Collaborate Disseminate
As a security in-charge, I just noticed that one of our production web apps was attacked by some hackers. The attacker accessed the .git/objects/ files.
I already modified .htaccess to make .git and its content inaccessible.
The attacker … Continue reading Security implications of stolen .git/objects/ files
I use a .htaccess file in my images directory to block scripts from running. I exclude .php .cgi and so on. But some malware is disguised by naming them with an image extension. I did not previously add various image extensions fearing it… Continue reading .htaccess to stop scripts with image extensions
I have a public hosting server. I want to give access to it only from one specific IP address. Since it’s a public hosting I don’t have access to its infrastructure or apache configuration. I can create .htaccess file only. Based on that c… Continue reading How to allow access from just one IP in htaccess
Is it is a good idea to restrict access to the admin-login-page-url of a website, by making a .htaccess rule that only allows access to the dedicated VPN IP?
If so, is it recommended to just buy the dedicated IP from popular VPN providers?… Continue reading Securing Admin Login by only whitelisting a dedicated vpn ip
.htaccess is now a very common URL rewrite to make it SEO friendly and cover the database IDs.
What are the ways to explore php file on the server given to URL via .htaccess?
Example :
The URL is www.domain.com/news/56.
I expect to fin… Continue reading How to find PHP filename and ID of the URL?
I have been trying to confirm which browsers will accept session.cookie_httponly but for my test each browser I am using fails. Which more than likely indicates my test is not correct. What I am wanting to do is test whether or not JavaScr… Continue reading Testing session.cookie_httponly .htaccess
So, I was involving in one of projects where client site and admin panel/dashboard was hosted on different sites. Not like a lot of CRM`s do or 90% of common sites (just in /admin or other URL location on root client site), but literally o… Continue reading Is it possible to bypass .htacess protection?
Today I got reports about one of my websites becoming inaccessible. I’ve come to learn that at the time we were under DDOS attack.
After getting through that, the website started throwing a permission denied error, so I narrowed it down t… Continue reading .htaccess File Changed – Question About Possible Breach Or Default Defense Mechanism
I need some serious help. I managed to upload a PHP shell using an upload form with some tweaking. No such restrictions except it renames the uploaded file to md5.But when I tried to execute the shell, It shows a 500 error. I… Continue reading Unable to execute PHP, throws 500 error. Able to upload and execute all others
I would like to know if it would be an issue to use this code in a production environment:
RewriteCond %{HTTP_HOST} ^(?:www\.)?([a-zA-Z0-9_-]+)\.(?:com|co\.uk|es|de)$
RewriteCond $1 ^sitemap([0-9]+)?\.xml(\.gz)?$
RewriteRule… Continue reading Security issue with .htaccess with dynamic http_host redirect?