Top Nav

Archive | Apache

Block XSS on Apache or Nginx

Here are some handy Apache rewrite rules for blocking cross site scripting (XSS) attacks:

And here are similar rules for Nginx:

We gathered these rules from several sources around the net so they are not original but it’s handy to have them all in one place with both the Apache and Nginx versions.

 

0

Apache2 With mod_fcgid On CentOS 6.2

Need mod_fcgid on a CentOS 6.2 or similar server? Check out this great how-to:

https://www.howtoforge.com/how-to-set-up-apache2-with-mod_fcgid-and-php5-on-centos-6.2

I especially like the use of suexec.

This howto worked on the first try! There are not many actual working mod_fcgid howtos!

One issue that I did run into is the default MaxRequestLen is 131768 which is way to low so had to add this line:

to /etc/httpd/conf.d/fcgid.conf.

 

0

Disable PHP zlib.output_compression

If you need to disable zlib output compression from the .htaccess file, then just add the following line to the top of the file:

 

0

Redirect HTTPS to HTTP

If you want to redirect all HTTPS traffic to HTTP then add the following to your .htaccess file:

 

0

Block Access To .git And .svn Folders

On Nginx add the following to each “server” block:

And the for Apache add the following to the VirtualHost block:

0