Apache
Apache: How to redirect all root domain traffic to www subdomain
Problem: Traffic comes to http://aknosis.com/something/ but they really need to go to http://www.aknosis.com/something/.
Solution: 301 Redirect via Apache with mod_rewrite.
Simple easy addition to your httpd.conf or .htaccess, I placed mine right above my wordpress mod_rewrite rules. If you are using .htaccess just dump it in that file above the wordpress redirect, if you having your rewrite rules in your httpd.conf then it needs to go inside the container:
<Directory /www/mydir/>
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.aknosis\.com$ [NC]
RewriteRule ^(.*)$ http://www.aknosis.com/$1 [R=301,L]
#Wordpress Here
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</Directory>
Breakdown:
RewriteCond %{HTTP_HOST} !^www\.aknosis\.com$ [NC]
If the HTTP_HOST header doesn't equal www.aknosis.com then :
RewriteRule ^(.*)$ http://www.aknosis.com/$1 [R=301,L]
Use the rewrite rule to push the request to http://www.aknosis.com/
^ - Beginning of request uri
() - Means group this into $1
$ - End of request uri
http://www.aknosis.com/$1 - Rewrite to this ($1 = the request uri)
[R=301 - Use a 301 Redirect
,L] - Make this the final rewrite rule and go
Try it out, go here (http://aknosis.com/) and you end up here (http://www.aknosis.com/). You can see the actual redirect in firebug’s net tab:
Hiding Unnecessary Response Headers Apache/PHP
One way to help protect your website/server is to not tell everyone what platform and app versions everything is running on. If you were to request a php file from my site you see some response headers that could be useful to people looking to break in, cause havoc etc…
Here is my request to aknosis.com (I’m viewing all of this in Firebug, if you don’t have it get it, best web development tool in my arsenal)
| Date | Wed, 14 Oct 2009 05:59:59 GMT |
| Server | Apache/2.2.3 (CentOS) PHP/5.2.9 mod_ssl/2.2.3 OpenSSL/0.9.8b |
| X-Powered-By | PHP/5.2.9 |
| X-Pingback | http://www.aknosis.com/akwp/xmlrpc.php |
| Expires | Wed, 11 Jan 1984 05:00:00 GMT |
| Last-Modified | Wed, 14 Oct 2009 06:00:00 GMT |
| Cache-Control | no-cache, must-revalidate, max-age=0 |
| Pragma | no-cache |
| Vary | Accept-Encoding,User-Agent |
| Content-Encoding | gzip |
| Content-Length | 10636 |
| Keep-Alive | timeout=2, max=100 |
| Connection | Keep-Alive |
| Content-Type | text/html; charset=UTF-8 |
So if I was running a known insecure version of php, apache, or any other out of date software exposed in the response headers, an attacker has to look no further to determine what you are using and how best to attack you.
Apache
Google Ads
Tags
Categories
- Hardware (1)
- Information Security (1)
- Scams (1)
- Programming (12)
- JavaScript (6)
- jQuery (4)
- MySQL (2)
- php (3)
- JavaScript (6)
- Quick Tips (7)
- Ramblings (30)
- System Administration (4)
Recent Posts
Recent Comments
- Issac Maez on Domain Name Search Engine Registration Mail Scam
- Jamie Rosborough on Fun with jQuery – toggle() – Easy tips to visually enhance your website
- Aknosis on Automating MySQL Database Backups on the Command Line via mysqldump
- brittany on Automating MySQL Database Backups on the Command Line via mysqldump
- Aknosis on More jQuery Fun – Auto Populating a Select Box
Twitter Feed...
- Transferred by bros comp into an Antec Nine Hundred Two. Awesome case, (I even fit the 24pin atx pwr cord behind the mobo) 1 day ago
- epic: http://www.youtube.com/watch?v=TQrAOQ4TzQc 1 day ago
- RT @jquery: jQuery 1.4.2 Released http://bit.ly/9ah4IV 2 weeks ago
- I say Colts 24 / Saint 20 2010-02-08
- How to Suck at Facebook http://theoatmeal.com/comics/facebook_suck from @oatmeal 2010-02-04
- More updates...
Powered by Twitter Tools