Category Archive: .htaccess
Posts about Apache and .htaccess
If you try to log in to some of my WordPress-powered sites via the WP Login Page, you will be met with a 403 “Forbidden” response. For sites where I am the only registered user, I lock things down to prevent endless waves of drip force attacks. It really helps to reduce server load, conserve […]
One of the worst bots I’ve encountered in a long time. BLEXBot likes to hit the same resources periodically and repeatedly. So it requests the same resources again and again, even if they are expressly forbidden via robots.txt or other methods. It’s like BLEXBot has no memory of where it’s been or what it’s doing. […]
A reader recently asked how to limit POST requests to only HTTP 1.1. Well here is an .htaccess snippet that will do it.
This quick code snippet enables you to enforce that all directory URLs append a trailing slash. It is a very simple code snippet, only a few lines and done. Here are a few examples to give you a better idea of how it works.
If you are using Apache server, you can stop an attack by getting the IP address of the attacker and then using it to block or redirect all of their requests. Normally I just block the requests using either Deny or Require directives (depending on Apache version), but sometimes it’s fun to redirect the attacker […]
Here is a nice copy/paste .htaccess snippet to help block SQL-injection attacks. It can be added as-is to your .htaccess file to help protect against SQL injection and other types of malicious activity. This code is a not a replacement for proper data sanitization, but it does help to add another layer of security to […]
Here is a nice copy/paste .htaccess snippet to help block file-injection attacks. It can be added as-is to your .htaccess file to help protect against file injection and other types of malicious activity. This code is a not a replacement for proper data sanitization, but it does help to add another layer of security to […]
Sending a few HTTP headers is a simple way to let visitors and search engines know that your site currently is unavailable. This is useful when you are doing maintenance and don’t need access to the front-end of your site. Simply add the rules to .htaccess when your site is down, and then remove them […]
To redirect an old domain to a new domain, use any of these three simple .htaccess techniques.
In this tutorial, I share a handful of .htaccess techniques for implementing canonical URLs for single-page websites. Also referred to as “brochure” sites (among other things). These are all plug-&-play code snippets, just add to any .htaccess-capable site and enjoy the SEO benefits of having canonical URLs. I use these snippets on my sites, such […]
With WordPress and other publishing software, you can create “private” and “password-protected” posts, but the URL is still going to be discoverable via search engines and visitors. This technique using .htaccess makes the post and URL accessible only to the specified IP addresses.
Here is a choice collection of .htaccess directives that I use when hosting images on a subdomain. When doing so, it’s best for performance to make sure the domain or sub-domain is “cookie-less”, so there is no time wasted sending cookie data back and forth between the server and client. Other optimizations are included to […]