On this page → [hide]
Brand New Features for 4.x
- gzip's previous .htaccess file and sends it as an attachment to the logged in users email account along with password user setup.
- Provides a AA_PP_DEBUG constant that you can set to 1 for verbose debugging
- Now also works for sites running on SSL (PHP version >4.3.0)
- Rewrote the security module code in the form of snort, nessus, and mod_security rules and signatures
- Added a *real* check to see if mod_rewrite is installed
- Added Modules that remove directoryindexes
- Added Module to require SSL (only enabled for SSL blogs, so you don't shoot yourself in the foot)
- Added Module that only allows certain REQUEST_METHOD in the request
- Much more on the way..
Example WordPress Generated .htaccess
Password Protecting wp-admin
# BEGIN AskApache PassPro # sid900 AuthName "Protected By AskApache" AuthUserFile /askapache.com/.htpasswda1 AuthType Basic Require valid-user <filesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|swf|css|js)$"> Allow from All </FilesMatch> <files async-upload.php> Allow from All </Files> Satisfy Any # sid900 # END AskApache PassPro
Blog root .htaccess
# BEGIN WordPress
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</ifModule>
# END WordPress
# BEGIN AskApache PassPro
<ifModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# sid1000
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /blog/wp-content/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} ^.+.php$
RewriteRule .* - [F,NS]
# sid1000
# sid1010
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /blog/wp-includes/.*$ [NC]
RewriteCond %{REQUEST_FILENAME} ^.+.php$
RewriteRule .* - [F,NS]
# sid1010
</ifModule>
# sid1005
<files wp-login.php>
AuthName "Protected By AskApache"
AuthUserFile /askapache.com/.htpasswda1
AuthType Basic
Require valid-user
</Files>
# sid1005
# END AskApache PassPro
SID .htaccess Security Modules
If you have any ideas for some more, please let us know!
| SID | Protection | Description | Response | Enable |
|---|---|---|---|---|
| 900 | wp-admin/*.* | Requires a valid user/pass to access any non-static (css, js, images) file in this directory | 401 | |
| 1000 | wp-content/*.php | Denies any Direct request for files ending in .php with a 403 Forbidden | 401 | |
| 1005 | wp-login.php | Requires a valid user/pass to access the login page | 401 | |
| 1010 | wp-includes/*.php | Denies any Direct request for files ending in .php with a 403 Forbidden | 403 | |
| 1015 | REQUEST_METHODS | Denies any request not using !GET|POST|OPTIONS|PUT|HEAD | 403 | |
| 1025 | Directory Protection | Enable the DirectoryIndex Protection, preventing directory index listing | Disable |
January 1st, 2008
« Boost SEO, Drive Traffic with the 404 Error Page PluginLets win the DreamHost Contest »
