Aug 11, 2008

htaccess-file example 



http://z.askapache.com/htaccess-example2.html

########################################################################
#                    SECURITY / ACCESS CONTROL                         #
# If the web server's AllowOverride allows AUTHCONFIG to be overridden #
########################################################################
#
# Save both .htpasswd and .htgroup files in a directory above "documentroot" directory
# (e.g. not in or below /apache/htdocs) but could be below "serverroot" directory
# (e.g. below /apache).

# This will pop-up a user/password dialog box saying Realm = 
AuthName "Restricted Area"

# AuthType is normally basic.  Not very secure until "Digest" type becomes prevalent
AuthType basic

# If value of AuthUserFile doesn't begin with a slash, it is treated as
# relative to the ServerRoot (not DocumentRoot!)
AuthUserFile "/userhome/blahBlah/.htpasswd"
AuthGroupFile "/userhome/blahBlah/.htgroup"

# Each line of the user file contains a username followed by a colon, followed by the crypt()
# encrypted password. The behavior of multiple occurrences of the same user is undefined. 
# You can generate a password file on your system by typing commands on the OS prompt as follows:
#    htpasswd -c Filename username     # Creates a password file 'Filename' with 'username'
#                                      # as the first user. It will prompt for the new password.
#    htpasswd Filename username2       # Adds or modifies in password file 'Filename' the 'username2'. 
#
# Each line of the group file contains a groupname followed by a colon, followed by 
# the member usernames separated by spaces. For example, put this on one line in the .htgroup file:
# mygroup: bob joe anne

# This set to off will forward a not-found userid to the next-in-line module for authentication.
# 'On' is the default It is better that way.
#AuthAuthoritative off

# Now, we allow specific users or groups to get in.
# require user joe john mary
require valid-user
require group family friends

# More Authentication related, rarely used 
# AuthDBGroupFile 
# AuthDBUserFile 
# AuthDBAuthoritative 
# AuthDBMGroupFile 
# AuthDBMUserFile 
# AuthDBMAuthoritative 
# AuthDigestFile 
# AuthDigestGroupFile 
# AuthDigestQop 
# AuthDigestNonceLifetime 
# AuthDigestNonceFormat 
# AuthDigestNcCheck 
# AuthDigestAlgorithm 
# AuthDigestDomain 
# Using Digest Authentication


###############################################################################
# From here on, if something is not working as you might expect, try to make sure that 
# the corresponding AllowOverride is enabled in ,  or  sections
# of server configuarion files (generally httpd.conf, can be access.conf or srm.conf).
# Allowoverride could be:
# 1. AuthConfig (allows AuthName, AuthUserFile, require etc. in .htaccess file)
# 2. FileInfo (allows AddType, DefaultType, ErrorDocument etc. in .htaccess file) 
# 3. Indexes (allows DirectoryIndex, FancyIndexing, IndexOptions etc. in .htaccess file) 
# 4. Limit (allows use of allow, deny and order directives which control access by host)
# 5. Options (allows use of options directive in .htaccess file - see below)
# 6. All (allows all of the above in .htaccess file.  Rare)
# 7. None (allows none of the above in .htaccess file.  Rare)
# Usually, AuthConfig is allowed.  Rest is up to the particular web host company.
#
# If you get server errors after putting this file in, try disabling
# each section below one-by-one to see what your web hosting company
# allows (or you can ask them :)
###############################################################################


################### THIS IS IMPORTANT! #####################
# AddHandler allows you to map certain file extensions to "handlers",
# actions unrelated to filetype. These can be either built into the server
# or added with the Action command (see below).
# If you want to use server side includes, or CGI outside
# ScriptAliased directories, uncomment the following lines.

# To use CGI scripts:
AddHandler cgi-script cgi pl

# To use server-parsed HTML files
AddType text/html .shtml
AddHandler server-parsed .shtml

# Example of a file whose contents are sent as is so as to tell the client that a file has redirected. 
# Status: 301 Now where did I leave that URL 
# Location: http://xyz.abc.com/foo/bar.html 
# Content-type: text/html 
# 
#    
# 
Fred's exceptionally wonderful page has moved to
# http://xyz.abc.com/foo/bar.html">Joe's site. 
# 

#
# Server always adds a Date: and Server: header to the data returned to the client, 
# so don't include these in the file.
#AddHandler send-as-is asis

# If you wish to use server-parsed imagemap files, use
AddHandler imap-file map

# For content negotiation use
#AddHandler type-map var

# Action lets you define media types that will execute a script whenever
# a matching file is called. This eliminates the need for repeated URL
# pathnames for oft-used CGI file processors.
# Format: Action action-type cgi-script
# Format: Action media/type /cgi-script/location
# Format: Action handler-name /cgi-script/location
#Action cgi-script /cgi-bin/default.cgi

# Redirect [status] ABSOLUTE-path-of-old-url new-url.  Default status is temp.
# Status is one of permanent (returns 301), temp (returns 302), 
# seeother (returns 303, see other document in same place), 
# gone (returns 410, no longer available at all) - Don't specify new-URL
# Here, if the client requests http://myserver/service/foo.txt, it will be told 
# to access http://foo2.bar.com/service/foo.txt instead. 
#Redirect /service http://foo2.bar.com/service

