Posts categorized: Blog

Page 5 of 12

Limit File Upload Size

This tutorial explains how to protect against DoS attacks by limiting file upload size.

Target Blank User Agent

How to target a blank or empty User Agent using .htaccess.

Increase Security with X-Security Headers

Here are three .htaccess techniques to increase your site’s security. These techniques add extra security headers to all of your site’s resources. Specifically, this tutorial explains how to add X-Security Headers to protect against cross-site scripting (XSS), page-framing, and content-sniffing. Adding these extra headers is simple and helps to boost the security of your site.

.htaccess redirect to https and www

If your site is serving secure pages via the HTTPS protocol (i.e., via SSL/TLS), you may need a technique to redirect all HTTP requests to HTTPS. Then to go further with your canonicalization efforts, you may also want to redirect all www requests to non-www (or vice versa). Both of these techniques are essential for […]

Block User ID Phishing Requests

Examining the site’s access logs, I noticed many requests for /?author=123, where the numbers ranged from 1 to several hundred. The goal of this type of malicious scan is to obtain information about registered usernames, which can then be used to brute-force attack the site’s login form. This tutorial explains how “user-ID phishing” works, and […]