password protection

Posts Tagged ‘password protection’

Real-Life Htaccess Files from My Server

Saturday, April 17th, 2010

#### No https except to wp-admin -
# If the request is empty ( implies fopen or normal file access by a php script )
RewriteCond %{THE_REQUEST} ^$ [OR]
 
# OR if the request if for wp-admin or wp-login.php
RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-login\.php).*$ [NC,OR]
 
# OR if the Referer is https
RewriteCond %{HTTP_REFERER} ^https://www.askapache.com/.*$ [NC]
 
# THEN skip the following rule, basically all this does is force https or badhost to be redirected
# BUT because of the above 3 rewritecond's, this won't break poorly written admin scripts
RewriteRule .* - [S=1]
 
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
RewriteRule .* http://www.askapache.com%{REQUEST_URI} [R=301,L]
 
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /(wp-admin/.*|wp-login\.php.*)\ HTTP/ [NC]
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

Tags: AddHandler, Apache, Backups, Block IP, Cache-Control, cheatsheets, developers, errordocument, etag, htaccess tricks, http cookie, indexes, Mod_Security, open source, password protection, real world, rewritecond, rewriterule, Source Code
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Server Administration, Web Hosting, Webmaster | 4 Comments »

Optimize a Website for Speed, Security, and Easy Management

Thursday, February 18th, 2010

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | 9 Comments »

An AskApache Plugin Upgrade to Rule them All

Wednesday, July 29th, 2009

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

Tags: 401, 404 Not Found, admin, Advanced, Apache, askapache, AskApache Google 404, AskApache Password Protection, ASP, authorization, bash, Cache, Cache-Control, chmod, compression, Cookies, debugging, Dig, Email, errordocument, Etags, Examples, FilesMatch, Fsockopen, GET, Google, Htaccess, htaccess files, htaccess tricks, HTTP Headers, httpd, HTTPS SSL, Javascript, Last-Modified, Logs, mod_include, Mod_Rewrite, Mod_Setenvif, Networking, Nice, password, password protection, Perl, PHP, Port, post, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SSH, SSI, stat, trick, Username, Web Hosting, Wireshark, WordPress, WordPress Plugins, WordPress Security
Posted in Apache, Apache Modules, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Web Hosting, Web Tools, Webmaster, Windows, WordPress, WordPress Plugins | 1 Comment »

AskApache Debug Viewer Plugin for WordPress

Sunday, April 5th, 2009

The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.

Tags: admin, Ajax, Apache, Apache Modules, askapache, authorization, Cache, chmod, Cookies, debugging, error log, fifo, File Permissions, GET, Htaccess, Login, Nice, password, password protection, PHP, php.ini, phpinfo, Port, post, ram, Rewrite Tricks, Security, server, servers, Socket, SSI, stat, umask, Username, WordPress, WordPress Development
Posted in WordPress, WordPress Plugins | 1 Comment »

Password Protection Plugin Status

Sunday, March 1st, 2009

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

Tags: .htaccess plugin, 500, admin, Apache, apache security, askapache, AskApache Password Protection, ASP, authorization, chmod, curl, debugging, Dig, DNS, feed, File Permissions, File System, filesystem, Fsockopen, GET, Hacking, Htaccess, HTTP Headers, httpd, HTTPS SSL, Login, Networking, nsa, password, password protection, PHP, php interpreter, Port, post, ram, Redirect, Robot, robots, Scripts, Security, security reasons, security tips, server, server config, servers, Socket, SSH, SSI, stat, Username, Web Hosting, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, PHP, Security, Web Hosting, WordPress, WordPress Plugins | 2 Comments »

The Ultimate Htaccess

Saturday, January 10th, 2009

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »

New Version of Password Protection Plugin

Tuesday, August 19th, 2008

4.6 just released…. Check It Out.

Tags: Advanced, Apache, askapache, GET, Htaccess, htaccess files, Htpasswd, Mod_Security, password, password protection, Port, Security, server, WordPress
Posted in WordPress, WordPress Plugins | 10 Comments »

Mod_Security .htaccess tricks

Wednesday, April 23rd, 2008

Mod_Security rivals Mod_Rewrite in the amount of features it provides. I decided to go ahead and post what I learned about it today, even though its tough to give away such awesome htaccess and apache tricks.. Learn how to control spam once and for all, conditionally log/deny/allow/redirect requests based on IP, username, etc.. Mod_Security is so fine!

Tags: 301 Redirect, 401, 403 Forbidden, 500, 503, admin, Ajax, Apache, apache ssl, askapache, authorization, Bandwidth, Cache, Cache-Control, caching, Cookies, debugging, DreamHost, Email, error log, errordocument, Examples, FilesMatch, GET, Hacking, Htaccess, htaccess files, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Login, Logs, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, nsa, password, password protection, Perl, PHP, Port, post, Prompt, ram, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scanners, Security, SEO, server, servers, SetEnvIf, Shell, SPEED, SSI, stat, trick, tutorial, Username, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Htaccess, Security, Web Hosting, Webmaster | 8 Comments »

AskApache Password Protection, For WordPress

Saturday, March 29th, 2008

AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving scripts.