######################################################################
# If the web server's AllowOverride allows FILEINFO to be overridden #
######################################################################
# CookieTracking, AddType, DefaultType, AddHandler, Action, ErrorDocument
# Redirect, Redirectmatch, RedirectPermanent, RedirectTemp
# AddEncoding, AddCharset, AddLanguage, LanguagePriority, DefaultLanguage


#### Comment it out if UserTrack module is not loaded in the server
#CookieName "woiqatty"
#CookieTracking on

# Tweak mime.types without actually editing it, or make certain files to be certain types.
#AddType application/x-httpd-php3 .phtml
AddType application/x-httpd-php3 .php
AddType application/x-httpd-php3 .php3
AddType application/x-httpd-php3-source .phps
AddType application/x-tar .tgz

# In this directory, default filetype is this one if Server cannot
# otherwise determine from filename extensions.
# Mostly text or HTML - "text/plain", gif images - "image/gif", 
# compiled porgrams - "application/octet-stream"
DefaultType text/plain
# DefaultType image/gif
# DefaultType  application/octet-stream



# Customizable error response.  Three styles:
# 1. Plain Text - the (") marks it as text, it does not get output
#ErrorDocument 500 "The server made a boo boo.
# 2. Local Redirects - e.g. To redirect to local URL /missing.html
#ErrorDocument 404 /missing.html
#ErrorDocument 404 /cgi-bin/missing_handler.pl
# 3. External Redirects (All env. variables don't go to the redirected location)
#ErrorDocument 402 http://some.other_server.com/subscription_info.html


# Mosaic/X 2.1+ browsers can uncompress information on the fly
AddEncoding x-compress Z
AddEncoding x-gzip gz tgz

#Content negotiation directives
#AddLanguage fr .fr
# Just list the languages in decreasing order of preference.
LanguagePriority en fr it

.htaccess examples
at Monday, August 11, 2008 0 comments Links to this post

Apache configuration file syntax

Apache configuration file syntax: "' Core and mpm syn keyword apacheDeclaration AccessFileName AddDefaultCharset AllowOverride AuthName AuthType ContentDigest DefaultType DocumentRoot ErrorDocument ErrorLog HostNameLookups IdentityCheck Include KeepAlive KeepAliveTimeout LimitRequestBody LimitRequestFields LimitRequestFieldsize LimitRequestLine LogLevel MaxKeepAliveRequests NameVirtualHost Options Require RLimitCPU RLimitMEM RLimitNPROC Satisfy ScriptInterpreterSource ServerAdmin ServerAlias ServerName ServerPath ServerRoot ServerSignature ServerTokens TimeOut UseCanonicalName if s:av < '002000000' syn keyword apacheDeclaration AccessConfig AddModule BindAddress BS2000Account ClearModuleList CoreDumpDirectory Group Listen ListenBacklog LockFile MaxClients MaxRequestsPerChild MaxSpareServers MinSpareServers PidFile Port ResourceConfig ScoreBoardFile SendBufferSize ServerType StartServers ThreadsPerChild ThreadStackSize User endif if s:av >= '002000000' syn keyword apacheDeclaration AcceptPathInfo CGIMapExtension EnableMMAP FileETag ForceType LimitXMLRequestBody SetHandler SetInputFilter SetOutputFilter syn keyword apacheOption INode MTime Size endif"
at Monday, August 11, 2008 0 comments Links to this post

Jul 14, 2008

SEO and the importance of 503

SEO and the importance of 503: "SEO and the importance of 503

July 14th, 2008

Today I arrived at work to find one of our, externally hosted, clients plummeting down the SERPS for terms that they would normally rank very highly for. As we always employ an ethical approach to our SEO campaigns I was a little bewildered by this sudden drop in rankings and decided to investigate. After a brief search through the Google results, there was the answer in the returned search listings.

Could not connect to database

This was the description on the returned results for our client’s website.

It would seem that when the site was last crawled the database was down and the client’s developer had returned the afore mentioned error message with a 200 OK header. So instead of our nicely optimised pages the search engines found zero relevant content and a server response header that said ‘Yeah sure! This is fine, this is what we want you to see’.

So what should we really be doing if a database connection fails?

We should be looking to our SEO friendly 503 (Service Temporarily Unavalable) header to let the search engines know that there is a problem and to come back later. For details of implementing the 503 header there’s an excellent tutorial at http://www.askapache.com/htaccess/503-service-temporarily-unavailable.html"
at Monday, July 14, 2008 0 comments Links to this post

Jul 4, 2008

More ways to stop spammers and unwanted traffic

More ways to stop spammers and unwanted traffic

Posted in WordPress | Tags: , , , , , , . |

Comment spammers, trackback spam, stupid bots and AVG linkscanner eating into your bandwidth and server resources? Here’s how to put a dent in their activities with a few mod_rewrite rules.

I hate those blogs that send me fake trackbacks and pingbacks. Unfortunately it’s impossible to stop but this morning I figured out a way of stopping some of them.

