Htpasswd

Posts Tagged ‘Htpasswd’

Optimize a Website for Speed, Security, and Easy Management

Thursday, February 18th, 2010

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | 9 Comments »

Custom bash_profile for Advanced Shell Users

Monday, November 23rd, 2009

Looking for some advanced uses for the shell? Here is ~~some of~~ my best. The shell is where 70% of my work takes place, and I have at least one terminal open almost 100% of the time, for viewing tailing color-coded logs, and of course for the SSH Tunnels that I use to route various networking through, like my email. So I decided that to standardize and create a bash_profile containing the most time-saving and helpful functions that I could use on all the various hosting environments would really be some sweet sugar, so here is my constant Work-in-progress.

It works for all shells I encounter, including BackTrack, Debian, Knoppix, Arch Linux, etc. Also works for many hosting environments I use including DreamHost, HostGator, WiredTree, and pretty much any linux VPS.

I also rely on this heavily from within shell scripts I write to access all the functions and stuff in this .bash_profile, and to do that I just do like:

#!/bin/bash
 
source ~/.bash_profile &>/dev/nulll
 
pm "PM is a function to output nice messages with color"
yn "Are you enjoying the shell" && pm "Thats great!" || pm "Perhaps you're better suited for DOS"
yn "Show Calendar" && aa_calendar
yn "Show Fortune" && aa_fortune

Tags: .bashrc, 500, admin, Advanced, Apache, askapache, Backups, bash, bash alias, bash_profile, CCZE, chmod, CNAME, Cookies, curl, Dig, DreamHost, Firefox, Forms, GET, Google, GPG, grep, HostGator, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, ionice, iostat, Linux, Networking, Nice, PHP, Port, Prompt, PS1, Python, Redirect, Redirection, Renice, Scripts, server, servers, Shell, shell script, Shell Scripting, Socket, SOCKS, SPEED, SSH, SSI, stat, SymLinks, Ulimit, Web Hosting, Wget, WiredTree, WordPress, wp-config.php, xargs
Posted in Featured, Hacking, Linux Unix BSD, Security, Shell Scripting, Web Hosting | 6 Comments »

The Ultimate Htaccess

Saturday, January 10th, 2009

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »

Advanced .htaccess Tricks for Securing Sites

Friday, December 19th, 2008

This is all new, experimental, and very very cool. It literally uses .htaccess techniques to create several virtual “locked gates” that require a specific key to unlock, in a specific order that cannot be bypassed. It uses whitelisting .htaccess tricks to specify exactly what is allowed, instead of trying to specify everything that isn’t allowed. Also, by setting specific cookies/tokens after successfully passing through a gate, we can then require the exact cookie/token from the previous gate, which stops an attacker from skipping or bypassing gates.

Tags: 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Advanced, Apache, askapache, Cookies, Dig, errordocument, GET, Google, Hacking, Htaccess, htaccess tricks, Htpasswd, httpd, HTTPS SSL, Linux, Login, Mod_Rewrite, password, PHP, phpBB, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, SetEnvIf, Sniffing, SSI, stat, trick, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, Security | 7 Comments »

Htaccess SetEnvIf and SetEnvIfNoCase Examples

Sunday, December 7th, 2008

SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.

Tags: 301 Redirect, 401, 403 Forbidden, Apache, apache ssl, askapache, ASP, authorization, Cache, Cache-Control, caching, Cookies, curl, debugging, Examples, FilesMatch, Fsockopen, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, HTTPS SSL, If-Modified-Since, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, Nice, PHP, Port, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, robots.txt, Scripts, Security, SEO, server, server config, SetEnvIf, Shell, shell script, SPEED, SSI, stat, trick, tutorial, Wget, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Mod_Rewrite, SEO, Server Administration, Webmaster | 5 Comments »

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Saturday, November 22nd, 2008

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I’m including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Tags: .htaccess plugin, 301 Redirect, 401, 403 Forbidden, admin, Advanced, Anti-Spam, Apache, askapache, ASP, Cache, Cookies, CSS, Dig, Email, errordocument, feed, FilesMatch, Firefox, GET, Hacking, hotlinking, Htaccess, htaccess files, htaccess rewrite, htaccess tricks, Htpasswd, HTTP Headers, httpd, HTTPS SSL, Login, mod_include, Mod_Rewrite, Mod_Security, Mod_Setenvif, password, PDF, PHP, Port, post, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, server, servers, SetEnvIf, Source Code, SSI, stat, SymLinks, trick, WordPress
Posted in Apache, Cache, Featured, Hacking, Htaccess, PHP, SEO, Security, WordPress, WordPress Plugins | 39 Comments »

New Version of Password Protection Plugin

Tuesday, August 19th, 2008

4.6 just released…. Check It Out.

