Mr. Apache: 08.08

21.8.08

CSS Decorative Gallery

Decorate your images and photo galleries without editing the source images.

read more | digg story

Custom 404 pages - Webmaster Help Center

Custom 404 pages - Webmaster Help Center: "

Custom 404 pages

A 404 page is what a user sees when they try to reach a non-existent page on your site (because they've clicked on a broken link, the page has been deleted, or they've mistyped a URL). A 404 page is called that because in response to a request for a missing page, webservers send back a HTTP status code of 404 to indicate that a page is not found. While the standard 404 page can vary depending on your ISP, it usually doesn't provide the user with any useful information, and most users may just surf away from your site.

If you have access to your server, we recommend that you create a custom 404 page. A good custom 404 page will help people find the information they're looking for, as well as providing other helpful content and encouraging them to explore your site further.

(Note: This article covers guidelines for creating the content of your custom 404 page. For information on configuring your server to display your new 404 page, check your server or web hoster documentation. You should still make sure that your webserver returns a 404 status code to users and spiders, so that search engines don't accidentally index your custom 404 page.)

Because a 404 page can also be a standard HTML page, you can customize it any way you want. Here are some suggestions for creating an effective 404 page that can help keep visitors on your site and help them find the information they're looking for:

Tell visitors clearly that the page they're looking for can't be found. Use language that is friendly and inviting.
Make sure your 404 page uses the same look and feel (including navigation) as the rest of your site.
Consider adding links to your most popular articles or posts, as well as a link to your site's home page.
Think about providing a way for users to report a broken link.
No matter how beautiful and useful your custom 404 page, you probably don't want it to appear in Google search results. In order to prevent 404 pages from being indexed by Google and other search engines, make sure that your webserver returns an actual 404 HTTP status code when a missing page is requested.

20.8.08

.htaccess Plugin Blocks Spam, Hackers, and Password Protects

WordPress Plugin blocks spam, hackers, exploits, and password protects your blog using .htaccess

read more | digg story

Crazy Advanced Mod_Rewrite Tutorial

Super Advanced Mod_Rewrite Tutorial for .htaccess filesDecoding Mod_Rewrite VariablesSo when I realized my problem was that I didn’t know the value of the variable being tested by the RewriteCond, I set out to try and discover how to view those variables.. Keep in mind you can also use RewriteLogging, but its only allowed for root users who can edit the httpd.conf, this is .htaccess.Setting Environment Variables with RewriteRuleI discovered a multitude of methods to set and view apache environment variables, using various modules and some core tricks, but the method that allows me to view the most environment variables is RewriteRule.. I wanted to use SetEnvIf more, but its just not as powerful as mod_rewrite, due to programming.This code sets the variable INFO_REQUEST_URI to have the value of REQUEST_URI.

read more | digg story

19.8.08

Pimp out your FeedBurner Count

Hidden parameters and Tricks for Customizing the FeedBurner FeedCount Image

read more | digg story

18.8.08

WP Plugin: all-in-one htaccess plugin

With .htaccess you can do so many things, but the risky part is almost all the time you need to edit your .htaccess file manually. However, now there is a special htaccess wp plugin for wordpress blogs that does so many things (full features are below the screenshot). All you need is “enable” a particular feature and it will rewrite your .htaccess

read more | digg story

AdesBlog.com » WP Plugin: all-in-one htaccess plugin

AdesBlog.com » WP Plugin: all-in-one htaccess plugin: "

Full Features

Directory Protection
Enable the DirectoryIndex Protection, preventing directory index listings and defaulting.
Password Protect wp-login.php
Requires a valid user/pass to access the login page
Password Protect wp-admin
Requires a valid user/pass to access any non-static (css, js, images) file in this directory.
Protect wp-content
Denies any Direct request for files ending in .php with a 403 Forbidden.
Protect wp-includes
Denies any Direct request for files ending in .php with a 403 Forbidden.
Common Exploits
Block common exploit requests with 403 Forbidden.
Stop Hotlinking
Denies any request for static files (images, css, etc) if referrer is not local site or empty.
Safe Request Methods
Denies any request not using GET,PROPFIND,POST,OPTIONS,PUT,HEAD
Forbid Proxies
Denies any POST Request using a Proxy Server. Can still access site, but not comment. See Perishable Press
Real wp-comments-post.php
Denies any POST attempt made to a non-existing wp-comments-post.php
HTTP PROTOCOL
Denies any badly formed HTTP PROTOCOL in the request, 0.9, 1.0, and 1.1 only
SPECIFY CHARACTERS
Denies any request for a url containing characters other than “a-zA-Z0-9.+/-?=&” - REALLY helps but may break your site depending on your links.
BAD Content Length
Denies any POST request that doesnt have a Content-Length Header
BAD Content Type
Denies any POST request with a content type other than application/x-www-form-urlencoded|multipart/form-data
Directory Traversal
Denies Requests containing ../ or ./. which is a directory traversal exploit attempt
PHPSESSID Cookie
Only blocks when a PHPSESSID cookie is sent by the user and it contains characters other than 0-9a-z - *** Safe, Use
NO HOST:
Denies requests that dont contain a HTTP HOST Header.
Bogus Graphics Exploit
Denies obvious exploit using bogus graphics
No UserAgent, No Post
Denies POST requests by blank user-agents. May prevent a small number of visitors from POSTING.
No Referer, No Comment
Denies any comment attempt with a blank HTTP_REFERER field, highly indicative of spam.
Trackback Spam
Denies obvious trackback spam. See Holy Shmoly!
SSL-Only Site
Redirects all non-SSL (https) requests to your https-enabled url
Anti-Spam, Anti-Exploits
Denies Obvious Spam and uses advanced mod_security protection

Go get it tiger! ;)

Plugin page: www.askapache.com/wordpress/htaccess-password-protect.html

Max Design - standards based web design, development and training » Some links for light reading (12/8/08)

Max Design - standards based web design, development and training » Some links for light reading (12/8/08): "Some links for light reading (12/8/08)

Some links for light reading (12/8/08)

August 12th, 2008

In Praise of Minify

The first optimization was very easy. I made sure my images were sufficiently cached by adding a quick .htaccess file in the directory where my images are stored on the server. I saw 2 different techniques for doing this. One was based on file extension, such as the technique discussed here if I have a file that’s incorrectly named it will still.

read more | digg story

11.8.08

AskApache is pushing mod_rewrite boundaries to the limits

Using Apache’s mod_rewrite allows us to perform basic filtering and application firewalling. AskApache is pushing mod_rewrite boundaries to the limits with a cool plugin that will allow automated anti-hack/spam htaccess rules.

read more | digg story

9.8.08

Elite Log File Scrolling with Color Syntax

Scrolls the latest log entries for multiple log files to the current screen or to any other monitor or TTY in color using syntax highlighting, making debugging easier and saving a lot of time for multi-monitor workstations.

read more | digg story