servers

Posts Tagged ‘servers’

PHP Session File Hacks

Thursday, June 24th, 2010

What they say about kung-fu is true..

It can be attained by anyone through hard work over time. You can become as good as the amount of work you put in. Here’s a short look at a basic technique that I use. Simply reverse engineering the source code and taking notes along the way…

static void php_session_send_cookie(TSRMLS_D)
  if (SG(headers_sent)) {
          if (output_start_filename) {
                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent by (output started at %s:%d)",
                          output_start_filename, output_start_lineno);
          } else {
                  php_error_docref(NULL TSRMLS_CC, E_WARNING, "Cannot send session cookie - headers already sent");
          }
          return;
  }
 
  /* URL encode session_name and id because they might be user supplied */
  e_session_name = php_url_encode(PS(session_name), strlen(PS(session_name)), NULL);

Tags: Cache, Cookies, Examples, GET, HTTP Headers, Nice, Perl, PHP, php.ini, Port, ram, Security, server, servers, Sessions, Shell, shell script, SSI, stat, umask, xargs
Posted in Apache, DreamHost, Featured, Hacking, Linux Unix BSD, PHP, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster, WiredTree, WordPress | 2 Comments »

Crazy POWERFUL Bash Prompt

Tuesday, May 25th, 2010

This amazing bash linux prompt does more than meets the eye. If you want to know how to become really good with technology, linux is the secret sauce behind the AskApache articles. Open Source is elixir of the web. Thanks to everyone who helped me for the past 20 years. I use linux/bsd because homey don’t play, so this is geared to be as productive a prompt as I can make it.

Don’t have much time.. or just don’t care? Not a problem, here are the 3 lines to copy and paste – you can just paste them right in your shell to test it, or add to a startup script.

export AA_P="export PVE=\"\\033[m\\033[38;5;2m\"\$(( \`sed -n \"s/MemFree:[\\t ]\\+\\([0-9]\\+\\) kB/\\1/p\" /proc/meminfo\` / 1024 ))\"\\033[38;5;22m/\"\$((\`sed -n \"s/MemTotal:[\\t ]\\+\\([0-9]\\+\\) kB/\\1/p\" /proc/meminfo\`/ 1024 ))MB\"\\t\\033[m\\033[38;5;55m\$(< /proc/loadavg)\\033[m\";echo -en \"\""
export PROMPT_COMMAND="history -a;((\$SECONDS % 10==0 ))&&eval \"\$AA_P\";echo -en \"\$PVE\";"
export PS1="\\[\\e[m\\n\\e[1;30m\\][\$\$:\$PPID \\j:\\!\\[\\e[1;30m\\]]\\[\\e[0;36m\\] \\T \\d \\[\\e[1;30m\\][\\[\\e[1;34m\\]\\u@\\H\\[\\e[1;30m\\]:\\[\\e[0;37m\\]\${SSH_TTY} \\[\\e[0;32m\\]+\${SHLVL}\\[\\e[1;30m\\]] \\[\\e[1;37m\\]\\w\\[\\e[0;37m\\] \\n(\$SHLVL:\\!)\\\$ " && eval $AA_P

Tags: .bashrc, 404 Not Found, admin, Advanced, Apache, askapache, bash, bash_profile, CommandLine, Dig, Examples, Forms, GET, grep, HowTo, Kung-Fu, Linux, Login, mysql, Port, Prompt, PROMPT_COMMAND, PS1, Putty, ram, Redirect, server, servers, Shell, Shell History, SPEED, SSH, SSI, stat, trick, Username, Web Hosting
Posted in Apache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Making Money, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster, WiredTree | 8 Comments »

Questions I Ask Web Hosting Companies, Before Buying

Sunday, April 25th, 2010

The following is a transcript of a chat I had with a company called tektonic, and at that time I was looking for a cheap linux host to use for some redundancy/failover operations. I generally contact a new hosting company like this every few months.. I like to have options available in case of some kind of failure or network attack, so it’s always a good idea to have a few ace linux servers in your back pocket.

If you’ve read any other articles on AskApache, you can see a certain obsession towards optimization, speed, and security — so that is the purpose of the following questions.

