Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Search results: ".htaccess" (page 1 of 2)

Security?

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

5 November 2018 / / 4 Comments

Apache Access Control done right, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

Continue reading

HackRepair.com’s Bad Bots .htaccess in web.config for IIS

19 February 2016 / / 13 Comments

Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your website with this web.config file!

Continue reading

RewriteProxy with .htaccess in IIS

8 October 2015 / / 0 Comments

Rewrite and proxy HTTP requests in IIS using a .htaccess

In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a .htaccess file handled by Helicon Ape.

Continue reading

Convert .htaccess to web.config

8 February 2013 / / 3 Comments

This post describes some of the IIS URL Rewrite equivalents of commonly used Apache .htaccess settings. This is useful when you want to convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess to web.config.

Continue reading

How to use .htaccess files on Windows Server IIS

28 December 2011 / / 5 Comments

Learn how to use .htaccess in Windows Server IIS. In this post I’ll provide you with some useful .htaccess URL rewrite examples. URL rewrite examples that you can use on Window Server IIS for your website.

Continue reading

7 Snippets to use .htaccess as a Web Application Firewall

3 August 2011 / / 1 Comment

.htaccess to secure your website

In this post I provide you with 7 .htaccess snippets to secure your website, by letting .htaccess act as a kind of Web Application Firewall (WAF). You can use this information to block out exploit- and rogue HTTP requests on your website.

Continue reading

How to: Protect WordPress from brute-force XML-RPC attacks

2 June 2017 / / 0 Comments

The WordPress XML-RPC API has been under attack for many years now. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from xmlrpc.php attacks, but still being able to use (some of) its functionality like Jetpack? This post gives you some insight.

Continue reading

Tips to speed up WordPress, serve gzip compressed static HTML files

5 September 2016 / / 7 Comments

Who said WordPress is slow on Windows Server IIS? Gzip compress and serve WP-Super-Cache or Cache Enabler static HTML files, to supercharge your WordPress blog. Here is how to serve gzip compressed HTML files through Windows Server IIS: create smaller, compressed, static HTML files, that are downloaded faster. This works with WP-Super-Cache and Cache Enabler on IIS!

Continue reading

How to optimize your WordPress hosting – 9+ practical tips

31 August 2016 / / 12 Comments

Isn’t it true that, when you (start to) develop WordPress websites for clients, and you host them yourself, you find yourself in a situation where you need to know a lot about “stuff” other than WordPress development? In this optimizing WordPress hosting post, I provide 9+ practical tips for you, to improve WordPress hosting performance. Especially useful if you plan to develop and host WordPress websites yourself.

Continue reading

WordPress advisory: Akal premium theme XSS vulnerability & abandonded

22 August 2016 / / 2 Comments

Over the course of one week I had the opportunity to audit two hacked WordPress websites. I could quickly discover two vulnerabilities: a Cross Site Scripting, or XSS, in a premium WordPress theme Akal, and a Denial-of-Service in an undisclosed newsletter plugin. This post describes the Akal premium WordPress theme XSS vulnerability.

Continue reading
SSL Summary A plus

SSL Summary A plus

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

15 July 2016 / / 6 Comments

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.

Continue reading

Critical 0-day vulnerability in Joomla patched, update to 3.4.6 now!

14 December 2015 / / 0 Comments

The Joomla security team have just released a new version of Joomla to patch a critical remote command execution vulnerability that affects all versions from 1.5 to 3.4. This is a serious vulnerability that can be easily exploited and is already in the wild.

Continue reading

My WordPress web.config

22 June 2015 / / 17 Comments

Do you host your WordPress website on Windows Server IIS? And are you having trouble with your web.config? I often receive questions about how to use a web.config file in WordPress on Windows Server, and which settings are important for a WordPress site. Maybe it’s because I’m a WordPress on IIS enthusiast, so here is my web.config for your convenience (really, it’s not that special).

Continue reading

Secure WordPress uploads folder, disable PHP execution

19 April 2015 / / 1 Comment

The following PHP function secures your WordPress website by disabling the execution of PHP scripts in wp-content/uploads, on IIS web servers. It creates a web.config file for this purpose.

Continue reading
Joomla! logo

Joomla! Logo

Joomla! websites abused as open proxy for Denial-of-Service attacks

16 November 2014 / / 1 Comment

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis…

Continue reading
« Older posts

Want to say thanks?

If I’ve helped you out and you want to thank me, why not buy me a coffee?

Support Sysadmins of the North with $5 / €5

Thank you for your support.

Also visit:

ITFAQ.nl
WordPress hosting, ASP.NET & ASP.NET Core hosting - @Vevida
Reilink.nl

Top search keyphrases

  • server 2012 component store cleanup
  • windows 2012 r2 dism cleanup
  • outbound rewrite rules cannot be applied when the content of the http response is encoded gzip .
  • iis force https
  • iis redirect http to https
  • grep argument list too long
  • dsmc command to clean up winsxs in windows 2012
  • redirect http to https iis
  • url rewrite extension for iis
  • always_populate_raw_post_data
  • disk cleanup server 2012 r2
  • restore a single database from a mysqldump file
  • mysql sleep
  • bash convert int to hex
  • disk cleanup windows 2012 r2 server
  • a remove operation for this domain is in progress. the operation can take some time based on the number of dependencies needing to be reconfigured. refresh the domain list page to update the status of the remove operation. should the remove operation fail the remove page will provide further details on completing the domain removal. thank you for your patience.
  • default url to https in iis
  • list spns
  • windows 2012 r2 cleanup winsxs
  • file .htaccess in iis
  • rdp over ssh
  • server message block windows
  • cmd mail
  • innodb_buffer_pool_instances

Find!

25 Most Popular Tags

.htaccess ASP.NET Bash IIS Joomla! linux MySQL optimization performance PHP plugin PowerShell security SMTP SQL Server SSL URL Rewrite web.config web application security website WinCache Windows Windows 10 WordPress XSS

Top 15 entry posts

How to: Disk Cleanup in Windows Server 2012 (R2) – DISM | Remove IIS Server version HTTP Response Header | List all SPNs used in your Active Directory | 5 Extra ways to clean up disk space in Windows Server | Tunnel RDP through SSH & PuTTY | WsusPool keeps crashing: stops again and again | MySQL InnoDB performance improvement: InnoDB buffer pool instances | How to redirect HTTP to HTTPS on IIS | How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10 | "The length of the URL for this request exceeds the configured maxUrlLength value" | Fatal error: Uncaught Error: [] operator not supported for strings - PHP 7.1 | How to test SMTP Authentication and StartTLS | Enable NTFS long paths in Windows Server 2016 by Group Policy | How to hide the .php file extension with IIS URL Rewrite Module | How to install Microsoft's SQL Server Driver for PHP

© 2019 Sysadmins of the North

Theme by Anders NorenUp ↑