htaccess – Page 4 – WindowsTechs.com

X-Frame-Options header on redirect

Posted on June 20, 2018 by bomba

I have several web applications running on my server (Debian 8 running Apache). One of my customers wants to improve the security of his app, after having some security audits carried out by a third-party company he showed me… Continue reading X-Frame-Options header on redirect→

How to deny execution of any file on a specific directory?

Posted on May 29, 2018 by Luca Reghellin

I built a form that lets the user to upload files to a specific directory (apache2, php). I already limited file type and did some other security things. But I would anyway also like to deny the execution of those files to al… Continue reading How to deny execution of any file on a specific directory?→

Can someone view the contents of my .htaccess file

Posted on April 19, 2018 by DMVerfurth

I am storing hashed passwords in a file called passwords.htaccess. When a user fills out a login form, the passwords are checked. I am getting the contents of passwords.htaccess with file_get_contents(‘passwords.htaccess’);. … Continue reading Can someone view the contents of my .htaccess file→

Is there any way to bypass .htaccess PATH restriction (in URLs)?

Posted on March 4, 2018 by T.Todua

for example, in .htaccess we deny direct access to specific file example.com/myfile.txt, using this command:

RewriteEngine on
RewriteCond %{THE_REQUEST} myfile.txt
RewriteRule ^ – [F,L]

that says, if url contains myfil… Continue reading Is there any way to bypass .htaccess PATH restriction (in URLs)?→

Risks Limited With Latest Apache Bug, Optionsbleed

Posted on September 19, 2017 by Michael Mimoso

The risks surrounding the latest Apache bug, called Optionsbleed, are limited given it can only be attacked under certain conditions. Apache, and many Linux distributions, have patched the flaw. Continue reading Risks Limited With Latest Apache Bug, Optionsbleed→

Who’s Blocked by Bad Guys?

Posted on August 21, 2017 by Xavier

Just a quick post about an interesting file found in a phishing kit. Bad guys use common techniques to prevent crawlers, scanners or security companies from accessing their pages. Usually, they deploy a .htaccess file to achieve this. Today, I found a phishing kit related to a bank (ANZ) with such

[The post Who’s Blocked by Bad Guys? has been first published on /dev/random]

Continue reading Who’s Blocked by Bad Guys?→

Override parent .htaccess with php.ini?

Posted on July 14, 2017 by MagExt

Is it possible to override parent folder .htaccess rules with child php.ini or some other file except .htaccess?
What I have is:

/var/www/site/static/.htaccess
/var/www/site/static/abc/
/var/www/site/static/abc/def/(I have a… Continue reading Override parent .htaccess with php.ini?→

Apache RewriteRule htaccess security

Posted on January 13, 2015 by Jeremy

If I configure an .htaccess file like this :

RewriteEngine On
RewriteRule ^([^/]*)$ /view.php?key=$1 [L]

Which transforms:

original URL http://www.example.com/view.php?key=123
rewritten URL http://www.example.com/123

… Continue reading Apache RewriteRule htaccess security→

Protect against attack that modifies .htaccess?

Posted on April 9, 2013 by AlexCode

I have a dedicated server. There is no code/site live now, only a coming soon page. A few minutes ago I realized that someone has changed the .htaccess file.

How can I protect against that kind of attack?

The new htaccess c… Continue reading Protect against attack that modifies .htaccess?→