Tags: askapache, DreamHost, Examples, Hosting, Linux, Powweb, server, servers, tutorial, VPS, Web Hosts, WiredTree
Posted in DreamHost, Featured, Linux Unix BSD, Making Money, Review, Security, Server Administration, Web Design, Web Hosting, Webmaster, WiredTree | 7 Comments »

30x Faster WP-Super Cache Site Speed

Thursday, March 18th, 2010

NOT a typo.. 30x is measurable, well-documented, and easily tested. This is what open-source is about. I haven’t had time to post much the past year, I’m always working! So I wanted to make up for that by publishing an article on a topic that would blow your mind and be something that you could actually start using and really get some benefit out of it. This is one of those articles that the majority of web hosting companies would love to see in paperback, so they could burn it.

Tags: Advanced, Apache, askapache, Backups, Bandwidth, Boot, Cache, chmod, console, devshm, DreamHost, File System, filesystem, grep, Hard Drive, HowTo, HTTPS SSL, ionice, Linux, memory bandwidth, mysql, Private Server, ram, rsync, Scripts, Security, server, servers, Shell, shell script, SLRAM, SPEED, speed improvements, SSI, stat, SymLinks, tmpfs, trick, Vulnerability, Web Hosting, webhosts, WordPress, WP-Super Cache
Posted in Apache, Cache, DNS, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Server Administration, Shell Scripting, Web Design, Web Hosting, Web Tools, Webmaster, WiredTree, WordPress, WordPress Plugins | 7 Comments »

PortaPutty Auto-Reconnecting SSH Tunnels on an Encrypted TrueCrypt Portable USB Key w GPG

Tuesday, February 23rd, 2010

Ok I just came back up to write the intro.. I’m trying to keep it short to avoid getting bogged down by the coolness of each step. Here is what goes on. When I logon to my XP machine at work, I bring my usb key and plug it in first. On logging a window pops up first and it’s a password prompt to mount my encrypted drive leonardo. It also checks a keyfile that is located on my usb key, but all I do now is type in my password. That causes my encrypted folder to be accessible to me like a normal drive, and it autoruns a startup batch file.

The batch file causes Portable versions of Firefox (all my bookmarks, my settings) to load, and launches Portable Mozilla Thunderbird (IMAP makes this work well), which is my favorite program (great GPG features and open-source!). Also Some Adobe CS4 software is loaded from the hard drive, like DreamWeaver. In the background, a service we created executes a PortaPuttY plink command to create forwarded tunnels from various remote servers and accounts, all using key-based encryption. These tunnels are automatically reconnected if they are disconnected, meaning you can use a socks 5 if you want or even better!

Part 1 of 5

Tags: 401, Apache, askapache, ASP, Backups, Bandwidth, bash, bash_profile, Boot, compression, curl, Defrag, Email, encryption, filesystem, Firefox, Flash, GET, Google, GPG, Hard Drive, ionice, Linux, Login, Nice, PageDefrag, password, Performance, Pipelining, Plink, Port, post, Prompt, Putty, ram, rsync, Security, server, servers, Shell, SOCKS, SPEED, SSH, SSH Tunnels, SSI, stat, trick, TrueCrupt, tutorial, USB Drives
Posted in Apache, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Making Money, Security, Web Design, Web Hosting, Web Tools, Webmaster, WiredTree | 7 Comments »

Optimize a Website for Speed, Security, and Easy Management

Thursday, February 18th, 2010

Learn how to setup, configure, secure, optimize, and create a low-maintenance website the AskApache way. I’m piecing together all the hacks, tricks, methods, and ideas discussed throughout this blog and all across Netdom and glueing them all together to show you how to have the most optimized, crazy fastest, and best website setup I can think of.

