Mod_Security

Posts Tagged ‘Mod_Security’

Real-Life Htaccess Files from My Server

Saturday, April 17th, 2010

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | 4 Comments »

Crazy Advanced Mod_Rewrite Debug Tutorial

Friday, September 11th, 2009

Note: Extremely ILL Content
Find the key to unlocking mod_rewrite and you WILL be sick.. sick with a diamond disease on your wrist!

Tags: 404 Not Found, admin, Advanced, Apache, askapache, Cache, cheatsheet, Cookies, Debug, debugging, Dig, errordocument, feed, FeedBurner, FeedCount, Firefox, GET, HowTo, Htaccess, htaccess rewrite, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Linux, Mod_Rewrite, Mod_Security, Nice, Perl, PHP, Port, post, ram, Redirect, Redirection, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SSI, stat, trick, tutorial
Posted in Apache, Apache Modules, Featured, Htaccess, Linux Unix BSD, Mod_Rewrite, Security, Server Administration, Web Hosting, Webmaster | 23 Comments »

Htaccess SEO Trends by Google

Sunday, March 29th, 2009

htaccess vs. httpd.conf

Tags: Apache, askapache, GET, Google, Htaccess, httpd, httpd.conf, Mod_Rewrite, Mod_Security, Perl, PHP, ram, Rewrite Tricks, Security, SEO, server, servers, stat
Posted in Apache, Google, Htaccess, PHP, SEO | 1 Comment »

The Ultimate Htaccess

Saturday, January 10th, 2009

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »

Htaccess SetEnvIf and SetEnvIfNoCase Examples

Sunday, December 7th, 2008

SetEnv, SetEnvIf, and SetEnvIfNoCase directives conditionally set environment variables accessible by scripts and apache based on HTTP Headers, Variables, and Request information.

Tags: 301 Redirect, 401, 403 Forbidden, Apache, apache ssl, askapache, ASP, authorization, Cache, Cache-Control, caching, Cookies, curl, debugging, Examples, FilesMatch, Fsockopen, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, HTTPS SSL, If-Modified-Since, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, Nice, PHP, Port, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, robots.txt, Scripts, Security, SEO, server, server config, SetEnvIf, Shell, shell script, SPEED, SSI, stat, trick, tutorial, Wget, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Mod_Rewrite, SEO, Server Administration, Webmaster | 5 Comments »

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Saturday, November 22nd, 2008

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I’m including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Tags: .htaccess plugin, 301 Redirect, 401, 403 Forbidden, admin, Advanced, Anti-Spam, Apache, askapache, ASP, Cache, Cookies, CSS, Dig, Email, errordocument, feed, FilesMatch, Firefox, GET, Hacking, hotlinking, Htaccess, htaccess files, htaccess rewrite, htaccess tricks, Htpasswd, HTTP Headers, httpd, HTTPS SSL, Login, mod_include, Mod_Rewrite, Mod_Security, Mod_Setenvif, password, PDF, PHP, Port, post, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, server, servers, SetEnvIf, Source Code, SSI, stat, SymLinks, trick, WordPress
Posted in Apache, Cache, Featured, Hacking, Htaccess, PHP, SEO, Security, WordPress, WordPress Plugins | 39 Comments »

New Version of Password Protection Plugin

Tuesday, August 19th, 2008

4.6 just released…. Check It Out.

Tags: Advanced, Apache, askapache, GET, Htaccess, htaccess files, Htpasswd, Mod_Security, password, password protection, Port, Security, server, WordPress
Posted in WordPress, WordPress Plugins | 10 Comments »

Elite Log File Scrolling with Color Syntax

Saturday, August 9th, 2008

Scrolls the latest log entries for multiple log files to the current screen or to any other monitor or TTY in color using syntax highlighting, making debugging easier and saving a lot of time for multi-monitor workstations.

Tags: Apache, askapache, bash, CCZE, debugging, Elite, error log, Examples, fifo, GET, Htaccess, htaccess files, httpd, Linux, Logs, Mod_Security, Nice, Perl, PHP, php.ini, post, ram, Redirect, Redirection, Renice, Security, server, Shell, Shell History, shell script, SPEED, SSH, SSI, stat, SymLinks, trick, Web Hosting
Posted in Apache, DreamHost, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Web Tools, Webmaster | 4 Comments »

SEO Secrets of AskApache.com

Monday, April 28th, 2008

Learn how in a year, with no previous blogging experience this blog was able to rank so high in search engines and achieve 15,000 unique visitors every day. Uses combination of tricks and tips from throughout AskApache.com for Search Engine Optimization.

