Joomla and WordPress Found Harboring Malicious Redirect Code
New .htaccess injector threat on Joomla and WordPress websites redirects to malicious websites. Continue reading Joomla and WordPress Found Harboring Malicious Redirect Code
Category Archives: htaccess
Could Someone Use a Stolen Cookie Session ID to Bypass Htaccess Login?
I’m doing some pen testing for my place of employment. I was able to grab the session id from the browser cookies, but i still cannot get past the htaccess login. I initially thought that by setting the cookie with the stolen… Continue reading Could Someone Use a Stolen Cookie Session ID to Bypass Htaccess Login?
HSTS and TLS redirection: What is the correct order?
Currently I am trying to setup my apache server for HSTS. Therefore my .htaccess looks like this:
<IfModule mod_headers.c>
Header set Strict-Transport-Security “max-age=63072000; includeSubDomains; preload”
Hea… Continue reading HSTS and TLS redirection: What is the correct order?
.htaccess rewrite rule to hide files
Let’s say we have a password.txt in a webdirectory that must not be leaked. Is it secure to use a RewriteRule like this?
RewriteRule “^password.txt?*” “404.html”
I tried to do something fishy like domain.com/somefile/../pa… Continue reading .htaccess rewrite rule to hide files
How to prevent users to access my files?
I run a magento shop and figured out that there is a security risk. Users can download the logfiles under /var/log/. If they go to https://www.example.com/var/log then a 404 site shows but if they know the exact name of the l… Continue reading How to prevent users to access my files?
How to redirect all ports but 443 to https 443 with htaccess [closed]
How to redirect all ports but 443 to https 443, e.g 404 page, with htaccess please?
Why? – To disable cPanel and Webmail which is usually on ports 2096, 2083 etc. I do not use cPanel and Webmail. They have number of minor vu… Continue reading How to redirect all ports but 443 to https 443 with htaccess [closed]
Is it possible to bypass this .htaccess?
AuthName “Restricted Area”
AuthType Basic
AuthUserFile /home/xxx/.htpasswd
AuthGroupFile /dev/null
require valid-user
I was trying instead of sending a “GET” a “GETS” to perform the bypass but it does not work. Should this… Continue reading Is it possible to bypass this .htaccess?
Security vulnerabilities of using parsoid on shared host with private wiki?
I have a client who is running a private mediaWiki site who wants to install VisualEditor extension. Currently, since it’s a private wiki, we’ll have to use configs to allow parsoid to use mediawiki API through the server’s I… Continue reading Security vulnerabilities of using parsoid on shared host with private wiki?
Thousands of Applications Vulnerable to RCE via jQuery File Upload
The flaw has existed for eight years thanks to a security change in Apache. Continue reading Thousands of Applications Vulnerable to RCE via jQuery File Upload
X-Frame-Options header on redirect
I have several web applications running on my server (Debian 8 running Apache). One of my customers wants to improve the security of his app, after having some security audits carried out by a third-party company he showed me… Continue reading X-Frame-Options header on redirect