Tag Archives: Apache

Generating bcrypt .htpasswd passwords using PHP

In my previous post we saw how to generate .htpasswd file using crypt and apr1-md5 algorithm in PHP. However, now there is a more secure BCRYPT algorithm that can be used since apache 2.4 for passwords in .htpasswd. In this post we will generate .htpasswd file using the BCRYPT algorithm in PHP.
Read more »

How to generate passwords for .htpasswd using PHP

In my earlier post about .htaccess I had described about authentication using .htaccess and command to generate .htpasswd file. However, when we want to add passwords for many users that method will take too long, since we will have to add passwords for each user one at a time. However, there is an easier way to generate the .htpasswd file using PHP. In this post I will show the different algorithms which can be used to generate the .htpasswd file.
Read more »

How to hide apache information with ServerTokens and ServerSignature directives

In default Apache configuration, the server sends HTTP Header with the information of Apache version, modules, Operating System, etc of the Server. The HTTP response header “Server” displays all these details of the server. This information can be used by hackers to try to exploit any vulnerabilities in the Apache, OS or other modules you are running, specially if you are running an older version with known vulnerabilities.

Sample HTTP Response Header:

HTTP/1.1 200 OK
Date: Sun, 10 Feb 2012 07:24:47 GMT
Server: Apache/2.2.17 (Win32) PHP/5.2.17
Vary: Accept-Encoding,Cookie

Read more »

more .htaccess tips

In my previous post .htaccess tips I had started with what is .htaccess file and some things that can be done using it. In this post I’ll cover more about .htaccess files.

Topics Covered:

Read more »

.htaccess tips

Topics Covered:

What is .htaccess file?

.htaccess file is used on Apache Web Server to make configuration changes on per-directory basis. This file contains the configuration directives and are applied to the directory and all its sub directories. The configuration directives in .htaccess files may overwrite the directives in any .htaccess file found higher up in the directory tree and even the main server configuration.

To enable use of .htaccess file the AllowOverride Directive has to be set in the Apache Server configuration.

Read more »