Tags: 301 Redirect, admin, Advanced, Ajax, Apache, apache server, askapache, Backups, Bandwidth, bleeding edge, blog, Cache, Cache-Control, caching, ColdFusion, compression, CSS, Dig, DNS, errordocument, Etags, Examples, expires header, feed, File Permissions, Flash, GET, Hacking, hacks, Htaccess, htaccess files, Htpasswd, HTTP Error, HTTP Headers, HTTP Status Codes, HTTPS SSL, Javascript, Linux, Login, Logs, Mod_Rewrite, Optimization, optimizations, optimized website, password, password protection, PDF, Performance, PHP, php.ini, Port, post, ram, real deal, Redirect, Redirection, Rewrite Tricks, Robot, robots, robots.txt, Scripts, search and replace, Security, server, server config, servers, SPEED, SSI, stat, SymLinks, trial and error, trick, Web Development, Web Hosting, web server, WordPress, WordPress Plugins
Posted in Apache, Cache, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, PHP, SEO, Security, Shell Scripting, Web Design, Web Hosting, Webmaster, WordPress | 9 Comments »

HTTP Status Codes and .htaccess ErrorDocuments

Monday, January 4th, 2010

There are a total of 57 HTTP Status Codes recognized by the Apache Web Server. Wouldn’t you like to see what all those headers and their output, ErrorDocuments look like?

Tags: 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, askapache, authorization, Bandwidth, curl, Dig, error log, errordocument, Flash, Forms, GET, Google, Htaccess, HTTP Error, HTTP Headers, HTTP Status Codes, httpd, HTTPS SSL, If-Modified-Since, password, Perl, PHP, phpBB, Port, post, ram, Redirect, Redirection, Request Method, Security, SEO, server, servers, Sniffing, Source Code, SSI, stat, tutorial, Wget, Wireshark, WordPress
Posted in Apache, Apache Modules, DreamHost, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Server Administration, Web Hosting, Webmaster, WiredTree | 22 Comments »

Vetted – Top 3 WordPress Speed Plugins

Sunday, November 29th, 2009

There are so many WordPress plugins out there now that I wanted to post my favorite 3 plugins for speeding up a WP-Powered blog. These are the 3 plugins that I install for pretty much all of my WP-Powered sites, which I run about 300 now. They work together to provide a very optimized blog for speed.

DB-Cache Reloaded does something entirely different, it saves the mysql queries that are made to the WP-database, as well as the mysql results to static files, and then through php serves those cached-files instead of re-querying the mysql database. Most mysql databases are stored on separate servers, and although many are on the same local network there is a limit to how many queries, and how many connections can take place.

So DB-Cache Reloaded basically makes WP-Super Cache work alot faster when generating the cache files, and DB-Cache Reloaded helps in a number of areas un-related to WP-Super Cache, like in the admin panel. And DB-Cache without WP-Super-Cache is a joke because it still uses the application-level and php for everything. Gotta use both (or just WPSC).

Tags: admin, Apache, askapache, AskApache Crazy Cache, Bandwidth, Bottleneck, Cache, caching, compression, Dig, filesystem, GET, httpd, mysql, Networking, password, PHP, post, Private Server, ram, Scripts, server, servers, SPEED, SSI, stat, Web Hosting, WordPress, WordPress Optimizing, WordPress Plugins, WordPress Speed, WP-Super Cache
Posted in Apache, Cache, Featured, Mod_Rewrite, Review, Server Administration, Web Hosting, Webmaster, WordPress, WordPress Plugins | 14 Comments »

Custom bash_profile for Advanced Shell Users

Monday, November 23rd, 2009

Looking for some advanced uses for the shell? Here is ~~some of~~ my best. The shell is where 70% of my work takes place, and I have at least one terminal open almost 100% of the time, for viewing tailing color-coded logs, and of course for the SSH Tunnels that I use to route various networking through, like my email. So I decided that to standardize and create a bash_profile containing the most time-saving and helpful functions that I could use on all the various hosting environments would really be some sweet sugar, so here is my constant Work-in-progress.

It works for all shells I encounter, including BackTrack, Debian, Knoppix, Arch Linux, etc. Also works for many hosting environments I use including DreamHost, HostGator, WiredTree, and pretty much any linux VPS.

