Sysadmins of the North

Technical blog, where topics include: computer, server, web, sysadmin, MySQL, database, virtualization, optimization and security

Tag: .htaccess (page 1 of 2)

Security?

Security?

WordPress .htaccess security best practices in Apache 2.4.6+

5 November 2018 / / 4 Comments

Apache Access Control done right, ‘Allow/Deny from all’ versus ‘Require All Granted/Denied’

Since Apache 2.4.6, a new module is used to configure and set up access control for websites: mod_authz_core. This means you have to use a different syntax for allowing or blocking hosts and IP addresses to your website. But unfortunately, old documentation is never updated and people even still write blog posts using that old syntax, leaving you with an unprotected website. Not what you had in mind, now is it?…

Continue reading
SSL Summary A plus

SSL Summary A plus

SSL in WordPress: how to move WordPress to HTTPS? The definitive guide

15 July 2016 / / 6 Comments

Having an SSL certificate in your WordPress is the de-facto standard nowadays, did you know that? Google ranks sites having HTTPS higher in their SERP. But in WordPress, how do you configure an SSL certificate and HTTPS URL? You’ll learn the important steps to move WordPress from http to https in this post.

Continue reading

HackRepair.com’s Bad Bots .htaccess in web.config for IIS

19 February 2016 / / 13 Comments

Jim Walker from HackRepair.com posted a 2016 version of his Bad Bots .htaccess on Pastebin. I offered Jim to translate his Bad Bots .htaccess to web.config, to be used with Windows Server IIS. And here it is, learn to protect your WordPress website with this web.config file!

Continue reading

WordPress Is the Most Attacked CMS Application

17 November 2015 / / 0 Comments

Imperva’s Web Application Attack Report shows spam is WordPress’ largest security threat. Imperva, an international cyber security company founded in 2002, published its 2015 web application attack report. The report includes a thorough analysis of attack data obtained through its Web Application Firewall (or WAF).

Continue reading

RewriteProxy with .htaccess in IIS

8 October 2015 / / 0 Comments

Rewrite and proxy HTTP requests in IIS using a .htaccess

In my case scenario, I had to proxy requests in IIS, because a website was moved from web server A to B, and the DNS wasn’t updated yet. All HTTP requests for the moved website are handled in IIS’ Default Web Site; that’s the wildcard host, and the original host no longer existed there. We needed to match our website and proxy those requests to the new IIS web server. This can either be done using a proxy with URL Rewrite, IIS Application Request Routing (ARR), or a .htaccess file handled by Helicon Ape.

Continue reading

Mod_evasive on IIS

24 July 2014 / / 0 Comments

Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it’s requesting the same page more than 10 times a second. This is configurable.

Continue reading

Huge increase in WordPress xmlrpc.php POST requests

7 July 2014 / / 9 Comments

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.

Continue reading

Microsoft Internet Information Services logo

Microsoft Internet Information Services logo

Remove IIS Server version HTTP Response Header

6 July 2014 / / 41 Comments

Remove HTTP response headers in IIS 7, 7.5, 8.0, 8.5, 10 and ASP.NET

Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the Server header in the HTTP response, as shown below. In this post I’ll show you how to remove response server headers in IIS. You don’t want to give hackers too much information about your servers, heh? ;-).

Continue reading

How to hide the .php file extension with IIS URL Rewrite Module

23 May 2014 / / 4 Comments

How to hide the .php file extension with URL Rewrite on Windows Server IIS? Sometimes it’s important to hide the file extension of scripts you use. Security by obscurity might be that reason, if you don’t want others to know what script language you are using for your website. This example will hide the .php extension using the IIS URL Rewrite module, in a ready to use web.config & .htaccess example.