Look through the log files of your web server for the string ‘ “-” “-”‘. Lots of requests there aren’t there? I found 914 requests yesterday. Those are requests without a USER_AGENT or HTTP_REFERER and almost all of them are suspicious because they weren’t followed by requests for images, stylesheets. or Javascript files. Unfortunately the WordPress cron server also falls into this category so you need to filter out requests from your own server’s IP address.

This morning I checked up on a spam trackback that came in. This one came from 85.177.33.196:

URL: /xmlrpc.php
HTTP_RAW_POST_DATA:

pingback.ping


http://7wins. eu/cbprod/detail_10347/cure+your+tight+foreskin.html


http://ocaoimh.ie/2005/03/01/i-am-bored-sites-for-when-youre-bored/all-comments/


I looked through my log files for that IP address and discovered the following:

85.177.33.196 - - [03/Jul/2008:06:40:01 +0000] “GET /2005/02/18/10-more-ways-to-make-money-with-your-digital-cameras/ HTTP/1.0″ 200 36151 “-” “-”
85.177.33.196 - - [03/Jul/2008:07:04:18 +0000] “GET /2007/06/07/im-not-the-only-one-to-love-the-alfa-147/ HTTP/1.0″ 200 44967 “-” “-”
85.177.33.196 - - [03/Jul/2008:08:09:40 +0000] “GET /2005/03/01/i-am-bored-sites-for-when-youre-bored/all-comments/ HTTP/1.0″ 200 410423 “-” “-”
85.177.33.196 - - [03/Jul/2008:08:09:44 +0000] “POST /xmlrpc.php HTTP/1.0″ 200 249 “-” “XML-RPC for PHP 2.2.1″
85.177.33.196 - - [03/Jul/2008:09:00:09 +0000] “GET /2007/10/28/what-time-is-it-wordpress/ HTTP/1.0″ 200 63332 “-” “-”

So, the spammer grabs “/2005/03/01/i-am-bored-sites-for-when-youre-bored/all-comments/” at 8:09am and 4 seconds later sends a trackback spam to the same blog post. Annoying isn’t it?

The following mod_rewrite rules will kill those fake GET requests dead.

# stop requests with no UA or referrer
RewriteCond %{HTTP_REFERER} ^$
Rewritecond %{HTTP_USER_AGENT} ^$
RewriteCond %{REMOTE_ADDR} !^64\.22\.71\.36$
RewriteRule ^(.*) - [F]

Replace “64\.22\.71\.36″ with the IP address of your own server. If you don’t know what it is, look through your logs for requests for wp-cron.php, run ifconfig from the command line, or check with your hosting company.
Here are a few of the requests already stopped this morning:

72.21.40.122 - - [03/Jul/2008:09:59:59 +0000] “GET /2005/04/02/photo-matt-a-response-to-the-noise/ HTTP/1.1″ 403 248 “-” “-”
216.32.81.66 - - [03/Jul/2008:10:00:11 +0000] “GET /2006/12/14/bupa-to-leave-irish-market/ HTTP/1.1″ 403 240 “-” “-”
66.228.208.166 - - [03/Jul/2008:10:03:18 +0000] “GET /2008/05/23/youre-looking-so-silly-wii-fit HTTP/1.1″ 403 212 “-” “-”
216.32.81.74 - - [03/Jul/2008:10:04:52 +0000] “GET /1998/03/22/for-the-next-month-o/ HTTP/1.1″ 403 234 “-” “-”
69.46.20.87 - - [03/Jul/2008:10:06:06 +0000] “GET /2006/10/01/killing-off-php/ HTTP/1.1″ 403 229 “-” “-”
72.21.58.74 - - [03/Jul/2008:10:07:54 +0000] “GET /2005/08/12/thunderbird-feeds-and-messages-duplicates/ HTTP/1.1″ 403 255 “-” “-”

Some spam bots are stupid. They don’t know where your wp-comments-post.php is. That’s the file your comment form feeds when a comment is made. If your blog is installed in the root, “/”, of your domain you can add this one line to stop the 404 requests generated:

RewriteRule ^(.*)/wp-comments-post.php - [F,L]

Trackbacks and pingbacks almost always come from sane looking user agents. They usually have the blog or forum software name to identify them. Look for “/trackback/” POSTs in your logs. Notice how 99% of them have browser names in them? Here’s how to stop them, and this has been documented for a long time:

RewriteCond %{HTTP_USER_AGENT} ^.*(Opera|Mozilla|MSIE).*$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteCond %{REQUEST_METHOD} ^POST$
RewriteRule ^(.*)/trackback/ - [F,L]

I’ve been using that chunk of code for ages. It works exceptionally well. This was prompted by a deluge of 40,000 spam trackbacks this site received in one day a few months ago.

If you use my Cookies for Comments plugin. Check your browser for the cookie it leaves and use the following code to block almost all of your comment spam:

RewriteCond %{HTTP_COOKIE} !^.*put_cookie_value_here.*$
RewriteRule ^wp-comments-post.php - [F,L]

That will block the spammers even before they hit any PHP script. Your server will breeze through the worst spam attempts. It blocked 2308 comment spam attempts yesterday. Unfortunately it also stops the occasional human visitor leaving a comment but I think it’s worth it.

Do something different. That’s what you have to do. Place a hurdle before the spammers and they’ll fall. On that note, I shouldn’t really be blogging all this, but almost all these ideas can be found elsewhere already and the spammers still haven’t adapted.

