Blacklist IP Addresses With htaccess

Here is a good snippet to add to your htaccess file to completely block spammers from your site.
If you have a WordPress site you could get a lot of spam comments, it can take up a lot of time of your day to go through and delete these spam comments. There are a few plugins you can use to delete these spam comments for you or you can use htaccess to block the spammers from even getting to your site. On the WordPress comment page it will record the IP Address, if you know this user is a spammer you can copy the IP Address into your htaccess to block them from ever coming back.
Copy and paste the following and replace with the IP address you want to the deny from xxx.xxx.xxx.x.
<Limit GET POST PUT>
order allow, deny
allow from all
deny from 123.123.123.1
deny from 555.555.555.5
deny from 000.000.000.0
</Limit>
If you want to disable access to a certain file using htaccess use the following snippet to block access to the login page.
<files wp-login.php>
order deny,allow
deny from all
</files>
This functionality is really useful when you are developing a new site and want to place this on a live server but don't want it to be accessible to the outside world. Using this code you can block anyone from seeing your site unless they have a certain IP address.
Therefore you can open the site to your designers, testers, your wireless network, HTML validators etc to test your site throughout before it gets opened up to the public.
<Limit GET POST PUT>
     Order Deny,Allow
     Deny from all
     
     # Designer IP
     Allow from 111.222.333
          
     # Tester IP
     Allow from 777.888.999
     Allow from 123.456.789
     Allow from 456.789.123
     Allow from 789.123.456
     
     # Wireless
     Allow from 000.111.222
     
     # W3C CSS & HTML validators
     Allow from 654.789.321
</Limit>
No comments:
Labels:

Set Expire Headers In htaccess

A way that Browsers try to help speed up rendering the page is by taking static data and cache it. These are things like images, CSS and JavaScript files. As Browsers are going to cache these bits of data you can actually set an expiry so the Browser will know not to cache these anymore.
The Browser will keep serving these until the date you set.

Images

Images Mostly on websites an image on the page will never change. By change I mean have the same image URL but use a different image. There may be times that you use a different image with a different URL but this will be a new cache for the Browser.
So if you know that your image isn't ever going to change then you can set the expiry on these items for a long time in the future so the Browser will allows get this data from it's own cache.

CSS And JavaScript Files

CSS File CSS files can be cached by the browser, you may even see this when you change the CSS file, refresh your browser and the styles don't change. You go into the CSS file and it has the new styles, so you refresh your browser again and now the new styles are coming through.
This is your browser caching your CSS files.
You can set an expiry on these files but it depends how often your website CSS is going to change. If you change it often you may only want to set an expiry of a couple of days. If your CSS doesn't change often then you can set a longer expiry.

Set Expiry Date using htaccess

To set your expiry date using htaccess I like to use the example from HTML5 Boilerplate, as it will take care of everything you will ever want to cache.
# ----------------------------------------------------------------------
# Expires headers (for better cache control)
# ----------------------------------------------------------------------
 
#
# These are pretty far-future expires headers
# They assume you control versioning with cachebusting query params like:
#   <script src="application.js?20100608">
# Additionally, consider that outdated proxies may miscache
#
#   www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/
 
#
# If you don`t use filenames to version, lower the css and js to something like "access plus 1 week"
#
 
<IfModule mod_expires.c>
  ExpiresActive on
 
# Perhaps better to whitelist expires rules? Perhaps.
  ExpiresDefault                          "access plus 1 month"
 
# cache.appcache needs re-requests in FF 3.6 (thx Remy ~Introducing HTML5)
  ExpiresByType text/cache-manifest       "access plus 0 seconds"
 
 
 
# Your document html
  ExpiresByType text/html                 "access plus 0 seconds"
   
# Data
  ExpiresByType text/xml                  "access plus 0 seconds"
  ExpiresByType application/xml           "access plus 0 seconds"
  ExpiresByType application/json          "access plus 0 seconds"
 