I also rely on this heavily from within shell scripts I write to access all the functions and stuff in this .bash_profile, and to do that I just do like:

#!/bin/bash
 
source ~/.bash_profile &>/dev/nulll
 
pm "PM is a function to output nice messages with color"
yn "Are you enjoying the shell" && pm "Thats great!" || pm "Perhaps you're better suited for DOS"
yn "Show Calendar" && aa_calendar
yn "Show Fortune" && aa_fortune

Tags: .bashrc, 500, admin, Advanced, Apache, askapache, Backups, bash, bash alias, bash_profile, CCZE, chmod, CNAME, Cookies, curl, Dig, DreamHost, Firefox, Forms, GET, Google, GPG, grep, HostGator, Htaccess, Htpasswd, HTTP Headers, HTTPS SSL, ionice, iostat, Linux, Networking, Nice, PHP, Port, Prompt, PS1, Python, Redirect, Redirection, Renice, Scripts, server, servers, Shell, shell script, Shell Scripting, Socket, SOCKS, SPEED, SSH, SSI, stat, SymLinks, Ulimit, Web Hosting, Wget, WiredTree, WordPress, wp-config.php, xargs
Posted in Featured, Hacking, Linux Unix BSD, Security, Shell Scripting, Web Hosting | 6 Comments »

Firefox Add-ons for Web Developers

Sunday, October 18th, 2009

Advanced Web Development by AskApache is a Firefox Collection I created since I’m always trying new Addons out and using multiple computers and I wanted a quick and easy way to install my favorite’s and keep a running list. Firebug, YSlow, LastPass, and Web Developer are the only ones I always use regularly.

I like the idea of the last.fm but it’s not as powerful as the site, which is awesome. Lately listening to Kings of Leon Radio…

Tags: 401, 403 Forbidden, 500, Accessibility, Advanced, Ajax, Apache, askapache, Backups, Cache, caching, CommandLine, console, Cookies, CSS, debugging, Dig, DNS, Email, encryption, feed, Firebug, Firefox, Flash, Forms, GET, Gmail, Google, HTTP Headers, HTTPS SSL, Javascript, Login, Networking, Nice, Pagerank, password, Performance, PHP, Port, post, ram, Scripts, Security, SEO, server, servers, SOCKS, Source Code, SPEED, SSH, SSH Tunnels, SSI, stat, tmpfs, trick, Username, Web Development, Wireshark, WordPress, YSlow
Posted in Cache, Firefox, Google, Hacking, Javascript, Making Money, Music, Review, SEO, Security, Web Design, Web Tools, Webmaster, Windows | 4 Comments »

Optimizing Servers and Processes for Speed with ionice, nice, ulimit

Saturday, October 10th, 2009

To prepare for several upcoming articles on AskApache that are focused on optimizing Servers and Sites from a server admin level, here is an article to introduce the main tools that we will be using. These tools are used to optimize CPU time for each process using nice and renice, and other tools like ionice are used to optimize the Disk IO, or Disk speed / Disk traffic for each process. Then you can make sure your mysqld and httpd processes are always fast and prioritized.

Tags: 503, Advanced, Apache, askapache, Backups, Bandwidth, bash, Blocking, Boot, Bottleneck, caching, compression, CPU, CSS, curl, Disk IO, DNS, Examples, feed, fifo, GET, httpd, ionice, iostat, Javascript, Linux, mysql, Nice, Optimization, pagefile, Performance, Perl, PHP, Port, ram, Renice, Round Robin, rsync, Scripts, Security, server, servers, Shell, shell script, Shell Scripting, Socket, SPEED, SSH, SSI, stat, taskset, trick, Ulimit, Web Hosting, WordPress, wp-config.php
Posted in Apache, Cache, Featured, Linux Unix BSD, Review, Security, Server Administration, Shell Scripting, Web Hosting, Webmaster | 3 Comments »

Crazy Advanced Mod_Rewrite Debug Tutorial

Friday, September 11th, 2009

Note: Extremely ILL Content
Find the key to unlocking mod_rewrite and you WILL be sick.. sick with a diamond disease on your wrist!