Unwanted traffic? What’s that? Surely all visitors are good? Nope, unfortunately not. Robert alerted me to the fact that AVG anti-virus now includes an AJAX powered browser plugin called “Linkscanner” that scans all the links on search engine result pages for viruses and malicious code. Unfortunately that generates a huge number of requests for pages that are never even seen by the visitor. I counted over 7,000 hits yesterday.

Thankfully Padraig Brady has a solution. I hope he doesn’t mind if I reprint his mod_rewrite rules here (unfortunately WordPress changes the ” character so you’ll have to change them back, or grab the code from Padraig’s page.)

#Here we assume certain MSIE 6.0 agents are from linkscanner
#redirect these requests back to avg in the hope they’ll see their silliness
Rewritecond %{HTTP_USER_AGENT} “.*MSIE 6.0; Windows NT 5.1; SV1.$” [OR]
Rewritecond %{HTTP_USER_AGENT} “.*MSIE 6.0; Windows NT 5.1;1813.$”
RewriteCond %{HTTP_REFERER} ^$
RewriteCond %{HTTP:Accept-Encoding} ^$
RewriteRule ^.* http://www.avg.com/?LinkScannerSucks [R=307,L]

at Friday, July 04, 2008 0 comments Links to this post

Jul 2, 2008

Fsockopen Examples

Fsockopen Examples

fsockopen warningNote the warning sign, fsockopen is dangerous in the sense that you can crash your server, perform a DOS against your own server or other site, use up all your servers available sockets and fd descriptors, use up your bandwidth, etc.. Shouldn’t be a problem unless you are being malicious or careless.

Here are some BOSS fsockopen functions I hacked together yesterday for use in my AskApache Crazy Cache WordPress Plugin. I’ve used code and ideas from 100’s of authors, projects, and docs to try to make this the very best I can.

Intro

This is a working example employing as many of the best-practices, tips, and tricks for using fsockopen on remote streams that I could find.

at Wednesday, July 02, 2008 0 comments Links to this post

Jun 10, 2008

.htaccess Tutorial Google Search








Results 1 - 10 for htaccess. (0.25 seconds)

Google
Custom Search

Apache Tutorial: .htaccess files



Search for htaccess tutorial at Google

Results 1 - 71 for htaccess tutorial. (3.25 seconds)

.htaccess Tutorials, htaccess Examples, Sample .htaccess Files

.htaccess directives controlling host access ( trunk/mod/mod_authz_host.html#allow , trunk/mod/mod_authz_host.html#deny and Order ). .htaccess Tutorial
www.askapache.com/htaccess/apache-htaccess.html

htaccess Tutorial for Apache Webmasters

These cut-and-paste ready htaccess code snippets are very useful for website and server administrators.
www.askapache.com/htaccess/htaccess-for-webmasters.html

FilesMatch and Files in htaccess tutorial

Using the Files and FilesMatch directives in Apache htaccess Files.
www.askapache.com/htaccess/using-filesmatch-and-files-in-htaccess.html

.htaccess File and mod_rewrite examples

Updated frequently based on detailed info from the Apache htaccess tutorial. If you see any room for improvement, or if you can add something than go ahead …
www.askapache.com/htaccess/ultimate-htaccess-file-sample.html

.htaccess tutorial for SEO 301 Redirects with RedirectMatch and …

SEO Search Engine Friendly Redirects without mod_rewrite using RedirectMatch and mod_alias.
www.askapache.com/htaccess/seo-search-engine-friendly-redirects-without-mod_rewrite.html

PHP and .htaccess tutorial and examples for Apache

Apache htaccess tricks and tips for implementing, using, and optimising php and custom php.ini.
www.askapache.com/htaccess/php-htaccess-tips-and-tricks.html

Security Tips for Securing your website, server, blog using .htaccess

One Response to “Security with Apache htaccess Tutorial”. bluesdog 05.16.07 at 1:08 am. >chmod files that you really dont want people to see as 400 …
www.askapache.com/htaccess/security-with-apache-htaccess.html

HTTPS / SSL Apache Tips, .htaccess Tricks, and Server Hacks

This htaccess tutorial has htaccess example code to make it easy to secure and use HTTPS and … MORE: Apache SSL in htaccess examples and https/ssl forum …
www.askapache.com/htaccess/ssl-example-usage-in-htaccess.html

htaccess rewrite tips using RewriteRule and RewriteCond for …

mod_rewrite tips and tricks for .htaccess files using RewriteBase, … Search Engine Friendly Redirects | .htaccess Tutorial Index | » Speed up your site …
www.askapache.com/htaccess/mod_rewrite-tips-and-tricks.html

.htaccess - Wikipedia

The Ultimate htaccess Examples - The most-requested and best example htaccess code; URL Rewriting tutorial - Tutorial on how to use mod_rewrite to rewrite …
www.askapache.com/htaccess/htaccess-wikipedia.html

mod_security Guide and Examples of use in .htaccess

Mod_Security .htaccess guide provides protection from a range of attacks against … Apache Variable fun (mod_env) | .htaccess Tutorial Index | SetEnvIf and …
www.askapache.com/htaccess/mod_security-htaccess-tricks.html

