Typically Apache’s RewriteRule sets from mod_rewrite go in .htaccess files, but sometimes you have a good reason to put them in your general server config instead: your httpd.conf or apache2.conf file (or a file you Include from one of those). If you’ve done this before, you’ve probably been surprised that it didn’t work quite the […]

The Apache module mod_reqtimeout is a simple and effective way to protect yourself from the Slowloris attack. But the cPanel team still does not include support for mod_reqtimeout in the EasyApache build utility, even though the module is a core part of the Apache web server distribution. But that doesn’t leave us completely powerless: we can add this support ourselves.

At TL Tech we spend a lot of time tracking down hackers. What we find often illustrates important lessons in what not to do in web security. In this example, a user was a victim of a previous attack caused by a vulnerable PHP extension that has since been removed. The site owner evicted the […]

Here you’ll find an installer script that adds mod_cloudflare to your EasyApache build system included with cPanel servers. The CloudFlare module automatically translates visitor IP addresses to reflect the visitor’s original IP address rather than the IP address of the CloudFlare proxy servers.

Here’s a generic .htaccess excerpt that you can use to redirect users to the SSL-enabled version of the page they requested. Just drop it into any directory you want to enforce security on, and you’re done (no modification necessary).

Referrer checking is a mechanism to restrict the way web resources are used. You can cut-and-paste this code into any domain without having to change anything about it.