Apache mod_security settings for WordPress and ModX

If you use the apache mod_security module on your apache server, you might encounter wrong 403 errors for several URL's of the cms systems. Here are some exception rules to avoid that: For WordPress Blogs <locationmatch "/wp-admin/admin-ajax.php"> SecRuleRemoveById 300013 SecRuleRemoveById 300015 SecRuleRemoveById 300016 SecRuleRemoveById 300017 </locationmatch> <locationmatch "/wp-admin/page.php"> SecRuleRemoveById 300013 SecRuleRemoveById 300015 SecRuleRemoveById 300016 SecRuleRemoveById ... Read more

Apache webserver: redirect requests for domain.com to www.domain.com

Many webmasters want to redirect users that access their websites with "domain.tld" automatically to "www.domain.tld". If you use the Apache web server, you can do this by using Apache rewrite rules. Add a .htaccess file with the following content in the root directory of the website: RewriteEngine On RewriteCond %{HTTP_HOST} !^www\.domain\.com RewriteRule (.*) http://www.domain.com/$1 [L,R=301] ... Read more

How to use a custom php.ini with suphp

To use a custom php.ini file with SuPHP for a website, you can define the path to the php.ini file in a .htaccess file or in the apache vhost like this: suPHP_ConfigPath /home/websites/domain.tld/ Then add a php.ini file in the directory /home/websites/domain.tld/ which may be a copy of the global php.ini were you just changed ... Read more

Prevent DOS attacks on apache webserver for DEBIAN linux with mod_evasive

The following guide explains the installation of the apache module "mod_evasive". Mod_evasive tracks the number of requests of files at the apache webserver and blocks the delivery in case that a certain limit has been reached. Installation apt-get install libapache2-mod-evasive Create the log directory for mod_evasive mkdir -p /var/log/apache2/evasive chown -R www-data:root /var/log/apache2/evasive Now we ... Read more

Apache mod-security installation on Debian 6.0 (squeeze)

Install the apache mod-security 2 module with apt from the Debian repositories apt-get install libapache-mod-security Create the folder for the mod-security configuration files mkdir /etc/apache2/mod-security chmod 600 /etc/apache2/mod-security Download and unpack the mod-security rules cd /tmp wget http://www.modsecurity.org/download/modsecurity-core-rules_2.5-1.6.1.tar.gz tar fvx modsecurity-core-rules_2.5-1.6.1.tar.gz mv *.conf /etc/apache2/mod-security/ ln -s /var/log/apache2 /etc/apache2/logs Configure apache to load the activated mod-security ... Read more