Password Protection and Authentication Locking down Apache with …

If you are having trouble getting htaccess-based password protection to work see: … Speed up your site with Caching and cache-control | .htaccess Tutorial
www.askapache.com/htaccess/apache-authentication-in-htaccess.html

SEO Implementations of Multiple Search Engines

Tricks, and Hacks · Security with Apache htaccess Tutorial · 301 Redirect with mod_rewrite or RedirectMatch · SEO Secrets of AskApache.com … …
www.askapache.com/search/301/

Apache Environment Variable Info

SSL example usage in htaccess | .htaccess Tutorial Index | » .htaccess .... Additional and detailed info on each htaccess code snippet can be found at …
www.askapache.com/htaccess/apache-variable-fun-in-htaccess.html

HTTP Response and Request Header Manipulation using Apache .htaccess

For Webmasters | .htaccess Tutorial Index | » PHP htaccess tips … 7 Responses to “Manipulating HTTP Headers with htaccess”. karel 11.08.07 at 11:42 am …
www.askapache.com/htaccess/using-http-headers-with-htaccess.html

Links to htaccess tutorials and articles

Links to htaccess tutorials and howtos in the. … Multiple Custom PHP.ini · Multple domains using htaccess · Newbie htaccess Tutorial · On Page Load …
www.askapache.com/htaccess/best-htaccess-tutorials-and-articles.html

Caching Techniques for Apache .htaccess Gurus

More detailed article: Speed Up Sites with htaccess Caching. NOTE: Stay tuned I’m working on the update! « mod_rewrite tips and tricks | .htaccess Tutorial
www.askapache.com/htaccess/speed-up-your-site-with-caching-and-cache-control.html

Fresh .htaccess Examples: Cookies, Variables, Custom Headers

htaccess mod_rewrite code for Cookie Manipulation and Tests, Set Environment Variables and use … PHPMailer tutorial · Search Engine Verify Plugin Updated …
www.askapache.com/htaccess/htaccess-fresh.html
at Tuesday, June 10, 2008 0 comments Links to this post

htaccess-guide's .htaccess tutorial

.htaccess Guide
What is .htaccess?
.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and executed by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.


Table of Contents
1. What is .htaccess?
2. How to use .htaccess
3. Error documents
4. Redirects
5. Password protection
6. Deny visitors by IP address
7. Deny visitors by referrer
8. Hot link prevention techniques
9. Blocking offline browsers and 'bad bots'
10. DirectoryIndex uses
11. Adding MIME types
12. Enable SSI with .htaccess
13. Enable CGI outside of the cgi-bin
14. Disable directory listings
15. Setting server timezone
16. Changing server signature
17. Useful Resources
at Tuesday, June 10, 2008 0 comments Links to this post
Labels: ,

Nov 26, 2007

Gain traffic by going International


Experiments with web technologies, a place of old, new, radical, and controversial ideas and code. On this page, you'll find news, links to technologies and ways to pimp your website.


Experimente mit Netztechnologien, ein Ort der alten, neuen, radikalen und umstrittenen Ideen und des Codes. Auf dieser Seite finden Sie Nachrichten, Verbindungen zu Technologien und Weisen zu kuppeln Ihre Web site.


, ����� ������, �����, �����������, � �������������� ���� � ������. �� ���� ��������, �� ������� , ���������� � pimp ���� website.


Experimenten met Webtechnologieën, een plaats van oude, nieuwe, radicale, en controversiële ideeën en code. Voor deze pagina, zult u vinden nieuws, verbindingen aan technologieën en manieren aan pooi uw website.


实验以 网技术, 老, 新, 根本, 和有争议的想法和代码地方。在这页, 您将发现 新闻, 链接 技术 并且方式 拉皮条您的网站.


웹 기술 에 실험, 오래 되고는, 새롭고, 과격하, 논쟁적인 아이디어 및 부호의 장소. 이 페이지에, 너는 발견할 것이다 뉴스, 연결에 기술 그리고 방법에 너의 웹사이트는 뚜쟁이질를 한다.


網の技術 の実験、古く、新しく、根本的な、論争の的になる考えおよびコードの場所。このページで、見つける ニュース、リンクへの 技術 そして方法への あなたのウェブサイトはpimp。


Experiências com tecnologias da correia fotorreceptora, um lugar de idéias e do código velhos, novos, radicais, e controversos. Nesta página, você encontrará notícia, ligações a tecnologias e maneiras a pimp seu Web site.


Esperimenti con le tecnologie di fotoricettore, un posto di vecchi, nuovi, idee e codice radicali e e discutibili. A questa pagina, troverete notizie, collegamenti a tecnologie e sensi a pimp il vostro Web site.


Expériences avec des technologies d'enchaînement, un endroit de vieux, nouveaux, radicaux, et controversés idées et code. À cette page, vous trouverez nouvelles, liens à technologies et manières à sont souteneurs votre site Web.