Tags: 404 Not Found, admin, Advanced, Apache, askapache, Cache, cheatsheet, Cookies, Debug, debugging, Dig, errordocument, feed, FeedBurner, FeedCount, Firefox, GET, HowTo, Htaccess, htaccess rewrite, HTTP Headers, HTTP Status Codes, httpd, httpd.conf, HTTPS SSL, Linux, Mod_Rewrite, Mod_Security, Nice, Perl, PHP, Port, post, ram, Redirect, Redirection, Rewrite Tricks, rewritecond, rewriterule, Security, SEO, server, servers, SetEnvIf, SSI, stat, trick, tutorial
Posted in Apache, Apache Modules, Featured, Htaccess, Linux Unix BSD, Mod_Rewrite, Security, Server Administration, Web Hosting, Webmaster | 23 Comments »

An AskApache Plugin Upgrade to Rule them All

Wednesday, July 29th, 2009

So my blog as been rather quiet for almost a year now, and very few updates if any have been released for my Password Protection PLugin, my Google 404 Plugin, and definately not for my AskApache CrazyCache plugin, which I will be releasing last… So for all of you who’ve helped me out by sending me suggestions and notifying me of errors and sticking with it… Just wanted to say sorry about that, and thanks for all the great ideas.. Well, I’ve been sticking with it as well believe it our not. I manage to get free days once in a while, and then its time to jam.

Tags: 401, 404 Not Found, admin, Advanced, Apache, askapache, AskApache Google 404, AskApache Password Protection, ASP, authorization, bash, Cache, Cache-Control, chmod, compression, Cookies, debugging, Dig, Email, errordocument, Etags, Examples, FilesMatch, Fsockopen, GET, Google, Htaccess, htaccess files, htaccess tricks, HTTP Headers, httpd, HTTPS SSL, Javascript, Last-Modified, Logs, mod_include, Mod_Rewrite, Mod_Setenvif, Networking, Nice, password, password protection, Perl, PHP, Port, post, Python, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Scripts, Security, SEO, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SSH, SSI, stat, trick, Username, Web Hosting, Wireshark, WordPress, WordPress Plugins, WordPress Security
Posted in Apache, Apache Modules, Cache, Featured, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, PHP, Security, Web Hosting, Web Tools, Webmaster, Windows, WordPress, WordPress Plugins | 1 Comment »

DNS Round Robin Configuration using Rsync over SSH

Tuesday, April 14th, 2009

The goal is to add the HostGator server to be an exact mirror of the static.askapache.com domain, then to add that server as a 2nd A record to my DNS zone. That way half the visitors to the size will be taking up resources and bandwidth on the HostGator server instead of mine.

Round Robin A records in DNS are intended to evenly distribute queries between each host of the same name. Using some tricks straight out of a hackers toolbox we can verify if the distribution is taking place. (It is.)

Tags: 500, 503, admin, Apache, askapache, ASP, Bandwidth, Cache, caching, CNAME, CSS, Dig, DNS, DreamHost, experiments, GET, HostGator, HowTo, Htaccess, HTTPS SSL, Javascript, Linux, Logs, Networking, Nice, PHP, Port, Powweb, Prompt, PS1, Round Robin, rsync, Security, server, servers, Shell, SPEED, SSH, SSI, stat, trick, Web Hosting
Posted in Ajax, Apache, Apache Modules, Cache, Featured, Linux Unix BSD, Web Hosting | 5 Comments »

AskApache Debug Viewer Plugin for WordPress

Sunday, April 5th, 2009

The story behind this plugin is sorta wack, but in a good way :). While doing tons of security research on permissions, authorization, access, etc.. for the Password Protection plugin (still being worked on), I needed to have unheard of debugging capabilities while working on the plugin on the various websites, webhosts, and test servers that I use to test in different environments. So I hacked together a bunch of php code that helped me debug, actually I pretty much went overkill and tried to get as much debugging info as programmatically possible, and it ended up being so much code that I took it out of my Password Protection code and made it its own plugin.

Tags: admin, Ajax, Apache, Apache Modules, askapache, authorization, Cache, chmod, Cookies, debugging, error log, fifo, File Permissions, GET, Htaccess, Login, Nice, password, password protection, PHP, php.ini, phpinfo, Port, post, ram, Rewrite Tricks, Security, server, servers, Socket, SSI, stat, umask, Username, WordPress, WordPress Development
Posted in WordPress, WordPress Plugins | 1 Comment »

