Posts categorized: Blog

Seven Important Security Headers for Your Website

When it comes to securing your website, it’s all about minimizing attack surface and adding more layers of security. One strong layer that you can (and should) add is proper HTTP security headers. When responding to requests, your server should include security headers that help stop unwanted activity like XSS, MITM, and click-jacking attacks. While […]

Book Update: Version 1.8

Version 1.8 now available! This update to the First Edition of .htaccess made easy features some great improvements, including new techniques, resources, and tools. Here is a summary of changes:

Access Control for Apache 2.4 (and 2.2)

Throughout the book, I explain various techniques for controlling access to web pages. For example, if you are getting hit with an attack from a specific range of IP addresses, you can add directives to block them based on the host address or other variables. It is a common technique that I’ve discussed numerous times. […]

Disable ETags

This tutorial explains how to disable ETags completely. In many cases, sending ETag headers negatively impacts performance, as explained by the wizards at Google and Yahoo. This tutorial explains how to disable ETags via .htaccess for your Apache-powered website. Two copy/paste steps and done. Estimated time required: 5 minutes.

Commenting your .htaccess code

Commenting your .htaccess code is an important part of staying organized. Here are some quick tips and best practices for writing comments in your .htaccess file (or the Apache server config file).