Experimentos con tecnologías de la tela, un lugar de viejos, nuevos, radicales, y polémicos ideas y código. En esta página, usted encontrará noticias, acoplamientos a tecnologías y maneras a pimp su Web site.

at Monday, November 26, 2007 0 comments Links to this post
Labels: , , , , , , ,

Nov 11, 2007

Its called synergy, that means we all win not all lose

Its called synergy, that means we all win not all lose
at Sunday, November 11, 2007 0 comments Links to this post
Labels:

Nov 10, 2007

Apache Web Development: DreamHost Employees shocked visitors to their website

DreamHost Employees shocked visitors to their website

This is why many of the worlds most-respected web developers and designers are flocking to dreamhost. That's how I found it, thanks to 456bereastreet.com, and now I'm telling you.

DreamHost Employees shocked visitors to their website


Apache Web Development: DreamHost Employees shocked visitors to their website
at Saturday, November 10, 2007 0 comments Links to this post
Labels:

DreamHost Employees shocked visitors to their website

"This is why many of the worlds most-respected web developers and designers are flocking to dreamhost. That's how I found it, thanks to 456bereastreet.com, and now I'm telling you."
at Saturday, November 10, 2007 0 comments Links to this post
Labels:

Nov 9, 2007

.htaccess tutorial

.htaccess tutorial

.htaccess file provide a way to make config changes on a per-directory.


A file, containing one or more guidelines settings, it is placed in a particular directory, and the directives apply to that directory and all its subsequent subdirectories.

Notice:

For example, if you prefer that the file is called .htacc then you could add the following line to your server's config file httpd.conf:

AccessFileName .htacc

If a policy is allowed in a .htaccess file, the documentation for this guideline will contain a section Override, specifying that value must be in AllowOverride for this directive is permitted.

So you must at least have AllowOverride FileInfo to accept that this directive is in the .htaccess

Example:

Background:Configuration of the server, virtual host, directory, .htaccess
Override:FileInfo

If you are uncertain whether a guideline in particular is accepted in a .htaccess file, look at the documentation for this policy, and check the line for Context ".htaccess".



Not using .htaccess files

You can use the user authentication settings in the config file's main server, and that is, in fact, the most appropriate way of doing things.

This is particularly true, for example, in cases where providers are providing multiple sites for users in just a machine, and want their users to change their settings.

Any settings you consider adding in a .htaccess, can be effectively placed in a section in the main config file from your server.

There are two main reasons to avoid the use of .htaccess.

Moreover, the .htaccess file is loaded each time a document is required.

See the section as the directives are applied. So if a file from one directory /webroot/htdocs/folder is required, then Apache must look for the following files:

/.htaccess
/webroot/.htaccess
/webroot/htdocs/.htaccess
/webroot/htdocs/folder/.htaccess

Notice that this will only be the case if the .htaccess files are entitled and allowed access to /, which is not normally the case.

Specify exactly what you set in the directive AllowOverride, and direct them to the relevant documentation, will spare you a lot of confusion later.

Notice that is exactly equivalent place the .htaccess file in a directory /webroot/htdocs/folder containing a guideline, and add the same directive in a section Directory in the config of your main server

Archive .htaccess in /root/htdocs/public_html

Content of a .htaccess file in /www/htdocs/public_html

AddType application/x-httpd-php .php

Section of your httpd.conf



However, adding it to your server's config file will result in a lower loss of performance, as far as the setup is loaded at boot from the server, instead of a file that all that is required.

The use of .htaccess can be completely disabled, adjusting the directive AllowOverride to none

AllowOverride None


As the guidelines are applied

These, in turn, can be overridden by its directives guidelines further up, or in the main config file from the server.

Example:

In the directory/root/htdocs/public_html1 we have an apache .htaccess containing the following:

Options +ExecCGI

Notice: you must have "AllowOverride Options" to allow use of the directive "Options" in the .htaccess

In the directory/root/htdocs/public_html1/example2 we have an apache .htaccess containing:

Includes +Options

Because of this second .htaccess file in the directory/root/htdocs/public_html1/example2, to run CGI scripts is not allowed, because only Includes Options is in effect, which completely override any other adjustments previously configured.



authentication and/or authorization in .htaccess

See the discussion above about when you should and when you should not use the .htaccess file.

That said, if you still believe you need to use a .htaccess file, the config below probably will for you.

Content of a .htaccess file:

Basic AuthType
AuthName "Hacking Attempt"
AuthUserFile /webroot/private-dir/.htpasswd
AuthGroupFile /webroot/private-dir/.htgroup
Require Group admins

Notice that AllowOverride AuthConfig must be enabled so that these guidelines take effect.

Please see the authorization tutorial for a more complete discussion of authentication and authorization in .htaccess files.



SSI Server Side Includes Example

This can be done with the following directives for setting, placed in a .htaccess file in the desired:

Options +Includes
AddType text/html shtml
AddHandler server-parsed shtml

Notice that both AllowOverride Options and AllowOverride FileInfo must be empowered to these guidelines have effect.

Check out the SSI tutorial on apache for a more complete discussion of server-side includes.



CGI sample code

This can be implemented with the following settings:

Options +ExecCGI
AddHandler cgi-script cgi pl

Alternatively, if you want all the files in a given directory, as CGI programs, it can be done with the following config:

Options +ExecCGI
SetHandler cgi-script

Notice that both AllowOverride Options and AllowOverride FileInfo must be enabled so that these directives have any effect.