Tags: 301 Redirect, 404 Not Found, Advanced, Ajax, Analytics, Apache, askapache, Cache, caching, CSS, error log, errordocument, feed, GET, Google, Google Analytics, grep, Hacking, Htaccess, HTTP Headers, Javascript, Logs, Mod_Rewrite, Mod_Security, Optimization, Pagerank, PHP, Port, post, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Security, SEO, seo secrets, server, servers, Source Code, SSI, stat, trick, tutorial, Web Development, WordPress
Posted in Featured, Google, SEO | 6 Comments »

Mod_Security .htaccess tricks

Wednesday, April 23rd, 2008

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | 8 Comments »

.Htaccess rewrites, Mod_Rewrite Tricks and Tips

Thursday, April 10th, 2008

htaccess rewrite / Mod_Rewrite Tips and Tricks is as glamorous as it sounds! htaccess rewrite mod_rewrite is just possibly one of the most useful Apache modules and features. The ability to rewrite requests internally as well as externally is extremely powerful.

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, Apache Modules, apache ssl, askapache, Bandwidth, Cache, Cache-Control, caching, cheatsheet, code snippets, CSS, Dig, errordocument, Examples, experiments, feed, FeedBurner, Firefox, Flash, GET, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Javascript, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Nice, PDF, Perl, PHP, Port, Redirect, Redirecting URLS, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress
Posted in Apache, Cache, DreamHost, Featured, Htaccess, SEO, Security | 86 Comments »

Fresh .htaccess Examples: Cookies, Variables, Custom Headers

Saturday, March 29th, 2008

Fresh .htaccess code for you! Check out the Cookie Manipulation and environment variable usage with mod_rewrite! I also included a couple Mod_Security .htaccess examples. Enjoy!

Tags: .htaccess examples, 301 Redirect, 500, Apache, askapache, Cookies, DreamHost, Examples, feed, FeedBurner, GET, Htaccess, HTTP Headers, Login, Mod_Rewrite, Mod_Security, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, server, stat
Posted in Apache, DreamHost, Featured, Htaccess, SEO | 7 Comments »

WordPress Plugin for Apache .htaccess Security

Tuesday, January 1st, 2008

gzip’s previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
Now also works for sites running on SSL (PHP version >4.3.0)
Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
Added a *real* check to see if mod_rewrite is installed
Added Modules that remove directoryindexes
Much more on the way..

Tags: 401, 403 Forbidden, admin, Apache, askapache, CSS, debugging, Email, encryption, errordocument, FilesMatch, GET, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Security, password, PDF, PHP, post, Rewrite Tricks, rewritecond, rewriterule, Security, server, stat, WordPress
Posted in Hacking, Security, WordPress Plugins | 1 Comment »

Apache Directives and Modules on DreamHost

Friday, November 23rd, 2007

Apache .htaccess Directives and Loaded Modules allowed on DreamHost Apache Server 2 Setups.

Tags: admin, Apache, askapache, authorization, Bandwidth, Cache, Cache-Control, Dig, DNS, DreamHost, Email, error log, errordocument, Etags, FilesMatch, filesystem, HowTo, Htaccess, HTTP Error, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Linux, Logs, mod_include, Mod_Rewrite, Mod_Security, Mod_Setenvif, mysql, Performance, Port, ram, Redirect, Redirection, Request Method, Rewrite Tricks, Scripts, Security, server, server config, Server Side Includes, servers, SetEnvIf, Shell, Socket, SPEED, SSI, stat, Web Hosting
Posted in Apache, Apache Modules, DreamHost, Htaccess | No Comments »

Apache Variable Fun in htaccess

Tuesday, April 10th, 2007

Server and Environment Variables are used by The Apache HTTP Server by provides a mechanism for storing information. This information can be used to control various operations such as logging or access control.

