Category: .htaccess

Category Archive: .htaccess

Posts about Apache and .htaccess

Page 1 of 5

Block Wayback Machine

If your website has been online for any length of time, it probably has been crawled and stored in the Internet Archive, AKA the Wayback Machine. That means your web pages will be available even if your site is taken offline. To remove any pages that already have been archived, you need to contact the […]

Quick Apache/.htaccess Snippet to Secure the WordPress Login Page

For WordPress sites where I am the only person logging in, I like to add the following Apache/.htaccess snippet to allow my IP address only, and deny access to all others. So when anyone tries to access the WP Login Page and they are not not coming from my IP address, they are denied with […]

Whitelist File Names via Apache/.htaccess

I’ve posted tons of tutorials showing how to block things with Apache/.htaccess. Generally blocking involves defining a list and then forbidding access to it. In this quick post, we’re going to change it up, by defining a list and forbidding access to anything that is not included. The list can be anything, IP addresses, request […]

Secure WordPress Login Page

If you try to log in to some of my WordPress-powered sites via the WP Login Page, you will be met with a 403 “Forbidden” response. For sites where I am the only registered user, I lock things down to prevent endless waves of drip force attacks. It really helps to reduce server load, conserve […]

Block BLEXBot via Apache/.htaccess

One of the worst bots I’ve encountered in a long time. BLEXBot likes to hit the same resources periodically and repeatedly. So it requests the same resources again and again, even if they are expressly forbidden via robots.txt or other methods. It’s like BLEXBot has no memory of where it’s been or what it’s doing. […]

Apache Require HTTP 1.1 for POST Requests

A reader recently asked how to limit POST requests to only HTTP 1.1. Well here is an .htaccess snippet that will do it.

Force Trailing Slash with .htaccess

This quick code snippet enables you to enforce that all directory URLs append a trailing slash. It is a very simple code snippet, only a few lines and done. Here are a few examples to give you a better idea of how it works.

Redirect Attacker to Special Message

If you are using Apache server, you can stop an attack by getting the IP address of the attacker and then using it to block or redirect all of their requests. Normally I just block the requests using either Deny or Require directives (depending on Apache version), but sometimes it’s fun to redirect the attacker […]

Protect against SQL Injection

Here is a nice copy/paste .htaccess snippet to help block SQL-injection attacks. It can be added as-is to your .htaccess file to help protect against SQL injection and other types of malicious activity. This code is a not a replacement for proper data sanitization, but it does help to add another layer of security to […]

Protect Against File Injection

Here is a nice copy/paste .htaccess snippet to help block file-injection attacks. It can be added as-is to your .htaccess file to help protect against file injection and other types of malicious activity. This code is a not a replacement for proper data sanitization, but it does help to add another layer of security to […]

503 Service Unavailable Headers via PHP

Sending a few HTTP headers is a simple way to let visitors and search engines know that your site currently is unavailable. This is useful when you are doing maintenance and don’t need access to the front-end of your site. Simply add the rules when your site is down, and then remove them once everything […]