Now and again, in my travels I run into the '.htaccess' file, and this mystical misconception, of what it is. The '.htaccess' is your personal Apache configuration file! This can be one of the greatest tools you can have in your arsenal against hackers. The '.htaccess' file allows you to enable, modify, and adjust the Apache modules. While there are likely more than a 100 modules available, here are the ones I recommend looking into and being somewhat comfortable with, in no particular order.
Let's start with GeoIP Module. In my personal opinion, 'mod_geoip' should be installed, and here is why. First the databases for it are, out-of-the-box installed on every Linux Distro I have ever touched. You can
typically find them in a location like:
# ls /usr/share/GeoIP
GeoIP.dat
GeoIPv6.dat
As for the module to interpret those databases, well, it is like a 10 minute download, compile, and install. Everything can be handled with the user's .htaccess file.
For these reasons, and I am a huge fan of giving tools for the user to protect themselves, and this should help with the general health of the server. I see no reason not to have it readily available (but this is my opinion), albeit there is a paid version, but the free version should get you where you want to be.
I will give you a few basic examples and explain what is really happening, and I feel somewhat obligated to share. There is, and I have sent people to free online tools that allow you to select coutries to block, then a click of a button it's download to
your local machine then simply upload it to your web directory, look for something like 'public_html'.
The problem is it can easily become 1000s of lines long, and thus, making it unwieldy. Mod_geoip replaces ALL of those lines with a just a few short ones.
Example:
# Security Rules
<IfModule mod_geoip.c>
GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
Deny from env=BlockCountry
</IfModule>
By wrapping the directives in an 'If Module' block, it prevents your site from crashing (500 - Internal Server Error) if the module is not installed.
The first line just turns Mod_GeoIP on. The next part actually uses another Apache module, mod_setenvif.
The 'SetEnvIf' is setting an internal environment variable 'GEOIP_COUNTRY_CODE' and a two-character ISO 3166-1 country code, and then followed by 'BlockCountry'. The last part is telling Apache to
'Deny' from, IF the environment variable 'BlockCountry' matches 'CN' or 'RU'. So now we will look at another example, this one works in the opposite way.
<IfModule mod_geoip.c>
GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
Deny from all
Allow from env=AllowCountry
</IfModule>
In this example, we are telling Apache to just straight up 'Deny from All' BUT Allow from IF the environment variable matches 'US'.
Moving along with security, let's look a mod_headers and how to increase your website security by passing some instructions to the client/browser BEFORE any website data is sent. There a few other things I want to hightlight, so for that reason I decided to create an article just for this module. For more information on this neat little module, please check out Secure My Head! As for the modules, mod_expires and mod_deflate, those are used to help with site speed in slightly different ways. I'll cover those later in separate articles. Please check out the following articles:
I hope you enjoyed this article, please feel free to leave a comment below.