surabaya web designer
cheap web promotion indonesia
design graphics and online shopping cart
     category      articles    
 

Adsense

Adwords

Article

Blog

CMS

CSS Style

Datacenter

Design Graphics

Flash Animation

Internet Radio

Messenger

Programming

Provider

Search Engine

Security

Security Web

SEF

SEO

Software

Software Web

Prevent htaccess From Hack 1

Make any file be a certain filetype (regardless of name or extension)

#Makes image.gif, blah.html, index.cgi all act as php
ForceType application/x-httpd-php


Authentication Magic

Require password for 1 file:
code:
<Files login.php>
AuthName "Prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user
</Files>



Protect multiple files:
code:
<FilesMatch "^(exec|env|doit|phpinfo|w)*$">
AuthName "Development"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
</FilesMatch>


Example uses of the Allow Directive:
code:
# A (partial) domain-name
Allow from 10.1.0.0/255.255.0.0

# Full IP address
Allow from 10.1.2.3

# More than 1 full IP address
Allow from 192.168.1.104 192.168.1.205

# Partial IP addresses
# first 1 to 3 bytes of IP, for subnet restriction.
Allow from 10.1
Allow from 10 172.20 192.168.2

# network/netmask pair
Allow from 10.1.0.0/255.255.0.0

# network/nnn CIDR specification
Allow from 10.1.0.0/16

# IPv6 addresses and subnets
Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10


Using visitor dependent environment variables:
code:
SetEnvIf User-Agent ^KnockKnock/2\.0 let_me_in
Order Deny,Allow
Deny from all
Allow from env=let_me_in


Allow from apache.org but deny from foo.apache.org
code:
Order Allow,Deny
Allow from apache.org
Deny from foo.apache.org


Allow from IP address with no password prompt, and also allow from non-Ip address with password prompt:
code:
AuthUserFile /home/www/site1-passwd
AuthType Basic
AuthName MySite
Require valid-user
Allow from 172.17.10
Satisfy Any


block access to files during certain hours of the day
code:
# If the hour is 16 (4 PM) Then deny all access
RewriteCond %{TIME_HOUR} ^16$
RewriteRule ^.*$ - [F,L]


Redirect non-https requests to https server fixing double-login problem and ensuring that htpasswd authorization can only be entered using HTTPS
code:
SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "google.com"
ErrorDocument 403 https://google.com


SEO Friendly redirects for bad/old links and moved links
For single moved file
code:
Redirect 301 /d/file.html http://www.htaccesselite.com/r/file.html


For multiple files like a blog/this.php?gh
code:
RedirectMatch 301 /blog(.*) http://www.askapache.com/$1


OTHER ARTICLES

Safeguard your XML based messages

Program Security

Preventing directory listing

Safeguard your XML based messages 4

Register Global

Safeguard your XML based messages 2

About Super Global

Top 7 PHP Security Blunders (1)

Protecting your bandwidth

Howto create a password for a htpasswd file using PHP