How to password protect Apache site or folder but still allow some IP ranges

There are cases where you’d want a particular site or subfolder to be easily accessible from specific locations (like the intranet) but apply a minimum protection from public eye for the wide internet.

Apache does support this mixed configuration for its sites through its htaccess functionality.

How to configure a proxy host in Apache

Proxy virtual hosts are very handy when you need to publicly access a tertiary system on your local network and you only have one IP address to use but there’s a master web server already configured.

If that server is running Apache, adding a proxy vhost to pass outside requests to the correct LAN system is as simple as adding a new virtual host to the configuration.

Control Apache’s public server information

By default Apache displays information about itself in the server signature included with reply headers and sometimes auto-generated pages. This information can give away important clues, like the exact version number of a module or Apache itself.

While obscurity never increases security since exploits can be attempted on the service regardless, knowing exact version information and running modules certainly provides a potential hacker with useful clues and eases the task.

How to exclude subfolder from password protection with .htaccess

You sometimes need to password protect a folder or an entire account/website from direct access. That’s easily done with the appropriate .htaccess file in the protected folder plus the mandatory .htpasswd file with the correct user and password combination(s).

But what do you do when you want to enable direct access to a subfolder of the protected folder?

Quickly limiting access to php scripts using .htaccess

Sometimes one needs to quickly block access to offending scripts – like for instance when a site has been hacked and malicious files have been uploaded to the account and are used to send out spam emails.

Apache provides a simple way to block out files from being accessible to visitors. And as most intrusions involve directly access hacked php files, the bit below will do wonders at blocking out those direct calls while leaving the main site fully functional (sort of).

WordPress incorrectly loads styles, scripts via HTTPS and the solution

I’ve recently stumbled upon the weird issue of Wordpress loading its styles and scripts via HTTPS although it wasn’t configured to use SSL. The website did indeed have a SSL certificate installed and usable.

I eventually found some useful information about Wordpress’ is_ssl() function…