Saturday, April 17th, 2010
#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | 4 Comments »
Thursday, February 18th, 2010
Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.
Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | 9 Comments »
Sunday, August 30th, 2009
Web Developers sometimes use file.ext?v=004 as a version control system to force visitors to use updated files. This is terrible. Instead link to apache-003.css and set it to be cached forever. When you change the file you just change the links to apache-004.css. That eliminates millions of bandwidth and resource robbing If-Modified-Since requests. You only need Apache with mod_rewrite, and 1-10 minutes!
Tags: Apache, askapache, Bandwidth, Cache, Cache-Control, caching, Cookies, CSS, GET, Htaccess, HTTP Headers, httpd, httpd.conf, If-Modified-Since, Javascript, Last-Modified, Mod_Rewrite, Redirect, Rewrite Tricks, rewritecond, rewriterule, server, Source Code, SPEED, stat, trick
Posted in Apache, CSS, Cache, DreamHost, Featured, Htaccess, Mod_Rewrite, SEO, Security, Server Administration, Web Design, Web Hosting, Webmaster, XHTML | 3 Comments »
Saturday, January 10th, 2009
Skip this – still under edit
I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!
Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.
Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)
Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »
Wednesday, April 23rd, 2008
Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!
Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | 8 Comments »
Thursday, April 10th, 2008
htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.
Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | 86 Comments »
Tuesday, April 1st, 2008
A WordPress plugin that caches your entire blog for WP-Cache, I love this plugin and finally released it to the public!
Tags: Advanced, Apache, askapache, AskApache Crazy Cache, Cache, Cache-Control, caching, CSS, curl, Fsockopen, GET, Htaccess, Image Sprites, Logs, Mod_Rewrite, post, Rewrite Tricks, server, SPEED, trick, WordPress
Posted in Cache, WordPress, WordPress Plugins | 21 Comments »
Monday, February 4th, 2008
How I was able to preload many flash flv and swf files on one of my clients sites that has a lot of online video and relatively small traffic. Their site visitors would usually watch 3-10 videos per visit and so to make the videos load almost instantly on every page I came up with a way to preload the top 10 .flv files and the swf flv player files as soon as the visitor successfully started watching the 1st video. Of course I also setup .htaccess caching on the server so that once they downloaded the files into their cache they would never request them from the server again. I was having fun with this so its pretty funky and uses some really cool combinations of javascript, swf preloader from xml, css classes to help automate it all..
Tags: 404 Not Found, Ajax, Apache, askapache, Backups, Bandwidth, Boot, Cache, Cache-Control, caching, console, Cookies, CSS, FilesMatch, Flash, Flash Actionscript, Google, Htaccess, HTTP Headers, Javascript, Logs, Mod_Rewrite, mysql, PDF, PHP, preload, ram, Rewrite Tricks, server, Shell, SPEED, SSI, stat, tutorial, Web Development, Wireshark
Posted in Cache, Flash, Htaccess, Web Design | 4 Comments »
Wednesday, January 30th, 2008
Host Google Analytics ga.js file locally for increased speed! Makes web pages load faster.
Tags: Advanced, Analytics, Apache, askapache, Cache, Cache-Control, caching, chmod, curl, Firefox, GET, Google, Google Analytics, Htaccess, HTTPS SSL, Javascript, Logs, Mod_Rewrite, Port, Rewrite Tricks, Scripts, server, Shell, shell script, SPEED, SSI, urchin.js, Web Hosting
Posted in Google, Linux Unix BSD | 8 Comments »
So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.
If you want to pre-load 
A WordPress plugin that caches your entire blog for WP-Cache, I love this plugin and finally released it to the public!
This article shows how to save and modify php session data, cookies, do anything really… without using ajax or iframes or forcing the user make a request.
Learn about the 7 different HTTP response codes specifically reserved for redirection. 301, 302, 303, 304, 305, and 307.
If you desire SPEED from your WordPress blog, the #1 speed improvement comes from using the WP-Cache Plugin. If you still desire SPEED after installing the Plugin, you can modify the WP-Cache Plugin code to make your blog even faster!
Using Cache-Control headers you can specify which types of proxies can cache certain content, and how long files should be cached.
If you have a Powweb Webhosting account, you will appreciate this simple skeleton .htaccess file for use on their systems.