User contributions for G1smd

7 March 2011

• 17:1517:15, 7 March 2011 diff hist 0 m Security and Performance FAQs Typo.
• 17:1317:13, 7 March 2011 diff hist +44 m Security and Performance FAQs Add <pre> to stop URLs in code examples turning into links.
• 17:0317:03, 7 March 2011 diff hist +65 Security and Performance FAQs Allow more than one level of sub-domain in referrer ([^.]+\.)* here. Remove unnecessary leading .* pattern from image path.
• 16:5616:56, 7 March 2011 diff hist +103 Security and Performance FAQs You cannot use Redirect to test if mod_rewrite is enabled. Redirect is a mod_alias directive. Use RewriteRule. Canonical URL for domain root ends with trailing slash. Use example.com, see RFC 2606.
• 16:4916:49, 7 March 2011 diff hist −1 Security and Performance FAQs It's a rewrite, not a redirect. The leading / is not present for code going into .htaccess. The .*$ is not needed, just wasting processor cycles.
• 16:4416:44, 7 March 2011 diff hist −9 J1.5:IIS7 and SEF URLs Previous code contained two matches for "/". Old code evaluated position of period three times. Find it once then pattern match from that point onwards. htm|html simplifies to html?
• 00:3500:35, 7 March 2011 diff hist 0 Htaccess examples (security) My typos. Fixed.