Please see the apache cgi tutorial of CGI tutorial for a more complete discussion of CGI programming and config.



Solving Problems

When you add guidelines config to a .htaccess file and not get the desired effect, there are a number of points that may be wrong.

If not generated any error from the server, you certainly have AllowOverride None qualified.

Alternatively, it can accuse you of syntax errors will be corrected.


Archives .htaccess

Related modules Guidelines Related


Definitions

Authentication
The positive identification of an entity such as a network server, a client, or user.
HTTPD Apache Docs Link: Authentication, Authorization and Access Control
Access Control
In the context of Apache normally means restricting access to certain domains
HTTPD Apache Docs Link: Authentication, Authorization and Access Control
Algorithm
The algorithms are called to encrypt usually encryption algorithms
apacheextensiontool (apxs)
It is a script written in Perl that helps compile the source code for some modules to become Dynamic Shared Objects (DSO s) and helps to be installed on the Apache Web server.
HTTPD Apache Docs Link: Pages Help: apxs
Certificate
Network entities verify signatures using certificates of BC.
Apache SSL / TLS
certificationauthority (ca)
Other entities network can verify the signature to verify that a Certificate Authority had authenticated the holder of the certificate.
Apache SSL / TLS
certificatsigningrequest (csr)
Once the CSR is signed, it becomes a genuine certificate.
Apache SSL / TLS
Encryption Algorithm
Examples of these algorithms are DES, IDEA, RC4, and so on.
Apache SSL / TLS
Text encryption
The result of having applied to a text unencrypted an encryption algorithm.
HTTPD Apache Docs Link: SSL / TLS
Common Gateway Interface (CGI)
This interface was originally defined by the NCSA but there is also a draft RFC.
HTTPD Apache Docs Link: Dynamic Content with CGI
Configuration Directives
HTTPD Apache Docs Link: Directives
Configuration File
A text file containing directives that control the configuration of Apache.
HTTPD Apache Docs Link: Configuration Files
CONNECT
It can be used to encapsulate other protocols, such as SSL protocol.
Context
An area in the configuration files where they are allowed certain types of directives.
HTTPD Apache Docs Link: Terms used to describe the Apache Directives
Digital Signature
Only the public key can decrypt the CAs signature, verifying that the CA has authenticated the network entity owns the certificate.
Apache SSL / TLS
Directive
The directives are in the Configuration File
HTTPD Apache Docs Link: Index Directives
dynamicsharedobject (dso)
The modules compiled separately to Apache httpd binary can be loaded as required.
HTTPD Apache Docs Link: Support Dynamic Shared Object
environmentvariable (env-variable)
Apache also contains internal variables that are referred to as environment variables, but which are stored in the internal structures of Apache, rather than in the shell environment.
HTTPD Apache Docs Link: Environment Variables Apache
Export
The cryptographic software Export is limited to a small key, so that the ciphertext that is achieved with it, can desencriptarse by brute force.
Apache SSL / TLS
Filter
For example, the output filter INCLUDES processes documents for Server Side Includes.
HTTPD Apache Docs Link: Filters
fully-qualifieddomain-name (fqdn)
For example, www is a hostname, example.com is a domain name, and www.example.com is a fully qualified domain name.
Handler
For example, the handler cgi-script designates files to be processed as CGI.
HTTPD Apache Docs Link: Using Apache Handler
Headline
Part of the petition and HTTP response that is sent before the actual content, which contains metadata describing the content.
.htaccess
Despite its name, this file can contain any type of guidelines, directives not only access control.
HTTPD Apache Docs Link: Configuration Files
Httpd.conf
The default location is / usr/local/apache2/conf/httpd.conf, but can move using configuration options when compiling or start Apache.
HTTPD Apache Docs Link: Configuration Files
hypertexttransferprotocol (http)
Apache implements version 1.1 of this protocol, which is referred to as HTTP/1.1 and defined by RFC 2616.
HTTPS
Actually HTTP over SSL.
Apache SSL / TLS
Method
Some of the methods diponibles HTTP are GET, POST and PUT.
Message Digest
A hash of a message, which can be used to verify that the content of the message has not been altered during transmission.
Apache SSL / TLS
MIME-type
In HTTP, the mime type is transmitted in the headwaters of the Content Type.
HTTPD Apache Docs Link: mod_mime
Module
These modules are called modules third.
See Table Module
modulemagicnumber (mmn)
If you change the magic number of module, all the modules of others must be at least recompiled, and sometimes even need to be slight modifications to run with the new version of Apache
OpenSSL
The Open Source toolkit for SSL / TLS
See http://www.openssl.org/
Pass Phrase
Usually its just the key encryption / decryption algorithms used by encryption.
Apache SSL / TLS
Plaintext
The unencrypted text.
Private Key
The key secret of a Public Key Cryptography system, used to decrypt incoming messages and sign outgoing.
Apache SSL / TLS
Proxy
If multiple clients requesting the same content, the proxy serves content from its cache, instead of asking every time they need to source server, reducing this turnaround time.
HTTPD Apache Docs Link: mod_proxy
Key Publish
The key publicly available in a Public Key Cryptography system, which is used to encrypt messages intended for its owner and to decrypt signatures made by its owner.
Apache SSL / TLS
Criptográfia Public Key
Also called Asymmetric Cryptography.
Apache SSL / TLS
regularexpresion (regex)
One way to describe a standard text-for example, "all words that begin with the letter" A "or" all the phone numbers that contain 10 digits "or even" All sentences between commas, and they do not contain any Q letter. "Regular Expressions in Apache are useful. Uses Apache Perl Compatible Regular Expression thanks to the PCRE library.
Reverse Proxy
It is useful to hide the true source server to the client for security, or for load balancing.
Secure Sockets Layer (SSL)
Its implementation is more popular HTTPS, the Hypertext Transfer Protocol (HTTP) over SSL.
Apache SSL / TLS
Server Side Includes (SSI)
A technique for embedding process directives in HTML files.
HTTPD Apache Docs Link: Introduction to Server Side Includes
Session
Information context of a communication in general.
SSLeay
The original implementation of the library SSL / TLS developed by Eric A. Young
Symmetric Cryptography
The study and application of encryption algorithms that use a single secret key for both encryption to decrypt.
Apache SSL / TLS
Tarball
The Apache distributions are stored in compressed files with tar or pkzip.
transportlayersecurity (tls)
Version 1 of TLS is almost identical to the version 3 SSL.
Apache SSL / TLS
uniformresourcelocator (url)
A URL for this page is http://httpd.apache.org/docs/trunk/glossary.html.
uniformresourceidentifier (URI)
URIs in use world-wide web are commonly referred to as URLs.
Virtual Hosting
They are serving different websites with a single entity Apache. Hosting virtual IPs difference between websites based on their IP addresses, while the name-based virtual hosting uses only the name of the host and thus can accommodate many websites with the same IP address.
HTTPD Apache Docs Link: Documentation Hosting Virtual Apache
X.509
A certificate authentication scheme recommended by the International Telecommunication Union (ITU-T) which is used for authentication SSL / TLS.
Apache SSL / TLS
at Friday, November 09, 2007 0 comments Links to this post
Labels: , , , , , , , , , , , ,

