BuddyPress.org

I discovered these htaccess tips and tricks (https://www.askapache.com/htaccess/) mostly while working as a network security penetration specialist hired to find security holes in web hosting environments around 2002. Shared hosting is the most common and cheapest form of web-hosting where multiple customers are placed on a single machine and “share” the resources (CPU/RAM/SPACE). The machines are configured to basically ONLY do HTTP and FTP. No shells or any interactive logins, no ssh, just FTP access. That is when I started examining htaccess files in great detail and learned about the incredible untapped power of htaccess. For 99% of the worlds best Apache admins, they don’t use .htaccess much, if AT ALL. It’s much easier, safer, and faster to configure Apache using the httpd.conf file instead. However, this file is almost never readable on shared-hosts, and I’ve never seen it writable. So the only avenue left for those on shared-hosting was and is the .htaccess file, and holy freaking fiber-optics.. it’s almost as powerful as httpd.conf itself!

Once I discovered what .htaccess files could do towards helping me enumerate and exploit security vulnerabilities even on big shared-hosts I focused all my research into .htaccess files, meaning I was reading the venerable Apache HTTP Source code 24/7! I lovingly custom compiled every released version of the Apache Web Server, ever, even the original NCSA versions, and focused on enumerating the most powerful htaccess directives. Good times!

Because my focus was on protocol/file/network vulnerabilites instead of web dev I built up a nice toolbox of htaccess tricks to do unusual things. When I switched over to webdev in 2005 I started using htaccess to improve websites instead of hacking servers. I documented most of my favorites and rewrote the htaccess guide for web developers. After some great encouragement on various BBS’s, forums and underground nets I decided to start a blog to share my work with everyone and see if there was any response. AskApache.com was registered and quickly rose to one of the top 20k most visited sites in the world (Alexa). I published my guide without holding much back (power to the people is how I roll), and it was quickly plagiarized and scraped all over the net. Today it has been reprocessed and plagiarized by so many so many times that most all of the htaccess articles and htaccess snippets out there in the wild today contain recognizable pieces of the original.

As a hacker and a free and proud citizen of the greatest country in the history of this planet, I believe that Information is freedom, and that freedom is information, but there can be neither without free access.. so askapache.com has the least restrictive copyright I could find. Anyone can copy, sell, republish, modify, diss, plagiarize, repurpose, use, etc., anything on my site! That’s the net I grew up with and love, and I’ll never be able to pay back what I gained from the generosity and truly remarkable genius of those that came before me and those who fight to keep it that way for future hackers (FSF.org, GNU, EFF).

That was in 2006 and the askapache.com site was launched running an early version of WordPress. And even then, as now, my passion has been to read source code, and even in that early version of WP I could recognize that it was something special, something that would survive. Initially I chose WordPress to familiarize myself with it as a blogging platform, back then so many other competitors and alternatives existed and for my job in the elite world of pen-testing I had to be familiar with as many possible. That’s about the time the term “blogging” became super hot, and have no doubt that I was also sampling a lot of other competing software, which continued until about 2010, when I finally decided WP was the uncontested champ, most especially because of how it is all about future-proofing and leverage through minimalism and power.