.htaccess rewrite rule to exclude folder

Many times, you need to have a folder not included in your.htaccess file’s rewrite rules. In order to exclude or skip the following, it can be done as part of the rewrite statement to allow this. This rule would be added after the last condition before you main rewrite the rule you are performing.

RewriteRule (^folder1|^folder2) – [L,NC]

You can add as many or as few folders as you wish. Just follow the same format of |^folder3

Protect WordPress wp-admin / wp-login.php server wide

With WordPress, the wp-login.php and as a result wp-admin pages are always under attack. To protect the backend of WordPress using an unique username (dont use admin or other simple names) and a strong password of course is the first line of defense. Next well … keeping wordpress up to date, then well…. plugins to add in many related security items (but adds overhead), then well… moving wp-config.php. OK OK so there are many things to secure the site. This is for a simple way to protect the wp-admin and wp-login.php page from basic bot attacks.

This method will display a basic http auth page when access wp-admin or wp-login.php. This greatly cuts down on server resource usage and will greatly stop most all malicious bot activity trying to brute force login. This can be used server wide in an include to protect many sites, or used for just 1 site. (But if you want it for just 1 site, if you are using a control panel most likely it has some soft of built in tool to do this for you)

In an Include file for apache add:

#Protect wp-login

<Files wp-login.php>

AuthType basic
AuthName “Human Check – U: example P: examplepass”
AuthBasicProvider file
AuthUserFile /home/.htpasswd
Require valid-user

errordocument 401 default
errordocument 403

default #End protect wp-login.php

This is a basic .htpasswd setup. The things to change would be where the AuthUserFile is located if you do not want to place it at /home/htpasswd . This should not be in the document root of the site.

Then the .htpasswd file needs to be generated.

On a cPanel based server:

ea3: /usr/local/apache/bin/htpasswd -c /path/to/.htpasswd $USERNAME ea4: /usr/bin/htpasswd -c /path/to/.htpasswd $USERNAME

For other server types you just need to find the path to the htpasswd binary if it is not in one of those locations. This will prompt for a password after the user is given. If you need to add more usernames:

path/to/htpasswd /path/to/.htpasswd $USERNAME

Multiple people could share the same login for this, this way that aspect is simple to remember, but bots will not have much impact. This does not change the actual wp-admin or wp-login.php aspects though. After the first login a user will still have the normal login screen and have to provide a normal valid wordpress user to get in.

AutoSSL with Cloudflare

With cPanel offering autossl to provide any site with DNS that points to the server with a free SSL this has been great for many domains, however many people use CloudFlare as a caching service and the proxy aspect of their service the IP of the site no longer points to the server and thus will not process the request properly for the DCV verification. Just recently cPanel did add in the option for DNS verification, but the bulk many people this will not be a seamless option for them and the text file verification will be still for a long time to come the AutoSSL main verification method. This will work for either type of SSL support in cPanel, cPanle/Comodo and Letsencrypt.

In Cloudflare you will need to make these changes:

On the Crypto Tab (padlock icon) set:

Always use HTTPS OFF

Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone.

Then under Page Rules (funnel icon) you will need to add 2 rules the first being one of the following:

For cPanel/Comodo:

http://*domain.com/.well-known/pki-validation/*

SSL: off

Automatic HTTPS rewrites: off

For Letsencrypt:

http://domain.com/.well-known/acme-challenge/

SSL: off

Automatic HTTPS rewrites: off

The next rule is:

http://domain.com/

Always use HTTPS

The first rule you will chose depending on which system you are on, by default this will be cPanel/Comodo. However many people do enable Letsencrypt as it can issue a SSL very quickly. The first part is the path for the DCV text file they make. Then it will disable the SSL support and keep it from rewriting as well. This will allow it to properly read the site when it has no SSL added yet. The second rule then re-enables SSL support.

This would need to be done for each domain you own and run under Cloudflare. This will allow you to run Cloudflare in Full Strict SSL support as both ends will have a valid working SSL for use with the domain.

cPanel change the IP of an addon domain or subdomain

In cPanel by default any addon domain or subdomain will share the IP of the main domain / account it was made under. But what if you wanted a dedicated IP? This can be done but not within cPanel and allow it to be cPanel friendly! This will require SSH access and some editing via the command line and a rebuild of the apache config

First SSH into the server and browse over and edit to (replacing $user and $domain with what you wish to modify) :

nano -w /var/cpanel/userdata/$user/$domain.com

In this file you can modify the IP of the subdomain or addon domain. The contents of the file will look like this:

documentroot: /home/user/public_html/sub1
group: user
hascgi: 1
homedir: /home/user
ip: 127.0.0.1
no_cache_update: 0
phpopenbasedirprotect: 1
serveradmin: [email protected]
serveralias: www.sub1.domain.com
servername: sub1.domain.com
usecanonicalname: ‘Off’
user: user
userdirprotect: ”

Now you can change the IP to that of another IP on the server that is not being used (If you are doing this for SSL purposes this IS key that the IP is not already in use or else WHM will not allow you to install the cert and would have to do it manually as I described in: https://mosmostech.com/2011/09/wildcard-ssl-certs-and-cpanel/.