Tags: Advanced, Apache, askapache, GET, Htaccess, htaccess files, Htpasswd, Mod_Security, password, password protection, Port, Security, server, WordPress
Posted in WordPress, WordPress Plugins | 10 Comments »

Mod_Security .htaccess tricks

Wednesday, April 23rd, 2008

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | 8 Comments »

.Htaccess rewrites, Mod_Rewrite Tricks and Tips

Thursday, April 10th, 2008

htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | 86 Comments »

AskApache Password Protection, For WordPress

Saturday, March 29th, 2008

AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.

Tags: 403 Forbidden, admin, Apache, askapache, AskApache Password Protection, Backups, File Permissions, GET, Hacking, Htaccess, htaccess files, Htpasswd, Login, Logs, Nice, password, password protection, PHP, phpBB, ram, Robot, robots, Scripts, Security, server, servers, SPEED, SSI, stat, Username, WordPress
Posted in Apache, Hacking, PHP, Security, WordPress, WordPress Plugins | 100 Comments »

PHP Sessions/Cookies On The Fly

Friday, March 28th, 2008

This article shows how to save and modify php session data, cookies, do anything really… without using ajax or iframes or forcing the user make a request.

Tags: admin, Advanced, Ajax, Apache, askapache, Cache, Cache-Control, caching, Cookies, Firefox, GET, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, Javascript, Last-Modified, Linux, Mod_Rewrite, PHP, Port, post, ram, Redirect, Rewrite Tricks, rewriterule, server, Sessions, SSI, stat, Web Development, WordPress
Posted in Ajax, Apache, Featured, Htaccess, Javascript, PHP, Security | 2 Comments »

Faster POST and GET Form Submissions… Shazam

Tuesday, February 12th, 2008

Just a very brief look at speeding up form submission by delegating the processing and bandwidth to your server, not your client.

Tags: Ajax, Apache, askapache, Blocking, Bottleneck, Cookies, CSS, curl, Dig, Email, FilesMatch, Forms, Fsockopen, GET, Gmail, Htpasswd, HTTP Headers, Login, password, PDF, PHP, Port, post, Putty, ram, Redirect, server, Snoopy, Socket, SPEED, SSI, stat, trick, Username, Web Hosting
Posted in Cache, Featured, Linux Unix BSD, PHP, Server Administration, Web Design, Web Hosting, Web Tools, Webmaster | 1 Comment »

Update: AskApache Password Protect Plugin

Thursday, February 7th, 2008

WordPress plugin gives you control over HTTP Basic Authentication for your WordPress blog which among other things, stops most automated hacking attempts and exploits being attempted, cutting down on the number of requests, connections, and mysql queries for all WordPress blogs on the Internet.

Tags: Apache, askapache, AskApache Password Protection, encryption, Hacking, Htaccess, Htpasswd, httpd, HTTPS SSL, Logs, mysql, password, password protection, PHP, Port, Prompt, Security, server, servers, WordPress, WordPress Security
Posted in WordPress Plugins | 14 Comments »

Log all .htaccess/.htpasswd logins

Tuesday, January 29th, 2008

Learn how to log and debug usernames and passwords used to login to a htaccess basic authorization protected website using php. This article is BOSS and will show you how to fully take control of this aspect of security using php and .htaccess, I don’t believe you will find instructions to do this anywhere else on the net.

Tags: 401, admin, Apache, askapache, ASP, authorization, debugging, DreamHost, errordocument, GET, HowTo, Htaccess, Htpasswd, httpd, Login, password, PHP, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, Source Code, stat, Username
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting | 7 Comments »

Skeleton .htaccess file for Powweb Hosting

Friday, January 11th, 2008

If you have a Powweb Webhosting account, you will appreciate this simple skeleton .htaccess file for use on their systems.