Server Apache Test

ErrorDocument
 
at Friday, November 09, 2007 0 comments Links to this post
Labels:

Nov 8, 2007

Google AJAX Search API Blog: Slide Show Update - Full Control Panel

The Google AJAX Feed API's Slide Show got an update with the addition of a full control panel option. To see this new control panel in action, just hover your mouse over the sample below. To get all the information on the new feature, visit the Slide Show Programming Guide.


at Thursday, November 08, 2007 0 comments Links to this post
Labels: , , , , ,

Mr. Apache

Mr. Apache
at Thursday, November 08, 2007 0 comments Links to this post
Labels:

iTools 8 for Mac OS X & Mac OS X Server

iTools 8 for Mac OS X & Mac OS X Server:

Apache Dashboard iTools 8 is a web site management system for both small to medium-sized web hosting providers that own or rent dedicated servers, and for large service providers who may wish to bundle iTools into their offerings. iTools is ideal for the professional hosting of multiple companies on a single server; it shortens the time and lessens the expertise needed to deploy new sites. iTools's secure, domain-specific, browser-based Apache administration, using a 8th generation suite of tools, makes Apache on Mac OS X, the easiest Apache in the world to administer. Using Apple's bundled Apache as a point-of-departure, Tenon's iTools extends this underlying server platform with an Apache 2 implementation, a point-and-click interface and a rich set of new features. Included with iTools, in addition to extensions and enhancements to the Mac OS X Apache web server, are a state-of-the-art domain name server, a multihoming FTP server, a robust SSL encryption engine to support eCommerce, a powerful caching engine with state-of-the-art proxy support, and a search engine. All of the tools are supported using a secure point-and-click browser-based administration tool.

Screen Shots
iTools Control Panel Configure your DNS Add a virtual host
at Thursday, November 08, 2007 0 comments Links to this post
Labels:

How To Ask Questions The Smart Way

How To Ask Questions The Smart Way

Table of Contents

Translations
Disclaimer
Introduction
Before You Ask
When You Ask
Choose your forum carefully
Web and IRC forums directed towards newbies often give the quickest response
As a second step, use project mailing lists
Use meaningful, specific subject headers
Make it easy to reply
Write in clear, grammatical, correctly-spelled language
Send questions in accessible, standard formats
Be precise and informative about your problem
Volume is not precision
Don't claim that you have found a bug
Grovelling is not a substitute for doing your homework
Describe the problem's symptoms, not your guesses
Describe your problem's symptoms in chronological order
Describe the goal, not the step
Don't ask people to reply by private e-mail
Be explicit about your question
When asking about code
Don't post homework questions
Prune pointless queries
Don't flag your question as “Urgent”, even if it is for you
Courtesy never hurts, and sometimes helps
Follow up with a brief note on the solution
How To Interpret Answers
RTFM and STFW: How To Tell You've Seriously Screwed Up
If you don't understand...
Dealing with rudeness
On Not Reacting Like A Loser
Questions Not To Ask
Good and Bad Questions
If You Can't Get An Answer
How To Answer Questions in a Helpful Way
Related Resources
Acknowledgements
at Thursday, November 08, 2007 0 comments Links to this post
Labels: