Moving mod_pagespeed’s file-based cache into RAM
Google's mod_pagespeed does a great job at optimising web resources such as HTML, JS, CSS and even images.
I use it on a lot of customer production sites as a great partner to APC cache for super fast web sites.
I won't go into details on how it works, if you're reading this, you already know!
mod_pagespeed caches resources to disk. If you are running on a heavily loaded server or a VPS, disk IO is a premium.
So we should really cache to memory, its faster, cheaper and easy to set up.
Disabling Core Dumps
I recently found a (cPanel) server was generating over 100Gb of core dumps every time a bad PHP script died or Apache died. Writing these generally useless (who actually debugs these on a live web server) to disk is a pointless waste of disk I/O, especially in a VPS environment.
Here is two methods of disabling core dumps;
Disabling Dangerous PHP Functions in a Shared Environment
PHP is an incredibly versatile language and if used in the wrong way, either maliciously or by accident has the potential to mess up an entire webserver. This can be a major problem if you are offering a shared hosting environment.
There is an often overlooked php.ini setting called disable_functions at hand.
cPanel Apache Tuning
One of the first things I do is run /scripts/easyapache and rebuild my PHP / Apache configuration.
I usually select Apache 2.2 and PHP 5.2.9. At the time of writing I stay away from the 5.3 versions as they aren't supported by programs and programmers enough yet.
Although this guide was originally inspired from a cPanel install, its Apache specific and doesn't require cPanel.
PCI Compliance – Disable SSLv2 and Weak Ciphers
Section 4.1 of the the Payment Card Industry Data Security Standard (PCI-DSS) v1.2, merchants handling credit card data are required to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.”
Apache redirects based on IP Address/Subnet
Ever needed to redirect a source IP address or source subnet in apache?
Why? Redirect annoying spam bots, users or other individuals away from your blog for example.
Slam the following code into your .htaccess file or VirtualHost Directive.
[Snippet] Where are my cPanel logs at?
You've got a main error log at /etc/httpd/logs/
And cPanel's logs are in /usr/local/cpanel/logs/
Smarty Security – Stop .tpl access
WHMCS uses the Smarty template engine. Which means your .tpl files are accessible to anyone that knows the path. Quite easy in WHMCS. Whilst not really a major security risk, its bad practise to all these files to be accessed directly.
Add this code into your .htaccess file.
- <Files ~ "\.tpl$">
- Order allow,deny
- Deny from all
- </Files>
[Snippet] Redirecting Non-SSL Traffic to SSL
- RewriteEngine On
- RewriteCond %{HTTPS} off
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Redirecting non-www to a www prefix
This old chestnut again.
Create or edit the .htaccess file
- RewriteEngine On
- RewriteCond %{HTTP_HOST} !^www\.YOURDOMAIN\.COM$ [NC]
- RewriteRule ^(.*)$ http://www.YOURDOMAIN.COM/$1 [R=301,L]
About Kieran