Tags: 301 Redirect, 401, 403 Forbidden, 404 Not Found, 500, admin, Apache, askapache, Cache, Cache-Control, caching, CSS, DreamHost, errordocument, Examples, feed, FilesMatch, Flash, GET, Google, Htaccess, Htpasswd, HTTP Headers, Mod_Rewrite, Mod_Setenvif, Optimization, PDF, PHP, Powweb, Redirect, Rewrite Tricks, rewritecond, rewriterule, server, servers, SetEnvIf, tutorial, Web Hosting, WordPress
Posted in Apache, Htaccess, SEO, Security, Web Hosting, Webmaster | No Comments »

WordPress Plugin for Apache .htaccess Security

Tuesday, January 1st, 2008

gzip’s previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
Now also works for sites running on SSL (PHP version >4.3.0)
Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
Added a *real* check to see if mod_rewrite is installed
Added Modules that remove directoryindexes
Much more on the way..

Tags: 401, 403 Forbidden, admin, Apache, askapache, CSS, debugging, Email, encryption, errordocument, FilesMatch, GET, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Security, password, PDF, PHP, post, Rewrite Tricks, rewritecond, rewriterule, Security, server, stat, WordPress
Posted in Hacking, Security, WordPress Plugins | 1 Comment »

Troubleshooting Apache .htaccess Authentication

Saturday, August 18th, 2007

Apache Web Server users have problems getting Apache Authentication/password-protection in htaccess working, this is a troubleshooting guide to get Password Protection working!

Tags: Apache, Apache Htaccess, askapache, ASP, authorization, Cache, chmod, Dig, Elite, encryption, Examples, GET, HowTo, Htaccess, htaccess files, htaccess tutorial, Htpasswd, httpd, httpd.conf, HTTPS SSL, Linux, password, password protection, PHP, Port, post, Prompt, ram, Robot, robots, Security, server, Shell, Socket, SSH Tunnels, stat, tutorial, wp-config.php
Posted in Apache, Apache Modules, DreamHost, Htaccess, Linux Unix BSD, Mod_Rewrite, Security, Server Administration | 3 Comments »

Apache Variable Fun in htaccess

Tuesday, April 10th, 2007

Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.

Tags: 301 Redirect, 401, 403 Forbidden, Advanced, Apache, apache ssl, askapache, ASP, Cache, Cache-Control, caching, Elite, Examples, Firefox, GET, grep, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Logs, mod_include, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, PHP, Port, post, ram, Redirect, Redirection, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, SEO, server, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial
Posted in Apache, Cache, DreamHost, Htaccess, SEO, Security | 3 Comments »

htaccess HTTPS / SSL Tips, Tricks, and Hacks

Tuesday, April 10th, 2007

Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.

Tags: 301 Redirect, 401, 403 Forbidden, Apache, Apache Htaccess, apache ssl, askapache, authorization, Cache, Cache-Control, caching, Elite, errordocument, Examples, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Perl, PHP, Port, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, server config, SetEnvIf, SPEED, trick, tutorial
Posted in Apache, DreamHost, Htaccess, Security | 2 Comments »

Security with Apache htaccess Tutorial

Tuesday, April 10th, 2007

Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.

Tags: 301 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, Backups, Cache, Cache-Control, caching, chmod, CSS, debugging, errordocument, Examples, FilesMatch, GET, Google, Hacking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, password, Perl, PHP, Port, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, servers, SetEnvIf, Source Code, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress, wp-config.php
Posted in Apache, DreamHost, Htaccess, Security | 5 Comments »

Htpasswd

Posts Tagged ‘Htpasswd’

Custom bash_profile for Advanced Shell Users

Htaccess SetEnvIf and SetEnvIfNoCase Examples

New Version of Password Protection Plugin

PHP Sessions/Cookies On The Fly

Update: AskApache Password Protect Plugin

Skeleton .htaccess file for Powweb Hosting

Troubleshooting Apache .htaccess Authentication

Apache Variable Fun in htaccess

Security with Apache htaccess Tutorial

My Picks

Support Freedom or Die

Newest Posts

htaccess Guide

Website Speed Tips Series