache ssl, askapache, authorization, Cache, Cookies, Dig, Elite, Email, encryption, errordocument, Examples, GET, Google, Htaccess, htaccess files, htaccess rewrite, HTTP Status Codes, HTTPS SSL, Login, Logs, Mod_Rewrite, Nice, password, Performance, Perl, Port, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, SEO, server, server config, SPEED, SSI, stat, SymLinks, Username
Posted in Htaccess, Security, Webmaster | 13 Comments »
Saturday, March 15th, 2008
Implementing an effective SEO robots.txt file for WordPress will help your blog to rank higher in Search Engines, receive higher paying relevant Ads, and increase your blog traffic. Get a search robots point of view… Sweet!
Tags: 301 Redirect, 302 Redirect, 404 Not Found, AdSense crawler, Examples, Google, Googlebot, Optimization, Redirect, Rewrite Tricks, Robot, robots, robots.txt, robots.txt SEO, SEO, trick, WordPress, Wordpress robots txt
Posted in Featured, Google, Making Money, SEO, Web Hosting, Webmaster, WordPress | 49 Comments »
Monday, January 7th, 2008
FeedBurner is so RAD! I love it. Here’s an alternative method to redirect scrapers and feed requests to your feedburner url, in my case, I use Branding by feedburner, which is so hot, taking advantage of CNAMEs in your DNS record.
Tags: 302 Redirect, admin, Apache, askapache, feed, FeedBurner, Google, Htaccess, HTTPS SSL, Logs, Mod_Rewrite, PHP, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, server, SSI, WordPress, WordPress Plugins
Posted in Htaccess, SEO, WordPress, WordPress Plugins | 9 Comments »
Wednesday, January 3rd, 2007
.htaccess (Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in the main configuration file. The configuration directives need to be in .htaccess context and the user needs appropriate permissions. Statements such as the following can be used to configure a server to send out customized documents in response to client errors such as “404: Not Found” or server errors such as “503: Service Unavailable” (see List of HTTP status codes): ErrorDocument 404 /error-pages/not-found.html ErrorDocument 503 /error-pages/service-unavailable.html When setting up custom error pages, it is important to remember that…
Tags: 301 Redirect, 302 Redirect, 403 Forbidden, 404 Not Found, 503, Apache, askapache, Bandwidth, cheatsheet, CSS, Elite, errordocument, Examples, File System, GET, hotlinking, HowTo, Htaccess, htaccess files, htaccess tutorial, Htpasswd, HTTP Status Codes, httpd, HTTPS SSL, Javascript, Login, Mod_Rewrite, password, password protection, PHP, Port, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, SEO, server, Server Side Includes, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess
Posted in Apache, Htaccess | No Comments »
Wednesday, January 3rd, 2007
In 2003, Nick Kew released a new module that complements Apache’s mod_proxy and is essential for reverse-proxying. Since then he gets regular questions and requests for help on proxying with Apache. In this article he attempts to give a comprehensive overview of the proxying and mod_proxy_html This article was originally published at ApacheWeek in January 2004, and moved to ApacheTutor with minor updates in October 2006. Web Proxies A proxy server is a gateway for users to the Web at large. Users configure the proxy in their browser settings, and all HTTP requests are routed via the proxy. Proxies are…
Tags: 302 Redirect, Accessibility, admin, Apache, askapache, Bandwidth, Blocking, Cache, caching, compression, Cookies, CSS, debugging, DNS, Email, error log, feed, Forms, GET, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Performance, Perl, PHP, Port, Redirect, Redirection, Rewrite Tricks, Scripts, Security, server, servers, SPEED, SSH Tunnels, SSI, stat
Posted in Apache, Htaccess | 12 Comments »
Tuesday, December 5th, 2006
2 awesome ways to implement caching on your website using Apache .htaccess or httpd.conf. Both methods are extremely simple to set up and will dramatically speed up your site!
Tags: 301 Redirect, 302 Redirect, 401, 500, 503, Accessibility, admin, Apache, askapache, ASP, authorization, Backups, Bandwidth, Cache, Cache Validation, Cache-Control, caching, cheatsheet, ColdFusion, compression, console, Cookies, CSS, debugging, Dig, error log, Etags, Examples, expires header, feed, File System, FilesMatch, Flash, Forms, GET, Htaccess, htaccess files, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, If-Modified-Since, Javascript, Last-Modified, Linux, Logs, Mod_Rewrite, nsa, Optimization, PDF, Performance, Perl, PHP, Port, post, Powweb, Prompt, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, robots.txt, Scripts, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, tutorial, Web Hosting, WordPress, WordPress Speed
Posted in Apache, Htaccess | 13 Comments »
Learn about the 7 different HTTP response codes specifically reserved for redirection. 301, 302, 303, 304, 305, and 307.
Nifty SEO tip to get Search Engine Bots to check your site every hour until you finish working on it and tell them you are finished.
The secrets in this post were really more of enlightening bits of seo wisdom. The secret is how to combine robots.txt with meta robots tags to control pagerank, juice, whatever.