What more could you want?
Posts tagged webmaster
Add your www with mod_rewrite
Jul 28th
It’s been said a million times, why do we need the www in the URL? The answer is simple: we want our sites to look professional. Here’s how to automatically prepend the www when some crazy hippie forgets it.
In the LoadModules section of the config, make sure mod_rewrite is enabled. On Red Hat or CentOS (or most others) it is by default:
In your LoadModules section, make sure that mod_rewrite is enabled. On Red Hat and CentOS, it is by default:
# grep mod_rewrite /etc/httpd/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
In your VirtualHost container (or, to get fancy, in a .htaccess file), add the following lines:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]
Voíla. Bounce Apache, and visit. Make sure you’re cool enough not to type “www.”
/cs
Plesk 9 and PCI compliance
Apr 14th
The basics are easy, as one can attest with a Google search: Apache, Mail, etc.
But, I’ve found that the Plesk CP for Plesk 9 doesn’t run on Apache, it runs on Lighttpd. To disable weak ciphers on a Plesk/Red Hat box, edit /etc/sw-cp-server/applications.d/plesk.conf and add this line:
ssl.cipher-list = “TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH”
I don’t know if you can add it just anywhere, but you ought to be able to. Personally, I put it between the “include_shell” and “index-file.names” lines in the conf, line 11. After all that, issue “service psa restart” and you’re good to go.
You can test the setup using this command:
# openssl s_client -connect localhost:8443 -ssl2
Run that from the box itself, either as root or as a regular user. It gave me a “Connection reset by peer” error on SSLv2 connection. This is expected, and means that SSLv2 has been successfully disabled. Go run that scan again.
Also, keep in mind the recent “Plesk broke openssl” (or vice-versa) fiasco.
/cs
Client-side mailto: Link Encoding in HTML Pages
Jan 30th
This always seems to be a sore subject among webmasters, and I have seen some quite silly contrived solutions:
- addy@DELETE_THISdomain.com
- mayemail @ mydomain com
- Please contact us for contact information
To me, these seem very creative (except for the last one which was really kind of a joke).
I have found and implemented a solution on my server that seems to work very well for eluding this issue. It’s a little piece of javascript I like to call menc.js.