blog.plee.me About software, technology and random things

2Jul/130

Access Control via Hybrid .htaccess for Both Apache HTTPd 2.2 and 2.4

Hi!

If you're running the Apache HTTPd in the versions 2.2 and 2.4 in different environments but would like to control access to certain directories (include, lib, ...) via Apache, chances are that you don't want to use one 2.2 specific file and a different one for 2.4, especially if you keep transferring and synchronizing the files between those different setups.

Between versions 2.2 and 2.4 a couple of things have changed. The perhaps most prominent change would be the one that comes with the new mod_authz_host module and deals with authorization / access control. Instead of using Order, Allow, Deny and/or Satisfy you are now advised to use the new Require directive.

So what do you do if you cannot switch every .htaccess over to the new format for reasons like the one mentioned in the beginning?

You could in fact enable the mod_access_compat module and keep rolling with the old configuration. But that would only mean procrastinating until you would finally have to deal with it anyway.

The better solution is to use configurations that are not even necessarily dependent on your Apache version (remember, you could just load the legacy compatibility module in 2.4), but in fact check for the correct module to work with. The key element to work with here is the IfModule directive.

# Apache 2.4
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>

# Apache 2.2
<IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
</IfModule>

As you can see, there are two checks that basically work as an "if ... else" selection. The rest should be self-explanatory.

For more information about the new way of handling access with the Apache HTTPd 2.4, please refer to the official documentation.

I hope this was of any help to you.

Thanks for reading.

24May/110

Blocking the Facebook Like Button via Adblock Plus

Hi!

This particular tip was written over at http://www.ohnekontur.de/2011/05/13/adblock-facebook-like-button-blockieren/. Any credit goes to the original author. I am merely posting this on my blog to have a reference for myself in the long run.

You might have heard about the fact that even without clicking on Facebook's Like buttons you might be tracked by Facebook (technically it is absolutely possible for them to see which site it is you visited and had the Like button on it).

So if you are using Firefox and have the Adblock Plus addon installed (which I strongly recommend in the times of annoying flash advertisements) you can just add the following lines under the Adblock Plus preferences => "My Ad Blocking Rules":

||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net
||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

These rules disable any Facebook scripts that are not used from the Facebook domains (facebook.com, facebook.net, fbcdn.com, fbcdn.net) themselves, including the Like buttons or any other webpage widgets they offer.

Of course, if you are using a different browser or a different kind of ad blocking / script blocking script, the idea is the same: forbid Facebook's scripts to run anywhere but their own website.

As always, I hope to have been of any help to you.

Thanks for reading.