Articles about Web Server
This is a follow on post to the 'Using Apache to block Spammers' post.
It shows how to use Includes in your Apache configuration to re-use useful rules.
There are certain PHP files that you want access to but don't want to make public.
Common examples of these are:
You also don't really want to deploy these on all of your sites on a server nor have them in your git repositories for sites.
A neat way of dealing with this is to use rewriting in your web server config files (e.g. Apache, NGINX, IIS etc) to do the following:
One of the housekeeping tasks that I undertake is to review the activity of comment spammers on our websites.
All of our Drupal sites use Mollom to keep us almost Spam free (big thumbs up to Mollom!)
But if you review the logs you can see that Mollom is protecting you from an alarming rate of attack and it would be good to not bother ourselves or Mollom with such traffic is possible. So the solution is to drop the traffic upstream of our web sites.
There are many ways of doing this from Firewalls to Drupal modules.
If you are developing commerce sites and review your logs regularly, chances are you will come across 404 errors looking for crossdomain.xml. We get a lot from the plugins that looks for coupons on e-commerce sites (e.g. Drop Down Deals). In fact you are likely to get them on any sites you develop - but we have seen them more frequently on ecommerce sites.
Whether you are running Drupal,Wordpress, Expression engine, Joomla or in fact any web site one of the regular tasks you should carryout on your web site is a bit of log analysis. It is often left up to modules, plug ins or someone else to protect your web site until it too late.
We all rely on Google Analytics to tell us about visitors and maybe use our log analysis software (AWStats, Webaliser etc) to report on log entries - but it is always worth using tools locally to dig deeper into your logs. These can range from simple reports on accesses to your site to more detailed forensic analysis of site activity.
By doing this we get to know better how visitors are accessing our site and can uncover some interesting answers to questions such as:
- How often is Google actually spidering my site?
- How many errors am I getting and what are they?
- Who is stealing my content?
- Is anyone trying to crack my site?
In this post I will briefly cover some useful techniques to analyse you logs and see if any one is abusing your hospitality.
One of the first steps to setting up a new Drupal site is to setup the regular Cron job. Hosting services vary in their support for cron and the usual methods (such as wget, curl etc). This post explores options to configure cron on a hosted server.
One of the trends these days is to lose the www. from your domain name.
Arguments for are usability (e.g. you don't have as much typing to do - it is easier to not have to say dubyadubyadubya every time you give out your web address).
There are counter arguments of course to do with cookie control and sites that have sub-domains etc.
What is important though is that you choose one and stick to it. In any event you should decide for one and not allow both.
Supporting both will cause duplicate content in Google and you may suffer in SEO terms.