Determine site protocol with PHP (and Apache)

The $_SERVER variable provides a wealth of information about the server and current PHP script. One thing it doesn’t directly show you is the protocol used to serve the page.

We can use this function to assist

function getSiteURL() {
$Protocol = ((!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
$DomainName = $_SERVER['HTTP_HOST'];
return $Protocol.$DomainName;
}

Big Menus Not Saving in WordPress

wordpress blue-mI recently discovered an issue when working with a big WordPress Menu.

When saving, some menu items were saved, others weren’t. Quite random results, with the side effect of having a totally broken menu.

Turns out this isn’t a WordPress issue, it is a server configuration issue.

Continue reading “Big Menus Not Saving in WordPress”

Limit Apache requests per IP Address with mod_limitipconn

Limiting Apache requests per IP Address is always a good idea. It can prevent site issues where people attempt to DoS/DDoS you or resource hungry bots slowing your site down. Every Apache install should run mod_limitipconn which allows administrators to limit the number of simultaneous requests permitted from a single IP address. It goes very well with mod_evasive which does a very similar job but with a slightly different focus. I’ve run both with no issues. Here’s my mod_evasive threads; 2010, 2013.

Continue reading “Limit Apache requests per IP Address with mod_limitipconn”

Installing mod_geoip for Apache

mod_geoip is an Apache module that makes Apache aware of the visiting client’s country. This allows you do to many things like limiting access to a site per country, or displaying alternative pages depending on your visitors country.

First off, we need to download the GeoIP library. Continue reading “Installing mod_geoip for Apache”

Prevent DoS/DDoS attacks with Apache and mod_evasive

mod_evasive is an evasive manoeuvres module for Apache 2 to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It works by limiting object requests within a time frame.
Whilst it is not effective against high traffic DoS/DDoS attacks (where the attack exceeds the bandwidth you can consume), it can help in preventing the casual DoS/DDoS attacks where an attacker my request many copies of the same page.

Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denying any single IP address from any of the following:

Turning PHP APC on or off per site

The Alternative PHP Cache (APC) is a fantastic free and open opcode cache for PHP and does a great job at caching and optimizing PHP intermediate code. We all know what it does and how it works.
Sometimes we don’t want it enabled for all sites on a server (Using php.ini or conf.d/apc.ini), for example, you have a dev site and a live site on the same server. Having APC enabled on a dev site can be a little annoying. Continue reading “Turning PHP APC on or off per site”

Optimising WordPress (and other sites) with mod_deflate

Running any of the page speed testers like Google’s Pagespeed or Yahoo’s YSlow will tell you that you can compress many media elements with mod_deflate (gzip compression) to save on average 60% of network traffic.

Minimizing the payload size of both dynamic and static resources can reduce network latency significantly. In addition, for scripts that are cached, cutting down their byte size speeds up the time the browser takes to parse and execute code needed to render the page. (Learn more)

It is surprisingly rare to see this done in the Apache config, so it is good practice to add these optimisations in your site’s .htaccess. Here’s how I enabled mod_deflate and trimmed a few milliseconds from my page loads.

Continue reading “Optimising WordPress (and other sites) with mod_deflate”

Optimising WordPress (and other sites) with mod_expiry

Running any of the page speed testers like Google’s Pagespeed or Yahoo’s YSlow will tell you that you need to set long expiry times on media files and images to leverage browser caching

Setting an expiry date or a maximum age in the HTTP headers for static resources, instructs the browser to load previously downloaded resources from local disk, rather than over the network. (Learn more)

This is very rarely done in the Apache config, so it is good practice to add these optimisations in your site’s .htaccess. Here’s how I enabled longer expiry times and trimmed a few milliseconds from my page loads.

Continue reading “Optimising WordPress (and other sites) with mod_expiry”

Moving mod_pagespeed’s file-based cache into RAM

Google’s mod_pagespeed does a great job at optimising web resources such as HTML, JS, CSS and even images.
I use it on a lot of customer production sites as a great partner to APC cache for super fast web sites.

I won’t go into details on how it works, if you’re  reading this, you already know!

mod_pagespeed caches resources to disk. If you are running on a heavily loaded server or a VPS, disk IO is a premium.
So we should really cache to memory, its faster, cheaper and easy to set up.

Continue reading “Moving mod_pagespeed’s file-based cache into RAM”