htaccess - Sysadmins of the North

Huge increase in WordPress xmlrpc.php POST requests

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.

Published on Monday, 7 July 2014

Remove IIS Server version HTTP Response Header

Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the `Server:` header in the HTTP response, as shown below. In this post I'll show you how to remove HTTP response headers in Windows Server IIS. You don't want to give hackers too much information about your servers, right?.

Published on Sunday, 6 July 2014

How to hide the .php file extension with IIS URL Rewrite Module

Sometimes it's important to remove (or hide) the file extension of scripts you use. Security by obscurity might be that reason, if you don't want others to know what script language you are using for your website, or for static site hosts.

Published on Friday, 23 May 2014

WordPress 3.5 on IIS 8.0 is unable to save a web.config file

This website Saotn.org is hosted on Windows Server 2012 with IIS 8.0 with WordPress for a few months now, and everything is running very smooth. And I would never hit this bug because I don't need to change my permalinks structure. One of my colleagues on the other hand, just moved his website to an IIS 8.0 web server and he noticed he couldn't save his Permalinks structure in the IIS web.config file. This can be pretty annoying ;-) Quick fix attached...

Published on Tuesday, 19 February 2013

Create your own PHP based Origin Pull CDN

The advantage of having your website content hosted on a Content Delivery Network (CDN) is having your content distributed and stored across the Globe. Utilizing the network of the Content Delivery Network provider. Hosting your WordPress website on a Content Delivery Network is an important WordPress optimization tip.

Published on Sunday, 17 February 2013

Convert .htaccess to web.config

This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. You'll learn how to translate .htaccess content to IIS web.config, this is useful when you need to migrate your website from Apache to Windows Server IIS. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config automatically.

Published on Friday, 8 February 2013

"htaccess files should not be used for security restrictions"

Acunetix' Bogdan Calin wrote an article explaining why .htaccess files should not be used to secure sensitive data

Published on Wednesday, 8 August 2012

How to filter web traffic with blocklists

Create your own HTTP web blocklist filter to block and filter unwanted web HTTP traffic with blocklists.

Published on Sunday, 27 May 2012

How to use .htaccess files on Windows Server IIS

In this post I'll show you how to install Helicon Ape in Windows Server IIS and how to use .htaccess files for your website. Yes, expect a lot of .htaccess examples for IIS :) Further this post describes some common uses of .htaccess files by PHP applications like WordPress, Joomla, Drupal, or your own coded CMS. For example how to manage subdomains or HTTPS redirections.

Published on Wednesday, 28 December 2011

7 Snippets to use .htaccess as a Web Application Firewall

Here are 7 .htaccess snippets for you to secure your website, by using .htaccess as a kind of Web Application Firewall (WAF). You can use this information to block exploits and rogue HTTP requests on your website.

Published on Wednesday, 3 August 2011

Newer

windows-server (96) iis (80) powershell (76) php (54) wordpress (45) mysql (36) windows (34) performance (28) linux (23) web.config (23) Website (22) htaccess (20) aspnet (19) url-rewrite-module (19) sql-server (18) bash (18) optimization (18) ssl (17) plugin (13) windows-10 (12) devops (11) monitoring (11) security (10) gnu-linux (10) appcmd (10) wsl (9) smtp (9) wincache (9) wmi (8) zabbix (8) windows-update (8) opcache (8) openssh (7) database (7) dism (7) iis-60 (7) sysops (6) wsus (6) apache (6) hyper-v (6) virtualization (6) spam (6) functions-php (6) classic-asp (6) ddos (6) password (5) email (5) active-directory (5) joomla (5) command-line (5) application-pool (5) blacklist (5) t-sql (4) wql (4) https (4) group-policy (4) backup (4) connector-net (4) debug (4) logparser (4) network-adapter (4) dns (4) query_cache (4) ghost (4) iisnode (4) node-js (4) vbscript (3) umbraco (3) windows-firewall (3) brute-force (3) ftp (3) postfix (3) forensics (3) benchmark (3) xss (3) disk-cleanup (3) disk-space (3) sql-injection (3) openssl (2) net-core (2) visual-studio (2) windows-defender (2) rdp (2) connector-odbc (2) c (2) mysqldump (2) xml-rpc (2) smb (2) cross-site-scripting (2) innodb (2) httpbl (2) centos (2) magento (2) denial-of-service (2) deployment (2) windows-deployment-services (2) mysqli (2) open-xchange (2) waf (2) web-application-firewall (2) windows-11 (1) ipv6 (1) networking (1) sqlce (1) tinymce (1) Prianha-CMS (1) kvm (1) http-3 (1) quic (1) wmsvc (1) database-mirroring (1) service-principal-names (1) spn (1) jetpack (1) api (1) kms (1) elasticsearch (1) red-hat (1) varnish-cache (1) dhcp (1) jquery (1)