Continue reading

WordPress 3.5 on IIS 8.0 is unable to save a web.config file

19 February 2013 / / 0 Comments

This website Saotn.org is hosted on Windows Server 2012 with IIS 8.0 with WordPress for a few months now, and everything is running very smooth. And I would never hit this bug because I don’t need to change my permalinks structure, or save any other plugin setting which would want write to a web.config file. One of my colleagues on the other hand, just moved his website to one of our IIS 8.0 web servers and he noticed he couldn’t save his Permalinks structure in the IIS web.config file. This can be pretty annoying 😉 Quick fix attached…

Continue reading

Create your own PHP based Origin Pull CDN

17 February 2013 / / 6 Comments

The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider. Hosting your WordPress website on a Content Delivery Network is an important WordPress optimization tip. Here is how to create your own Origin Pull CDN with just a few lines of PHP…

Continue reading

Convert .htaccess to web.config

8 February 2013 / / 3 Comments

This post describes some of the IIS URL Rewrite equivalents of commonly used Apache .htaccess settings. This is useful when you want to convert your .htaccess to web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess to web.config.

Continue reading

“Joomla sites misused to deploy malware” – Update

14 December 2012 / / 1 Comment

The Internet Storm Center reports that a large number of Joomla sites are currently deploying malicious code and infecting visitors with malware; some WordPress sites are also thought to be affected. The German CERT-Bund⁠ Computer Emergency Response Team, which is operated by the German Federal Office for Information Security (BSI), has confirmed that similar attacks on and via Joomla servers have also been observed in Germany.

Continue reading

“htaccess files should not be used for security restrictions”

8 August 2012 / / 1 Comment

Acunetix’ Bogdan Calin wrote an article explaining why .htaccess files should not be used to secure sensitive data: htaccess files should not be used for security restrictions.

Continue reading

How to filter web traffic with blacklists

27 May 2012 / / 3 Comments

Block and filter unwanted web HTTP traffic with blacklists, on both IIS and Apache. Protect your website easily with this PHP blacklist class. Let’s create our own HTTP web blacklist filter.

Continue reading
« Older posts

Want to say thanks?

If I’ve helped you out and you want to thank me, why not buy me a coffee?

Support Sysadmins of the North with $5 / €5

Thank you for your support.

Categories

Also visit:

ITFAQ.nl
WordPress hosting, ASP.NET & ASP.NET Core hosting - @Vevida
Reilink.nl

Top search keyphrases

  • iis redirect http to https
  • appcmd
  • list spn
  • 2008 iis server gpo policy recommendations
  • setspn list
  • wsuspool keeps stopping
  • iis hsts header
  • dism disk cleanup
  • hide iis server name
  • sleep command mysql
  • asp.net sql server connection example
  • certificate error the underlying connection was closed could not establish trust relationship for the ssl/tls secure channel.
  • determine .net version installed
  • set app pool recycle time
  • forfiles recursive delete
  • no hsts on 500 response
  • windows server file share cleanup
  • powershell exit set exit message
  • powershell extract non zip
  • powershell remove spn
  • ssh tunnel for rdp windows10
  • powershell exit code
  • windows server 2012 r2 disk cleanup issues
  • hide php extension iis url rewrite
  • putty tunnel 3389
  • http strict transport security hsts header to the https responses
  • asp.net max url length
  • migrate kms host to another server
  • error [] operator not supported for strings [] operator not supported for strings
  • rdp over ssh
  • powershell file attributes

25 Most Popular Tags

.htaccess ASP.NET Bash IIS Joomla! linux MySQL optimization performance PHP plugin PowerShell security SMTP SQL Server SSL URL Rewrite web.config web application security website WinCache Windows Windows 10 WordPress XSS

Top 15 entry posts

Disk Cleanup in Windows Server | List all SPNs used in your Active Directory | Remove IIS Server version HTTP Response Header | Tunnel RDP through SSH & PuTTY | 5 Extra ways to clean up disk space in Windows Server | Fatal error: Uncaught Error: [] operator not supported for strings – PHP 7.1 | MySQL InnoDB performance improvement: InnoDB buffer pool instances – Updated! | How to install IIS URL Rewrite Module on Windows Server 2016 & IIS 10 | WsusPool keeps crashing: stops again and again | "The length of the URL for this request exceeds the configured maxUrlLength value" | PowerShell return value, exit code, or ErrorLevel equivalent | How to redirect HTTP to HTTPS on IIS | How to hide the .php file extension with IIS URL Rewrite Module | Enable NTFS long paths in Windows Server 2016 by Group Policy | Fix "Could not establish trust relationship for the SSL/TLS secure channel" error

© 2019 Sysadmins of the North

Theme by Anders NorenUp ↑