# RSS feed
  ExpiresByType application/rss+xml       "access plus 1 hour"
 
# Favicon (cannot be renamed)
  ExpiresByType image/x-icon              "access plus 1 week"
 
# Media: images, video, audio
  ExpiresByType image/gif                 "access plus 1 month"
  ExpiresByType image/png                 "access plus 1 month"
  ExpiresByType image/jpg                 "access plus 1 month"
  ExpiresByType image/jpeg                "access plus 1 month"
  ExpiresByType video/ogg                 "access plus 1 month"
  ExpiresByType audio/ogg                 "access plus 1 month"
  ExpiresByType video/mp4                 "access plus 1 month"
  ExpiresByType video/webm                "access plus 1 month"
   
# HTC files  (css3pie)
  ExpiresByType text/x-component          "access plus 1 month"
   
# Webfonts
  ExpiresByType font/truetype             "access plus 1 month"
  ExpiresByType font/opentype             "access plus 1 month"
  ExpiresByType application/x-font-woff   "access plus 1 month"
  ExpiresByType image/svg+xml             "access plus 1 month"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
     
# CSS and JavaScript
  ExpiresByType text/css                  "access plus 1 year"
  ExpiresByType application/javascript    "access plus 1 year"
  ExpiresByType text/javascript           "access plus 1 year"
   
  <IfModule mod_headers.c>
    Header append Cache-Control "public"
  </IfModule>
   
</IfModule>

Copy This Into Your htaccess

No comments:
Labels:

Cross Domain AJAX Requests

Introduction

Now on the web AJAX calls are becoming more and more common, they can be very useful to create a better user experience on your web applications. But on most modern browsers they will block anycross domain AJAX calls mainly for security reasons and the fact that AJAX uses client side scripting which might not work on another domain. If you are using jQuery to make your AJAX calls you can't post data to another domain, but PHP can post data to other domains by using the cURL extension. So to get around the cross domain AJAX problem, post data to your own PHP page and let cURL post this to the required URL.
In this article I will show you how to use cURL to post data from a jQuery post.

Change The jQuery POST Function

In this tutorial I am going to use PHP cURL to post data to another domain.
In jQuery to make an POST AJAX call you use the following.
var data = "parameters=1&para=2";             

             $.ajax({
    url: "http://www.example.com/post_url.php",
    data: data,
    type: "POST",
    success: function(data, textStatus, jqXHR){
   console.log('Success ' + data);
    },
    error: function (jqXHR, textStatus, errorThrown){
   console.log('Error ' + jqXHR);
    }
  });
This will post 2 parameters to http://www.example.com/post_url.php, but when this is sent you will get cross domain AJAX errors which means you aren't allowed to POST data to a different domain.
To get round this we are going to post to a page on our domain and then use this page to post the data.
var data = "url=http://www.example.com/post_url.php&parameters=1&para=2";             

             $.ajax({
    url: "our_domain_url.php",
    data: data,
    type: "POST",
    success: function(data, textStatus, jqXHR){
   console.log('Success ' + data);
    },
    error: function (jqXHR, textStatus, errorThrown){
   console.log('Error ' + jqXHR);
    }
  });
Notice it is the same AJAX call but I have changed the URL to a page on our server and moved the previous URL into data as a separate parameter. This is so we can get in from our PHP page and use this URL parameter to post the data.

Create A PHP Page To Post Data

Create a new PHP file and paste the following into the file.
//set POST variables
$url = $_POST['url'];
unset($_POST['url']);

$fields_string = "";
//url-ify the data for the POST
foreach($_POST as $key=>$value) { 
 $fields_string .= $key.'='.$value.'&'; 
}
$fields_string = rtrim($fields_string,'&');

//open connection
$ch = curl_init();

//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_POST,count($_POST));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);

//execute post
$result = curl_exec($ch);

//close connection
curl_close($ch);
This will first grab the URL out of the POST variable and then save this in a local variable this is so we can use this to send the data to. We need to then remove the URL from the POST variable to make sure we don't send this through as well.
Then we can loop through the POST variable and create our own query string.
Now we use cURL to post the data through to the URL.
That's it we have performed a cross domain AJAX call using jQuery and cURL.
No comments:
Labels:
Subscribe to: Posts (Atom)