it's a raspberry pi
Setups & configurations
Tailor shop
✂ Embroidery & pennantWe got some boring movies
🎥 CinematiqueRegarding unity3d
🙂 In-game char iconsSocial news aggregation
🌍 Windward #redditDeveloper briefing
☸ Dev's changelogOfficial Windward wiki
🛠 Wiki @gamepediaJunk does not deliver mail
✉ Private messageNo ads, no trackers,
no web beacons
Get the weather widget
🌤 Weather code snippetHotchpotch of weblinks
📖 Yellow pages
That is simply just another http web server powered by Apache Software
and the Raspberry Pi Foundation with Raspbian Debian OS Stretch Lite on it.
.htaccess. Upload this text document to root e.g.
/var/www/html.
user@raspberry:~ $ sudo su
root@raspberrypi:# cd /var/www/html
root@raspberrypi:/var/www/html# chmod 644 .htaccess
To make .htaccess working as expected, you need to edit the apache configuration file:
root@raspberry:~# nano /etc/apache2/apache2.conf
<Directory /var/www/> ... AllowOverride None ... </Directory>
Noneto
All.
<Directory /var/www/> ... AllowOverride All ... </Directory>
Save Ctrl O the file apache2.conf and close Ctrl X the nano editor.
root@raspberry:~# service apache2 restart
root@raspberry:~# systemctl daemon-reload
root@raspberry:~# service apache2 restart
mod_rewritedirectives
Order, Allow, Denyhave changed to
Require all granted Require all denied Require not ip Require not host
RewriteCond %{http_USER_AGENT} ^Mozilla/5.0 zgrab/0.x RewriteCond %{http_REFERER} (facebook|twitter|amazon)changed with " "
RewriteCond "%{http_USER_AGENT}" "^Mozilla/5.0 zgrab/0.x" RewriteCond "%{http_REFERER}" "(facebook|twitter|amazon)"
# error handling, redirecting to a specific html document/domain ErrorDocument 404 /404.html ErrorDocument 403 https://duckduckgo.com # disable directory browsing Options -Indexes # charset and language AddDefaultCharset UTF-8 DefaultLanguage en-US # hide server OS and server IP in error pages ServerSignature Off # configuration HTML5 formats AddType video/mp4 .mp4 AddType audio/mp3 .mp3
Forbiddenresponse.
# individual <Limit GET> Require all granted Require not ip 111.222.333.444 Require not ip 111.222.333 Require not ip 111.222 Require not ip 111.222.555.0/24 Require not host example.com Require not host sub.example.com Require not host example </Limit> # multiple <Limit POST PUT DELETE> Require all granted Require not ip 111.222.333.444 Require not ip 111.222.333 Require not ip 111.222 Require not host example.com Require not host sub.example.com Require not host example </Limit>
GET actually retrieves the resource. HEAD is similar to GET except that the message body is not returned. That is, it gets the file header information and not the entire resource. GET togehter with HEAD may give error 500 message Internal Server Error
.
POST requests are used for HTML/PHP form data, likely be the typical username & password form.
<RequireAll> Require all granted Require not ip 111.222.333.444 Require not ip 111.222.333 Require not ip 111.222 Require not host example.com Require not host sub.example.com Require not host example </RequireAll>
Source: apache.org Access Control, 2017
# user agents, referers RewriteEngine on RewriteCond "%{http_USER_AGENT}" "^.*Mozilla/5.0 zgrab/0.x.*$" [NC,OR] RewriteCond "%{http_REFERER}" "^.*(ru|ua|io|gov).*$" [NC] RewriteRule "^/$" "-" [F,L] RewriteEngine on RewriteCond "%{http_USER_AGENT}" "^.*(YandexBot|SemrushBot|Wget).*$" [NC,OR] RewriteCond "%{http_REFERER} "^.*(ru|ua|kz|by).*$" [NC,OR] RewriteCond "%{http_REFERER} "^.*(facebook|twitter|amazon|etc.net).*$" [NC] RewriteRule "^/$" "-" [F,L]
# IPs RewriteEngine on RewriteCond "%{REMOTE_ADDR}" "111\.222\.333\.444" RewriteRule "^/$" "-" [F,L] RewriteEngine on RewriteCond "%{REMOTE_ADDR}" "111\.222" [OR] RewriteCond "%{REMOTE_ADDR}" "333\.444\.555" [OR] RewriteCond "%{REMOTE_ADDR}" "666\.777\.888\.999" RewriteRule "^/$" "-" [F,L]
That requires to activate the mod_rewrite module. To enable mod_rewrite if it's not already.
Apache2 enable module:
root@raspberry:~# a2enmod rewrite
Module rewrite (already) enabled
root@raspberry:~# service apache2 restart
Reloads all the Apache config files.
Or as per new unified system control way:
root@raspberry:~# systemctl restart apache2
# directive preferred <FilesMatch ".*\.(php|pl|cgi)$"> Require all denied </FilesMatch>
Send unwanted sniffers away
Most probably you detect in apache.log
entries like ...
120.27.35.11 - - [16/Jan/2018:11:58:42 +0100] "GET / http/1.1" 200 25057 "-" "-" 120.27.35.11 - - [16/Jan/2018:11:58:44 +0100] "GET /xmlrpc.php http/1.1" 404 379 "-" "-" 120.27.35.11 - - [16/Jan/2018:11:58:44 +0100] "HEAD /wp-login.php http/1.1" 404 379 "-" "-" 120.27.35.11 - - [16/Jan/2018:11:58:44 +0100] "HEAD /mysql.php http/1.1" 404 379 "-" "-"
... and you don't use Wordpress, php, CGI-scripts or other features, then send the hackers & spies away by deploying the RedirectMatch 302
directive. A 302 redirect means that the page has moved to other location.
RedirectMatch 302 ^/xml.*$ https://duckduckgo.com RedirectMatch 302 ^/wp-.*$ https://duckduckgo.com RedirectMatch 302 ^/mysql.*$ https://duckduckgo.com
But handle carefully with ^/abc.*$
.
That may exclude any URI if it has a /abc
.
16-Jan 2018
http://www.or not to be with
http://www.❓
This all depends to your internet service provider support. Point out that without the www.
it’s simply not necessary. Neither is better than the other. But it is recommended that you use only one format. Either of the format is equally good. Without www.
all URLs are shorter, easier to read and quicker to type.
root@raspberry:# nano /var/www/html/.htaccess
Implement this snipped beyond of others on top of the .htaccess file.
⚠ Of course replace wih your own second level domain name (SLD) and top level domain name (TLD).
RewriteEngine on Options +FollowSymLinks RewriteCond "%{http_HOST}" "^www\.example\.com$" [NC] RewriteRule (.*) "http://example.com/$1" [R=301,L]
08-Apr 2018