Htaccess SEO Trends by Google

Sunday, March 29th, 2009

htaccess vs. httpd.conf

Tags: Apache, askapache, GET, Google, Htaccess, httpd, httpd.conf, Mod_Rewrite, Mod_Security, Perl, PHP, ram, Rewrite Tricks, Security, SEO, server, servers, stat
Posted in Apache, Google, Htaccess, PHP, SEO | 1 Comment »

Advanced Htaccess – SSI, ErrorDocuments, DirectoryIndexing SEO

Monday, March 9th, 2009

3-Part article covering practical implementation of 3 advanced .htaccess features. Discover an easy way to boost your SEO the AskApache way (focus on visitors), a tip you might keep and use for life. Get some cool security tricks to use against spammers, crackers, and other nefarious sorts. Take your site’s error handling to the next level, enhanced ErrorDocuments that go beyond 404′s.

Tags: 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, askapache, AskApache Google 404, ASP, bash, Cache, Cookies, CSS, Dig, Email, errordocument, feed, Firefox, Forms, GET, Google, HowTo, Htaccess, htaccess files, htaccess rewrite, HTTP Headers, HTTP-EQUIV, httpd, HTTPS SSL, Javascript, Linux, mod_include, Nice, password, Perl, PHP, Port, ram, Redirect, Rewrite Tricks, rewritecond, rewriterule, Scripts, Security, SEO, server, Server Side Includes, servers, SetEnvIf, Source Code, SSH, SSI, stat, SymLinks, trick, WordPress
Posted in Apache, Apache Modules, Cache, DNS, DreamHost, Featured, Hacking, Htaccess, Mod_Rewrite, SEO, Security, Web Hosting, Webmaster, WiredTree | 1 Comment »

Password Protection Plugin Status

Sunday, March 1st, 2009

Enumerating Permissions can be Annoying

Don’t ask me how because I won’t tell you, but on one of the hosts I was testing on that did not allow direct access I was able to get the Apache server running as dhapache to erroneously write a file into my users blog directory. This is a big security no-no and I now have my .htaccess file written into the blog directory where it should go, but instead of my php script’s user having write access to the file so I can modify it, its owned by dhapache! Because the file is owned by dhapache I shouldn’t even be allowed to know it exists, but there it is. So the next step was to try and take ownership of the .htaccess file so that I could modify it. I tried and tried but was unsuccessful, I couldn’t modify it so that was another dead end. Actually it took me awhile to figure out how to remove the file from my directory. Being that it was owned by dhapache I couldn’t delete or modify it using my php process or even through ftp/ssh! Sysadmins regularly run find commands that search the servers for any files owned by dhapache that should not be there as this is a big red flag that someone has found a way to manipulate dhapache which could potentially lead to modifying dhapache-owned server config files, which sometimes is all it takes to hack your website and server.. Luckily I was able to delete it by basically running the hack again to overwrite the file.

Tags: .htaccess plugin, 500, admin, Apache, apache security, askapache, AskApache Password Protection, ASP, authorization, chmod, curl, debugging, Dig, DNS, feed, File Permissions, File System, filesystem, Fsockopen, GET, Hacking, Htaccess, HTTP Headers, httpd, HTTPS SSL, Login, Networking, nsa, password, password protection, PHP, php interpreter, Port, post, ram, Redirect, Robot, robots, Scripts, Security, security reasons, security tips, server, server config, servers, Socket, SSH, SSI, stat, Username, Web Hosting, WordPress
Posted in Apache, Featured, Hacking, Htaccess, Mod_Rewrite, PHP, Security, Web Hosting, WordPress, WordPress Plugins | 2 Comments »

The Ultimate Htaccess

Saturday, January 10th, 2009

Skip this – still under edit

I discovered these tips and tricks mostly while working as a network security penetration specialist hired to find security holes in web hosting environments. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Most all .htaccess code works in the httpd.conf file, but not all httpd.conf code works in .htaccess files, around 50%. So all the best Apache admins and programmers never used .htaccess files. There was no incentive for those with access to httpd.conf to use htaccess, and the gap grew. It’s common to see “computer gurus” on forums and mailing lists rail against all uses and users of .htaccess files, smugly announcing the well known problems with .htaccess files compared with httpd.conf – I wonder if these “gurus” know the history of the htaccess file, like it’s use in the earliest versions of the HTTP Server- NCSA’s HTTPd, which BTW, became known as Apache HTTP. So you could easily say that htaccess files predates Apache itself.

