Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Tag: .htaccess

Security?

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

5 November 2018 / / 7 Comments

Apache Access Control done right in WordPress .htaccess, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

Continue reading
SSL Summary A plus

SSL Summary A plus

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

15 July 2016 / / 7 Comments

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.

Continue reading

HackRepair.com’s Bad Bots .htaccess in web.config for IIS

19 February 2016 / / 13 Comments

Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!

Continue reading

RewriteProxy with .htaccess in IIS

8 October 2015 / / 0 Comments

Rewrite and proxy HTTP requests in IIS using a .htaccess

In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a .htaccess file handled by Helicon Ape.

Continue reading

Mod_evasive on IIS

24 July 2014 / / 0 Comments

Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.

Continue reading

Huge increase in WordPress xmlrpc.php POST requests

7 July 2014 / / 9 Comments

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.

Continue reading

Microsoft Internet Information Services logo

Microsoft Internet Information Services logo

Remove IIS Server version HTTP Response Header

6 July 2014 / / 42 Comments

Remove HTTP response headers in IIS 7, 7.5, 8.0, 8.5, 10 and ASP.NET

Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the Server header in the HTTP response, as shown below. In this post I’ll show you how to remove response server headers in IIS. You don’t want to give hackers too much information about your servers, heh? ;-).

Continue reading

How to hide the .php file extension with IIS URL Rewrite Module

23 May 2014 / / 5 Comments

How to hide the .php file extension with URL Rewrite on Windows Server IIS? Sometimes it’s important to hide the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website. This example will hide the .php extension using the IIS URL Rewrite module, in a ready to use web.config & .htaccess example.

Continue reading

WordPress 3.5 on IIS 8.0 is unable to save a web.config file

19 February 2013 / / 0 Comments

This website Saotn.org is hosted on Windows Server 2012 with IIS 8.0 with WordPress for a few months now, and everything is running very smooth. And I would never hit this bug because I don’t need to change my permalinks structure, or save any other plugin setting which would want write to a web.config file. One of my colleagues on the other hand, just moved his website to one of our IIS 8.0 web servers and he noticed he couldn’t save his Permalinks structure in the IIS web.config file. This can be pretty annoying 😉 Quick fix attached…

Continue reading

Create your own PHP based Origin Pull CDN

17 February 2013 / / 8 Comments

The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider. Hosting your WordPress website on a Content Delivery Network is an important WordPress optimization tip. Here is how to create your own Origin Pull CDN with just a few lines of PHP…

Continue reading

Convert .htaccess to web.config

8 February 2013 / / 3 Comments

This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. This is useful when you want to convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config.

Continue reading

“htaccess files should not be used for security restrictions”

8 August 2012 / / 1 Comment

Acunetix’ Bogdan Calin wrote an article explaining why .htaccess files should not be used to secure sensitive data: htaccess files should not be used for security restrictions.

Continue reading

How to filter web traffic with blacklists

27 May 2012 / / 3 Comments

Block and filter unwanted web HTTP traffic with blacklists, on both IIS and Apache. Protect your website easily with this PHP blacklist class. Let’s create our own HTTP web blacklist filter.

Continue reading

How to use .htaccess files on Windows Server IIS

28 December 2011 / / 5 Comments

Learn how to use .htaccess in Windows Server IIS. In this post I’ll provide you with some useful .htaccess URL rewrite examples. URL rewrite examples that you can use on Window Server IIS for your website.

Continue reading

7 Snippets to use .htaccess as a Web Application Firewall

3 August 2011 / / 2 Comments

.htaccess to secure your website

In this post I provide you with 7 .htaccess snippets to secure your website, by letting .htaccess act as a kind of Web Application Firewall (WAF). You can use this information to block out exploit- and rogue HTTP requests on your website.

Continue reading

25 Most Popular Tags

.htaccess AppCmd ASP.NET Bash functions.php IIS linux MySQL optimization performance PHP plugin PowerShell security SMTP SQL Server SSL URL Rewrite web.config web application security website WinCache Windows Windows 10 WordPress

Proudly hosted by

Also visit:

ITFAQ.nl
WordPress hosting, ASP.NET & ASP.NET Core hosting - @Vevida
Reilink.nl

© 2020 Sysadmins of the North

Theme by Anders NorenUp ↑

Skip to content