Tags: 301 Redirect, 401, 403 Forbidden, Advanced, Apache, apache ssl, askapache, ASP, Cache, Cache-Control, caching, Elite, Examples, Firefox, GET, grep, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Logs, mod_include, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, PHP, Port, post, ram, Redirect, Redirection, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, SEO, server, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial
Posted in Apache, Cache, DreamHost, Htaccess, SEO, Security | 3 Comments »

htaccess HTTPS / SSL Tips, Tricks, and Hacks

Tuesday, April 10th, 2007

Apache has the best SSL/HTTPS support and can be controlled by the httpd.conf file or other HTTPD server configuration file. This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and SSL with Apache.

Tags: 301 Redirect, 401, 403 Forbidden, Apache, Apache Htaccess, apache ssl, askapache, authorization, Cache, Cache-Control, caching, Elite, errordocument, Examples, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, httpd, httpd.conf, HTTPS SSL, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Perl, PHP, Port, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, server config, SetEnvIf, SPEED, trick, tutorial
Posted in Apache, DreamHost, Htaccess, Security | 2 Comments »

Security with Apache htaccess Tutorial

Tuesday, April 10th, 2007

Apache Security tips and tricks for securing Apache Web Servers using htaccess, httpd.conf, and other built-in techniques to thwart attackers. This really should be required reading for any Apache admin or user because these little tricks are so easy to do.

Tags: 301 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, Backups, Cache, Cache-Control, caching, chmod, CSS, debugging, errordocument, Examples, FilesMatch, GET, Google, Hacking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, password, Perl, PHP, Port, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, servers, SetEnvIf, Source Code, SPEED, SSI, stat, SymLinks, trick, tutorial, WordPress, wp-config.php
Posted in Apache, DreamHost, Htaccess, Security | 5 Comments »

Apache Authentication in htaccess

Tuesday, April 10th, 2007

How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, admin, Analytics, Apache, Apache Htaccess, apache ssl, askapache, Cache, Cache-Control, caching, CSS, errordocument, Examples, feed, FeedBurner, FilesMatch, Flash, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTPS SSL, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, password, password protection, PDF, PHP, phpinfo, Prompt, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, stat, trick, tutorial, ultimate htaccess, Wget, Wireshark, WordPress
Posted in Apache, DreamHost, Htaccess, Security | 12 Comments »

Speed up your site with Caching and cache-control

Tuesday, April 10th, 2007

Caching with .htaccess and Apache will take your website and your web skills to the next level. This is some technical and advanced methods condensed to simple htaccess code examples for you.

Tags: 301 Redirect, 401, 403 Forbidden, Advanced, Apache, Apache Htaccess, apache ssl, askapache, Cache, Cache-Control, caching, cheatsheet, compression, CSS, Etags, Examples, expires header, FilesMatch, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTPS SSL, Last-Modified, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, PDF, PHP, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, SetEnvIf, SPEED, SSI, trick, tutorial
Posted in Apache, Cache, DreamHost, Htaccess, SEO | 6 Comments »

SEO Redirects without mod_rewrite

Tuesday, April 10th, 2007

Web Professionals use mod_rewrite to issue 301 and 302 Redirects for Search Engines. Sometimes you may not have mod_rewrite.c or you want an alternative redirect method. Using mod_alias RedirectMatch you can use REGEX in Redirect commands!

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, Ajax, Apache, apache ssl, askapache, Cache, Cache-Control, caching, console, curl, DreamHost, Elite, Examples, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTPS SSL, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, PHP, phpBB, post, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, Security, SEO, server, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, ultimate htaccess
Posted in Apache, DreamHost, Htaccess, Mod_Rewrite, SEO | 15 Comments »

Mod_Security

Posts Tagged ‘Mod_Security’

Crazy Advanced Mod_Rewrite Debug Tutorial

Htaccess SEO Trends by Google

Htaccess SetEnvIf and SetEnvIfNoCase Examples

New Version of Password Protection Plugin

Elite Log File Scrolling with Color Syntax

SEO Secrets of AskApache.com

Apache Directives and Modules on DreamHost

Apache Variable Fun in htaccess

Security with Apache htaccess Tutorial

Speed up your site with Caching and cache-control

SEO Redirects without mod_rewrite

My Picks

Support Freedom or Die

Newest Posts

htaccess Guide

Website Speed Tips Series