Microsoft IIS REST API allow by PUT, DELETE

To the IIS 7.5 all HTTP verbs like PUT, POST, DELETE and PATCH to enable, need to disable the following modules and handlers in the web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
      <modules>
         <remove name="WebDAVModule" />
      </modules>
        <handlers>
            <remove name="WebDAV" />
            <remove name="OPTIONSVerbHandler" />
            <remove name="TRACEVerbHandler" />
        </handlers>
    </system.webServer>
</configuration>

Microsoft IIS SSL certificate create for localhost for chrome 60 with SAN

To create a certificate for IIS under IIS, should you create a SSL certificate with openssl (comes with GIT in C:\Program FilesGitusrbin).

With the two commands, you can create a .pfx file, also see chrome 60 He runs on option chrome://flags/#allow-insecure-localhost.

openssl req  -newkey rsa:2048 -x509   -nodes -keyout server.key  -new  -out server.crt  -subj /CN=localhost  -reqexts SAN -extensions SAN  -config openssl.cnf -sha256 -days 36500
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

You need a configuration file OpenSSL.cnf: more…

Angular 5 URL without index.html

At an angular application you must call by default the index.html, Thus starts the application on an Apache Web server. This also without / index.html with the domain alone only (www.foo.de) funktioneirt, do you set this:

1. Create a .htaccess file in src/.htaccess with the content:

DirectoryIndex index.html

2. Change the base URL in the src/index.html

<base href="">

3. GGF. Add .htaccess to the build process in the .angular cli.json

"apps": [
  {
    "assets": [
      "assets",
      "favicon.ico",
      ".htaccess"
    ],

 

Apache virtual hosts set up under MAC and Windows

If you want to develop a page locally with a Werbserver like Apache and the URL structure has influence on the website Funktonsweise, it is recommended to set up virtual hosts. To make the page in the browser can be contacted at the subsequent URL as sebastianviereck.de, even though you are not yet online for others, or is it not the domain has.

Normally you call local websites with the URL as:

http://localhost/sebastianviereck/

on.

If you instead prefer the URL

http://sebastianviereck.local/

wants aurufen, you just have to do the following:

1. The file

When Windows xampp\apache\conf\extra\ httpd-vhosts.conf

for the MAC /Applications/XAMPP/xamppfiles/apache2/conf/httpd.conf

change:

<Directory /xampp/htdocs    >   
    Order Allow,Deny   
    Allow from all 
</Directory>

NameVirtualHost *:80

<VirtualHost *:80>   
    DocumentRoot "/xampp/htdocs"
    ServerName localhost 
</VirtualHost> 

<VirtualHost *:80>   
    DocumentRoot "/xampp/htdocs/sebastianviereck"
    ServerName sebastianviereck.local
</VirtualHost>

2. The file

When Windows: C:\Windows\System32\drivers\etc\hosts

for the MAC/private/etc/hosts

change:

127.0.0.1  sebastianviereck.local
127.0.0.1   localhost   #damit localhost noch funktioniert, am Ende einfügen

3. Restart Apache.

4. In the browser will appear when you enter by sebastianviereck.local your local website.

WordPress Security: secure login

The safest approach is to protect his block unauthorized use of a log. Htpasswd authentication.

The default login page of WordPress is not safe, because hackers have programs, wahrlos try the passwords. If then the login name is known, because at the WordPress name of the author is among the most blog posts, you should attach importance to safety.

In any case, the error messages are automatically switched off when the wrong password or login incorrect, what dangerous clues. For it must be entered following code in the functions.php:

add_filter( 'login_errors', create_function('$a', "return null;"));

I recommend a .htpasswd Protection for the /wp-admin/ – Directory create.

The .htaccess File is also in the Root – Directory, For example,:

<Files "wp-login.php">
AuthName "backend"
AuthType Basic
AuthUserFile Root-Pfadwordpress/.htpasswd
require valid-user
</Files>

The required root path can be determined following dimensions:

echo getcwd(); 

In the. Passwd login and password come in the form gehachter. The best htpasswd Generator for use and record the data in advance.

The read access should be based on 0444 be set for these two files, so you can not be overwritten or deleted.

Another useful feature is the read access to critical files and all php files in the limit “Head” .htaccess:

<FilesMatch "(\.htaccess|\.htpasswd|wp-config\.php|liesmich\.html|readme\.html)">
  order deny,allow
  deny from all
</FilesMatch>

This is particularly important, to hacker bots off to during, proceed the following mass:

Search in the Web pages for specific WordPress pages and used unsafe plugins, e.g.. I have tracked these requests, which suggests the plugins vulnerabilities:

"wp-content/themes/clockstone/readme.txt" 
"wp-content/plugins/complete-gallery-manager/readme.txt"

(These themes or. Plugins when not used)

Profiling with XDebug and Webgrind

If the performance of a web page yields, to set the question often, on what function / module is the performance loss? The solution is profiling a website.

Profiling is busy analyzing the function calls a web page. It can be analyzed, which parts take a long time or what Funtionen be called twice.

Profiling should not be run on a production system, because the performance breaks and expenditures are visible. BTW: Who makes his website faster, SEO optimized simultaneously. more…

PHP mit htaccess debuggen: Error Log

To log the potential for users in the operation of an error occurring websites, it is advisable to set up htaccess Error Log in the outside of the public part of the website. This must be provided via FTP with write access.

php_flag log_errors on

php_value error_log /srv/www/vhosts/domain/non-public/PHP_errors.log

php_flag ignore_repeated_errors on

php_flag ignore_repeated_source on

php_value error_reporting 1

Here, no repetitive and only fatal run-time error logged.