kieranbarnes do you know where your towel is?

Smarty Security – Stop .tpl access

Posted on August 17, 2010

WHMCS uses the Smarty template engine. Which means your .tpl files are accessible to anyone that knows the path. Quite easy in WHMCS. Whilst not really a major security risk, its bad practise to all these files to be accessed directly.

Add this code into your .htaccess file.

<Files ~ "\.tpl$">
Order allow,deny
Deny from all
</Files>
Filed under: Apache, PHP, cPanel/WHM No Comments

[Snippet] Redirecting Non-SSL Traffic to SSL

Posted on June 15, 2010
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Filed under: Apache No Comments

Redirecting non-www to a www prefix

Posted on May 22, 2010

This old chestnut again.

Create or edit the .htaccess file

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.YOURDOMAIN\.COM$ [NC]
RewriteRule ^(.*)$ http://www.YOURDOMAIN.COM/$1 [R=301,L]
Filed under: Apache No Comments

Ridiculously simple NTLM Authentication for Apache (Ubuntu)

Posted on March 9, 2010

We all know Ubuntu makes things amazingly simple. This is the best I've found so far. NTLM authentication in Apache used to take a while to setup, it used to be tricky, fiddly - generally a bit hit and miss.

mod_geoip Revisted including stopping spam in phpBB 2

Posted on February 15, 2010

I've recently moved a client's forum onto a new cPanel server, previously it was on a home-brew Ubuntu server.
So I had to install mod_geoip onto cPanel in CentOS. It wasn't as bad as I was expecting.

First off, we need to download the GeoIP libraries.

SEO Friendly URLs for CubeCart in Windows

Posted on November 27, 2009

I have a client hosting CubeCart on a Windows server. Unfortunately the built in Apache 2 mod_rewrite rules that come bundled with CubeCart don't work in IIS/Helicon.

Simple fix...

NTLM Authentication for apt-get’ed Ubuntu

Posted on November 4, 2009

Following on from NTLM Authentication on Ubuntu and Apache2 Revisited this morning, this is how we modify the Apache2 configuration provided by apt in Ubuntu.

Filed under: Apache Continue reading

NTLM Authentication on Ubuntu and Apache2 Revisited

Posted on November 4, 2009

It's been a while since I've had to build an NTLM integrated Apache2 server.
So I thought I'd take help from Ubuntu's packages and install LAMP from there like most people seem to be doing these days.

Once all that is up and running, you will need to download mod_ntlm_winbind. Its an ancient package I complied years ago from the samba source tree, good news is it still works.

Block Countries in Apache

Posted on November 18, 2008

Assuming you have mod_geoip installed in apache we can block certain countries in 6 lines of code.

I had a client who was experiencing an inhumane amount of spam on their phpBB forums, which are notorious for bot attacks. Luckily this forum was geographically specific - so we can block all the countries we aren't interested in.

Filed under: Apache, Geeky Continue reading

Site Performance Quick Fixes

Posted on July 31, 2008

I've been playing around with YSlow for a while now, now I decided to a quick test on this blog.

This blog, according to YSlow rates a frumpy Grade D, with a score of 61. Not bad, but not great.
A bit of .htaccess trickery should give me a few extra points... Excellent Grade C, with a score of 73.