Tags: 403 Forbidden, admin, Apache, askapache, AskApache Password Protection, Backups, File Permissions, GET, Hacking, Htaccess, htaccess files, Htpasswd, Login, Logs, Nice, password, password protection, PHP, phpBB, ram, Robot, robots, Scripts, Security, server, servers, SPEED, SSI, stat, Username, WordPress
Posted in Apache, Hacking, PHP, Security, WordPress, WordPress Plugins | 100 Comments »

Update: AskApache Password Protect Plugin

Thursday, February 7th, 2008

WordPress plugin gives you control over HTTP Basic Authentication for your WordPress blog which among other things, stops most automated hacking attempts and exploits being attempted, cutting down on the number of requests, connections, and mysql queries for all WordPress blogs on the Internet.

Tags: Apache, askapache, AskApache Password Protection, encryption, Hacking, Htaccess, Htpasswd, httpd, HTTPS SSL, Logs, mysql, password, password protection, PHP, Port, Prompt, Security, server, servers, WordPress, WordPress Security
Posted in WordPress Plugins | 14 Comments »

Troubleshooting Apache .htaccess Authentication

Saturday, August 18th, 2007

Apache Web Server users have problems getting Apache Authentication/password-protection in htaccess working, this is a troubleshooting guide to get Password Protection working!

Tags: Apache, Apache Htaccess, askapache, ASP, authorization, Cache, chmod, Dig, Elite, encryption, Examples, GET, HowTo, Htaccess, htaccess files, htaccess tutorial, Htpasswd, httpd, httpd.conf, HTTPS SSL, Linux, password, password protection, PHP, Port, post, Prompt, ram, Robot, robots, Security, server, Shell, Socket, SSH Tunnels, stat, tutorial, wp-config.php
Posted in Apache, Apache Modules, DreamHost, Htaccess, Linux Unix BSD, Mod_Rewrite, Security, Server Administration | 3 Comments »

Apache Authentication in htaccess

Tuesday, April 10th, 2007

How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, admin, Analytics, Apache, Apache Htaccess, apache ssl, askapache, Cache, Cache-Control, caching, CSS, errordocument, Examples, feed, FeedBurner, FilesMatch, Flash, GET, Google, Hacking, Htaccess, htaccess guide, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTPS SSL, Login, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, password, password protection, PDF, PHP, phpinfo, Prompt, Redirect, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SPEED, stat, trick, tutorial, ultimate htaccess, Wget, Wireshark, WordPress
Posted in Apache, DreamHost, Htaccess, Security | 12 Comments »

htaccess rewrite, htaccess

Tuesday, April 3rd, 2007

Comprehensive .htaccess example file with advanced examples in 1 htaccess sample skeleton .htaccess file with the very best apache htaccess examples… Updated frequently based on detailed info from the Apache htaccess tutorial.

Tags: 301 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Apache, Apache Htaccess, apache ssl, askapache, bash, Cache, Cache-Control, caching, CSS, Elite, errordocument, Examples, FilesMatch, Flash, GET, Google, Hacking, hotlinking, Htaccess, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Headers, HTTP-EQUIV, httpd, HTTPS SSL, Javascript, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Optimization, password, password protection, PDF, Perl, PHP, php.ini, Port, post, Prompt, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, server config, servers, SetEnvIf, SPEED, SSI, stat, SymLinks, trick, tutorial, Username, WordPress
Posted in Apache, Cache, DreamHost, Htaccess, SEO, Security, Webmaster | 10 Comments »

.htaccess – Wikipedia

Wednesday, January 3rd, 2007

.htaccess (Hypertext Access) is the default name of Apache’s directory-level configuration file. It provides the ability to customize configuration directives defined in…

Tags: 301 Redirect, 302 Redirect, 403 Forbidden, 404 Not Found, 503, Apache, askapache, Bandwidth, cheatsheet, CSS, Elite, errordocument, Examples, File System, GET, hotlinking, HowTo, Htaccess, htaccess files, htaccess tutorial, Htpasswd, HTTP Status Codes, httpd, HTTPS SSL, Javascript, Login, Mod_Rewrite, password, password protection, PHP, Port, post, Prompt, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, SEO, server, Server Side Includes, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess
Posted in Apache, Htaccess | No Comments »

Links to htaccess tutorials and articles

Wednesday, November 8th, 2006

Links to htaccess tutorials and howtos in the htaccess forum

Tags: 401, admin, Apache, Bandwidth, Cache, Cache-Control, caching, CNAME, debugging, Elite, Email, error log, errordocument, Etags, Examples, FilesMatch, Flash, GET, Google, hotlinking, HowTo, Htaccess, htaccess files, htaccess tutorial, HTTP Headers, HTTP Status Codes, HTTPS SSL, Login, Mod_Rewrite, Optimization, password, password protection, Perl, PHP, php.ini, phpBB, Redirect, Redirection, Rewrite Tricks, rewritecond, Robot, robots, Scripts, Security, SEO, server, SetEnvIf, Shell, shell script, SPEED, SSI, stat, trick, tutorial, Web Hosting
Posted in Apache, Htaccess | No Comments »

password protection

Posts Tagged ‘password protection’

An AskApache Plugin Upgrade to Rule them All

New Version of Password Protection Plugin

Update: AskApache Password Protect Plugin

Troubleshooting Apache .htaccess Authentication

htaccess rewrite, htaccess

My Picks

Support Freedom or Die

Newest Posts

htaccess Guide

Website Speed Tips Series