After the change save the work and you will need to rebuild the apache config and restart apache (with a backup of the config to be safe):

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak

/scripts/rebuildhttpdconf

service httpd restart

You should be all set to use the new IP. Just update your DNS manually to point to the proper IP. Doing this will not allow cPanel to make changes for you on IP functions or DNS functions so you must keep that in mind down the road.

This is very much related to my other article on changing document roots https://mosmostech.com/2011/12/changing-a-cpanel-document-root-docroot/

htaccess rewrite rule to remove a subfolder from a URL

Using. htaccess, you can do many things. This small tidbit will focus on removing and rewriting (mask, hide) the subfolder aspect on a URL to only have the base domain present. You will want to create a.htaccess file if one is not present already in your public_html (or main doc root) for the site.

nano -w .htaccess

Yes, I like Nano! got something with it? Ha. Use whatever you like, such as VIM, if you prefer. Next, you will add the following text to the file:.

RewriteEngine On

RewriteRule ^$ sub/

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ sub/$1

This will assume you have http://domain.com/sub as where the content you want to load is. And the resulting URL to only shows http://domain.com but still load the content in in the /subfolder. This could be modified many ways to suit the needs for the application at hand.

Change cPanel document root (docroot)

How to change a document root ( docroot / webroot / where you put your files so they can be seen online) for a cPanel account is something that pops up from time to time. Or in my case a few times this week already, so I decided to write a quick little post on how to do this. For whatever reason cPanel does not allow an easy way to change a docroot. However you can specify a docroot if making a subdomain, even outside the public_html for the user. But cPanel does not have this option anywhere for the main user itself. This can be needed at times for development uses, just to point to a folder and not use the normal public_html, or avoid using rewrite/redirect rules, or fixing an issue that was caused by a manual install of something like an SSL on a subdomin.

As cpanel does not have a nice way to do this you will need to SSH into the server as root and make some modifications. Many people will assume you can just edit the httpd.conf file to change the docroot for a given domain. (EA3 /usr/local/apache/conf/httpd.conf or EA4 /etc/apache2/conf/httpd.conf/) But in a cPanel environment this will cause issues down the road as the apache config file is rebuild on a regular basis for many types of updates. So doing any hand edits to httpd.conf is a very bad idea in cpanel. Remember folks it is cPanel’s way or the highway!

The proper file and path to edit would be:

/var/cpanel/userdata/$user/$domain.com

Replace $user and $domain.com with the proper cpanel user and domain to change. If they have an SSL there will also be a $domain.com_SSL datafile. Edit this with your fav editor. The line you are looking for is:

documentroot: /home/$user/public_html

You can now change this to whatever is needed. Save the file and exit. To ensure all is fine we will rebuild the apache config file using this information cPanel has stored and restart apache after a backup of the config:

EA3: cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.bak

EA4: cp /etc/apache2/conf/httpd.conf /etc/apache2/conf/httpd.conf.bak

/scripts/rebuildhttpdconf

service httpd restart

You should now be using the new docroot for this domain. Now some people may just say modify the .htaccess and add some redirect/rewrite rules there. This will work if you are keeping the docroot in the public_html. But if you are placing it outside this location or just dont want to mess with creating rules which for many is confusing you can just do it this way and it will play well with cPanel.

Createing test files in linux

So you want to test an upload in linux and need a file to test with? That test also needs to be 20megs in size? Well good news everybody this can easily be done in linux. Using the command “dd” does low level coping of data. It can create a wide variety of files and can be used to destroy systems to backing up boot sectors and everything in between. Now on to the test file creation!

dd if=/dev/zero of=test20mb.zip bs=1024 count=0 seek=$[1024*20]

dd if=/dev/zero of=test20mb.zip bs=1024 count=0 seek=$[1024*20]
This will create a file called test20mb.zip It will be filled with just nothing (null/zeros). Using a block size of 1024. It will then seek for a given number of times. In this case 1024 * 20. 1 mb * 20.

200 mb .img

dd if=/dev/zero of=test200mb.img bs=1024 count=0 seek=$[1024*200]

15 mb .doc

dd if=/dev/zero of=test15mb.doc bs=1024 count=0 seek=$[1024*15]

8 mb .jpg

dd if=/dev/zero of=test8mb.jpg bs=1024 count=0 seek=$[1024*8]

Creating these on the fly or having a set already made can make it much easier to test upload and sending issues you might come across. But at times you still will need a legit working file and need to find something that fots for the size and type you are testing.

cPanel not assigning privileges for mysql

So you just updated your cPanel server to a new version of MYSQL or cPanel just decided to stop working properly. And now when you made a user in cPanel for a MYSQL database it does not appear to work. You are sure the password is correct and still getting access denied? Good chance cPanel did not set the privileges even though the check mark box was cleared selected. Just on the back end it did not assign the privileges using the GRANT command in MYSQL. So any automated scripts like Fantastico or Softaculous or manually creating a DB user will fail.

So how do i fix this? Glad you asked! Rebuild Perl on the server for cPanel!

cd /usr/local/src
wget http://layer1.cpanel.net/perl588installer.tar.gz
tar xfz perl588installer.tar.gz
cd perl588installer
./install

/scripts/checkperlmodules –force

Note this will take a long time. Could be easily over an hour. But once it is complete cPanel should be GRANTing permissions properly for MSQL DB users. If you dont want to recreate a user that was affected by this just assign them to the same DB again and it will prompt for what privileges it should have again but this time actually set them!