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I compiled every released version of the Apache Web Server, ever, even NCSA’s, and focused on enumerating the most powerful htaccess directives. Good times! Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess for websites, not research. I documented most of my favorites and rewrote the htaccess guide for webdevelopers. After some great encouragement on various forums and nets I decided to start a blog to share my work with everyone, AskApache.com was registered, I published my guide, and it was quickly plagiarized and scraped all over the net. Information is freedom, and freedom is information, so this blog has the least restrictive copyright for you. Feel free to modify, copy, republish, sell, or use anything on this site ;)

Tags: .htaccess examples, 301 Redirect, 302 Redirect, 401, 403 Forbidden, 404 Not Found, 500, 503, admin, Advanced, Apache, Apache Htaccess, apache ssl, askapache, ASP, authorization, Backups, Bandwidth, bash, Blocking, Boot, Cache, Cache-Control, caching, cheatsheet, chmod, code snippets, compression, Cookies, CSS, debugging, DreamHost, Email, error log, errordocument, Etags, Examples, experiments, feed, FeedBurner, File System, FilesMatch, filesystem, Firefox, Flash, Forms, GET, Google, Hacking, hotlinking, HowTo, Htaccess, htaccess files, htaccess guide, htaccess rewrite, htaccess tricks, htaccess tutorial, Htpasswd, HTTP Error, HTTP Headers, HTTP-EQUIV, httpd, httpd.conf, HTTPS SSL, hyper text transfer protocol, If-Modified-Since, Javascript, Last-Modified, Linux, Login, Logs, mad skills, mod_include, mod_python, Mod_Rewrite, Mod_Rewrite examples, Mod_Security, Mod_Setenvif, mysql, Nice, nsa, password, password protection, PDF, Performance, Perl, PHP, php.ini, phpinfo, Port, post, Powweb, Prompt, Python, ram, Redirect, Redirection, Request Method, Rewrite Tricks, rewritecond, rewriterule, Robot, robots, Sample .htaccess, Scripts, Security, SEO, seo secrets, server, server config, servers, SetEnvIf, Shell, Socket, Source Code, SPEED, SSH, SSI, stat, SymLinks, trick, tutorial, ultimate htaccess, Username, Web Hosting, WordPress
Posted in Apache, Apache Modules, Cache, DreamHost, Featured, Google, Hacking, Htaccess, Linux Unix BSD, Mod_Rewrite, SEO, Security, Web Design, Web Hosting, Web Tools, Webmaster, WordPress | 71 Comments »

.htaccess Plugin Blocks Spam, Hackers, and Password Protects Blog

Saturday, November 22nd, 2008

Well what can I say, other than this is sooo DOPE! Here is a list of the modules this plugin (version 4.7 unreleased) will automatically detect. I compiled the list myself using every module included with any default Apache installation for ALL the versions listed below, 1.3 to 2.2+

Want to know something else I’m including in this plugin? For each and every module that is detected, this plugin can then detect ALL of the modules .htaccess Directives! For instance, RewriteRule, AccessFileName, AddHandler, etc.. are each a directive belonging to a module that is allowed to be used from within .htaccess files.

Talk about sick.. these tricks have the diamond disease!

Tags: .htaccess plugin, 301 Redirect, 401, 403 Forbidden, admin, Advanced, Anti-Spam, Apache, askapache, ASP, Cache, Cookies, CSS, Dig, Email, errordocument, feed, FilesMatch, Firefox, GET, Hacking, hotlinking, Htaccess, htaccess files, htaccess rewrite, htaccess tricks, Htpasswd, HTTP Headers, httpd, HTTPS SSL, Login, mod_include, Mod_Rewrite, Mod_Security, Mod_Setenvif, password, PDF, PHP, Port, post, Redirect, Request Method, Rewrite Tricks, rewritecond, rewriterule, Security, server, servers, SetEnvIf, Source Code, SSI, stat, SymLinks, trick, WordPress
Posted in Apache, Cache, Featured, Hacking, Htaccess, PHP, SEO, Security, WordPress, WordPress Plugins | 39 Comments »