6 March 2011

• 11:5211:52, 6 March 2011 diff hist −2 Htaccess examples (security) Trailing .* patterns which match "anything, everything or nothing" but which are not captured as backreferences are just wasting processor cycles.
• 11:5111:51, 6 March 2011 diff hist −15 Htaccess examples (security) Trailing .* patterns which match "anything, everything or nothing" but which are not captured as backreferences are just wasting processor cycles.
• 11:4911:49, 6 March 2011 diff hist −34 Htaccess examples (security) Leading ^.* pattern matches whole string to very end, then forces thousands of back off and retry "trial match" attempts. Edit. RegEx now parsed once left to right looking for first character match.
• 11:3511:35, 6 March 2011 diff hist −16 Htaccess examples (security) Trailing .* patterns which match "anything, everything or nothing" but which are not captured as backreferences are just wasting processor cycles.
• 10:1210:12, 6 March 2011 diff hist +6 Htaccess examples (security) Pattern only matched a request like example.com/images/stories////////////.jpg with multiple slashes and no filename before the file extension.
• 10:0810:08, 6 March 2011 diff hist −1 Htaccess examples (security) Typo and escaping not requited on / here.
• 02:2102:21, 6 March 2011 diff hist −6 Htaccess examples (security) Character group is not required when there is just one optional character. Question mark for "optional" applies to preceding character if no grouping.
• 02:1402:14, 6 March 2011 diff hist 0 Htaccess examples (security) Do the very slow system filechecks after all other RewriteConds have evaluated as "true".
• 02:0902:09, 6 March 2011 diff hist +1 Htaccess examples (security) Change character list patterns to eliminate commas. Images files do not end in ".jpg,".
• 02:0002:00, 6 March 2011 diff hist +4 Htaccess examples (security) Not wanting match ".jpe," so character list changed from [g,2] to [g2].
• 01:5501:55, 6 March 2011 diff hist −3 Htaccess examples (security) Change language to match current production .htaccess file.
• 01:5201:52, 6 March 2011 diff hist +132 Htaccess examples (security) Additional code to avoid two step redirection chain for named index requests on old domain.
• 01:5001:50, 6 March 2011 diff hist +28 Htaccess examples (security) Literal periods in patterns must be escaped. Code redirected only olddomain.com not www.olddomain.com. Code produced a 302redirect. Needs a 301 redirec here. Code must go in olddomain.com.
• 01:4001:40, 6 March 2011 diff hist +27 Htaccess examples (security) Replace .* pattern with something that parses much more efficiently, left to right in one pass.
• 01:3301:33, 6 March 2011 diff hist 0 Htaccess examples (security) CASING of variable name.
• 01:3101:31, 6 March 2011 diff hist −21 Htaccess examples (security) No need to create backreference that isn't going to be used.
• 01:2901:29, 6 March 2011 diff hist −6 Htaccess examples (security) No need to create backreference that isn't going to be used. F implies L. L is not needed here.
• 01:2701:27, 6 March 2011 diff hist −110 Htaccess examples (security) Why find "base64_" twice when it can be found once then a local OR performed for "en|de" before "code"?
• 01:2501:25, 6 March 2011 diff hist 0 Htaccess examples (security) Spelling
• 01:2401:24, 6 March 2011 diff hist +6 Htaccess examples (security) The .* pattern is too inefficient.
• 01:2201:22, 6 March 2011 diff hist +12 Htaccess examples (security) The .* pattern is brutally inefficient. Use another pattern that can be parsed once left to right.
• 01:1901:19, 6 March 2011 diff hist +13 Htaccess examples (security) The .* pattern is brutally inefficient as it is greedy, promiscuous and ambiguous. It can create tens of thousands of back off and retry "trial matches" per page request.
• 01:1301:13, 6 March 2011 diff hist +2 Htaccess examples (security) Spelling
• 01:1201:12, 6 March 2011 diff hist −20 Htaccess examples (security) The position of the final period is evaluated nine times in the old code, only once in the new code. The old code unecessarily matched "/" twice.
• 01:0601:06, 6 March 2011 diff hist −24 Htaccess examples (security) F implies L. L is not required.
• 01:0301:03, 6 March 2011 diff hist −13 Htaccess examples (security) No need to creat backreferences that are never going to be used. F implies L. L is not required.
• 01:0001:00, 6 March 2011 diff hist +4 Htaccess examples (security) Old code produced a 302 redirect. This must be a 301 redirect here.
• 00:5800:58, 6 March 2011 diff hist +21 Htaccess examples (security) Old rule does not canonicalise requests with trailing period or port number on the canonical host name. Code sends a 302 redirect. Redirect must be a 301 here.
• 00:5000:50, 6 March 2011 diff hist +26 Htaccess examples (security) Why not fix index file requests in folders, not just the root? Old code sent a 302 redirect. This must be a 301 redirect here.
• 00:4800:48, 6 March 2011 diff hist +16 Htaccess examples (security) The .* pattern will cause thousands of back off and retry attempts. THE_REQUEST ends with HTTP/1.1 so the $ would cause this code to NEVER run. Literal space must be escaped.
• 00:4200:42, 6 March 2011 diff hist +9 Htaccess examples (security) Don't mix Redirect and RewriteRule in the same .htaccess file. Order of operation cannot be guaranteed. The .htacccess is parsed in per-module order.
• 00:3700:37, 6 March 2011 diff hist −7 Htaccess examples (security) No need to create a backreference that isn't going to be used. F implies L. No need for L.
• 00:3400:34, 6 March 2011 diff hist +2 m Htaccess examples (security) No edit summary
• 00:3100:31, 6 March 2011 diff hist +19 Htaccess examples (security) Long list of RewriteCond patterns but no RewriteRule after them.
• 00:2600:26, 6 March 2011 diff hist +6 Htaccess examples (security) The .* pattern is greedy and ambiguous and should almost never be used.
• 00:2400:24, 6 March 2011 diff hist −2 m Htaccess examples (security) Uncomment.
• 00:2300:23, 6 March 2011 diff hist +8 Htaccess examples (security) Multiple .* patterns may cause thousands of back off and retry "trial matches" to be attempted. Very slow.

18 September 2010

• 12:0712:07, 18 September 2010 diff hist +227 Talk:Preconfigured .htaccess Link to patch current

14 September 2010

• 01:4001:40, 14 September 2010 diff hist +11 Talk:Preconfigured .htaccess Further optimisations found. Note: originally posted code was not the latest version.
• 00:1300:13, 14 September 2010 diff hist −7 Talk:Preconfigured .htaccess Extra fixes
• 00:1100:11, 14 September 2010 diff hist +131 Talk:Preconfigured .htaccess No edit summary

13 September 2010

• 20:3720:37, 13 September 2010 diff hist +172 Talk:Preconfigured .htaccess Tracker item added
• 19:3419:34, 13 September 2010 diff hist +1,468 Talk:Preconfigured .htaccess Reply to questions posed here and at www.webmasterworld.com/apache/4200031.htm