Posted on

Speed up your website served by apache httpd in 2 mins

Slow website? Have you tried turning on file compression? If not, this tweak can speed up your website in an instant.

The apache documentation of the mod_deflate is one way to go. Add the following piece of configuration (that I have just copy-pasted from the apache docs website) to your virtual host config (it requires the mod_headers and mod_deflate being activated):


<Location />
# (1) Insert filter
SetOutputFilter DEFLATE

# (2) Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html

# (3) Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4.0[678] no-gzip

# (4) MSIE masquerades as Netscape, but it is fine
# BrowserMatch bMSIE !no-gzip !gzip-only-text/html

# (5) NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won’t work. You can use the following
# workaround to get the desired effect:
BrowserMatch bMSI[E] !no-gzip !gzip-only-text/html

# (6) Don’t compress images
SetEnvIfNoCase Request_URI
.(?:gif|jpe?g|png)$ no-gzip dont-vary

# (7) Make sure proxies don’t deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>

What is it doing? The first line is the most important one. It activates the compression of the data before it is returned by the webserver. Then 2-5 are pretty much neglectable, as they deal with legacy Netscpae browsers and apache bugs. Number 6 is important, as you do not want to recompress already compressed data. The last configuration (7) requires the mod_headers module and deals with proxy caching.

Posted on

captcha protect your website using Apache’s mod_rewrite to expel Google, Facebook and Co.

Problem:

Yor website has three sources of traffic:

  • SOMEONE: people browsing the web you don’t know
  • FRIENDS: your friends
  • MACHINES: search engines, facebook (when a link is posted, the content of the link is fetched by Facebook), etc.

You want that your FRIENDS have full access to your website, whereas MACHINES should not. The SOMEONEs you don’t particularly care and therefore allowing access as well.

Requirement:

For any defined part of your website you’re asked to enter a Captcha in order to prevent MACHINES to access this data. Your FRIENDS clicking on a hyperlink in facebook should not be asked to enter a captcha to avoid annoyances. SOMEONE else has to enter the Captcha to distinguish them to MACHINES.

Solution:

Prerequisites:
  • the captchas are created using re-captcha
  • apache webserver with mod_rewrite

Locate the config file (e.g. /etc/apache2/sites-available/somedomain.com) and add the following part to your virtual host:

Now the following happens during every request:

When the request uri contains somePrivateStuff or noMachinesShouldSeeThat (the folders you do not want to be accessible by google, fb, etc.), there is no cookie named noauth (actually the string of the key-value pairs of cookies do not match “noauth”), and the request is not pointing to yourwebsite.com/howdy, the request is forwarded to yourwebsite.com/howdy?target=/somePrivateStuff, i.e. presenting a captcha challenge to keep out MACHINES.

Take a look at the /howdy/index.php. Depending whether we have already set the “noauth=IF-ONLY-MACHINES-KNEW-THIS” cookie (note that the cookie is called noauth to stress the point that it is actually no real authentication and provides no real security!), the answered captcha challenge and the referrer of the request, the cookie might be set and the user might be forwarded to the requested ressource.

Now, your website is at least safe from machines as they cannot pass the captcha entry, without annoying your friends as they will not notice this simple way of protecting your website. Copy-paste a hyperlink pointing to a protected directory on Facebook. Facebook will connect to that link to create a preview of the content. You will notice, that the Facebook server will be forwarded to /howdy ! So even though you share information, your data remains in your possession.

 Test:

Assume that http://manuelbaumann.com/gallery is one a directory I don’t want to be accessible by non-humans:

Googling the protected page yields the expected result. The crawler was presented the captcha. Yet, clicking on the link is forwarding you to the correct resource.

Pasting a link to my website on Facebook has the same effect, yet every friend following the link will be presented the information immediately.

 

Important notes:

  1. Note that this is security trough obscurity
  2. I just figured out that recaptcha can be found at http://www.google.com/recaptcha. Google could actually bypass a captcha easily, as they obviously “know” all the captcha challenges.
  3. There is no evidence, that this kind of information-protection works in all kind of conditions. See Disclaimer.
Posted on

domain forwarding with Apache mod_rewrite

You might have the domain domain1.com which should redirect visitors to domain2.com. You could set up a virtual host, pointing to /path where an index.php file resides which forwards the user, e.g. with:

The easier way is to create a virtual host, e.g. by creating /etc/apache2/sites-available/domainForwarding with the following content:

This makes mod_rewrite (which must be enabled) to forward the request whithout the need for additional files.

Note: run a2ensite domainForwarding to enable the site and /etc/init.d/apache2 reload to update the apache’s configuration.