Tag Archives: htaccess

Sysadmin: Letsencrypt renewal htaccess redirect bypass

With increasing role of HTTPS websites (Google pushing everybody to run only HTTPS websites considering regular HTTP as insecure) the service provided by Let’s encrypt becomes critically important. But there is a catch – once you get the certificate and redirect your site to HTTPS using .htaccess you will get a problem renewing certificate because 301 redirect breaks the challenge verification and the command

gives an error about authorization problem.

Here is the correction to the .htaccess file that allows to avoid this problem.

  1. Here is HTTPS redirection part of your .htaccess file before modification

  2. This is the same part after adjustment

Share Button

X-Robots-Tag in headers – fine grained crawlers control in apache

xrobotsI was asked to implement X-Robots-tag on one of our dedicated servers the other day.
This google document explains in the great details what it does and how it influences your site presentation on the search engine.
Read more »

Share Button

.htaccess anti-RFI mod_rewrite rules

RFI – Remote File Inclusion (or “nesting” – though last term is not so widely used, and it’s not the same as XSS I beleive) is very serious security threat – especially in webhosting environment where there is no time and manpower available to audit and vet all customers PHP scripts. Let’s see if there are other ways to reduce the threat

Read more »

Share Button