boolean.co.nz » Hosting

08/02/2012 Emergency PHP Updates on server

Boolean — Tue, 07 Feb 2012 21:42:11 +0000

EMERGENCY PHP UPDATES

We will be applying a PHP update to the servers later this evening.

This will take the primary PHP install from v5.3.9 to v5.3.10 and will resolve a vulnerability that has been patched in the 5.3.10 release.

The vulnerability present in 5.3.9 allows for the possibility of remote code execution depending on how large numbers and arrays are used.

As this is a security issue we will be performing emergency maintenance between midnight and 3am (GMT).

There should be no interruption to service however, as the work is being done on components critical to PHP based sites, this period should be considered at risk.

The work will cause slightly higher than normal load on the servers and may involve a restart of the web server.

In the worst cast scenario (such as a failed compile) the installer will restore a backup of the current working configuration.

No module or configuration changes will be made to the PHP stack and scripts should notice no difference.

You can view the change log on the php.net site: http://php.net/ChangeLog-5.php

Force trailing slash with .htaccess

Boolean — Sun, 06 Nov 2011 23:22:18 +0000

There are a few reasons to force a trailing slash at the end of URLs including SEO

A quick snippet for your .htaccess is below:

RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]

And while I’m here a quick snippet to prevent hotlinking of images. This will redirect all requests to a specified image, simply replace yoursite.com with your own URL, and nohotlinking.jpg with your own image and path.

RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/nohotlinking.jpg [L]

And finally a snippet to put in your image assets folder (you have images stored separately right?) to prevent malicious code execution and prevent directory listing of all your assets.

Options All -Indexes
AddHandler cgi-script .php .php4 .php5 .pl .jsp .asp .sh .cgi
Options -ExecCGI

Firefox cross domain font embedding

Boolean — Mon, 31 Oct 2011 23:24:59 +0000

Firefox has a limitation for cross domain font embedding in that it does not allow you to embed from another website. This .htaccess snippet allows you to bypass this limitation and embed fonts located on another webserver.

Header set Access-Control-Allow-Origin “http://thedomain.com”

PHP Host Settings Without phpinfo()

Boolean — Wed, 05 Oct 2011 09:36:05 +0000

Occasionally a webhost will block the very useful phpinfo() command making it difficult to understand any limitations of the server configuration. This script can display relevant information to help you understand what is happening behind the scenes.

$d_func = ini_get(“disable_functions”);
$up_max = ini_get(“upload_max_filesize”);
$up_max = str_replace(“M”,”",$up_max);
$up_max_size = “Megabytes”;
$post_max = ini_get(“post_max_size”);
$post_max = str_replace(“M”,”",$post_max);
$post_max_size = “Megabytes”;
$input_max = ini_get(“max_input_time”);
$mem_limit = ini_get(“memory_limit”);
$mem_limit = str_replace(“M”,”",$mem_limit);
$mem_limit_size = “Megabytes”;
$exec_time = ini_get(“max_execution_time”);
$safe_mode = ini_get(“safe_mode”);

if(!is_null($d_func) && $d_func !== “”){echo “Disabled Functions: \n $d_func”;}
if(!is_null($safe_mode) && $safe_mode !== “”){echo “Safe Mode is Active
”;}
if($up_max >= 1001){$up_max = $up_max / 1024; $up_max_size = “Gigabytes”;
if($up_max >= 10001){$up_max = $up_max / 1024; $up_max_size = “Terabytes”;}}
if($post_max >= 1001){$post_max = $post_max / 1024; $post_max_size = “Gigabytes”;
if($post_max >= 10001){$post_max = $post_max / 1024;$post_max_size = “Terabytes”;}}
if (min($input_max,60)){$input_max = $input_max /60;}
if (min($exec_time,60)){$exec_time = $exec_time /60;}
if($mem_limit >= 1001){$mem_limit = $mem_limit / 1024; $mem_limit_size = “Gigabytes”;}

echo “Maximum Upload Size = $up_max $up_max_size
”;
echo “Maximum Post Size = $post_max $post_max_size
”;
echo “Maximum Input Time = $input_max minute/s
”;
echo “Memory Limit = $mem_limit $mem_limit_size
”;
echo “Maximum Execution Time = $exec_time minute/s
”;
?>

.htaccess Mod-Rewrites for WWW Domain Name Prefixes

Boolean — Tue, 23 Aug 2011 09:36:08 +0000

Quite some time ago now I wrote about the importance of 301 redirects for SEO purposes.
In a minor addition to that post here is a snippet I often use to ensure search engines do not view http://yourdomain.com and http://www.yourdomain.com as duplicate content.

To perform a redirect from domain.com to www.domain.com, insert the following code into your .htaccess file.

# mod_rewrite in use
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{http_host} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

To perform a redirect from www site to non-www site, use the following code in .htaccess file.

# mod_rewrite in use
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^domain\.com
RewriteRule (.*) http://domain.com/$1 [R=301, L]

Mail, Google Apps, Cpanel, and SPF

Boolean — Fri, 11 Jun 2010 12:25:44 +0000

Sender Policy Framework (or SPF) is an email validation system designed to addressing source address spoofing. It allows administrators to specify which hosts are allowed to send email from a given domain by creating a specific DNS SPF record in the public DNS. Mail exchangers can then check that mail from a given domain is being sent by a host sanctioned by that domains administrators.

So, after setting up mail from Google apps you’re getting this error:
(IP addresses and domains have been changed to protect the innocent)

SMTP error from remote mail server after RCPT TO::
host something.email.com [127.0.0.1]: 550 :
Recipient address rejected: undeliverable address:
host domain.com[127.0.0.1] said: 550-something.email.com [127.0.0.2] is currently not permitted to relay 550-through this server. Perhaps you have not logged into the pop/imap server 550-in the last 30 minutes or do not have SMTP Authentication turned on in your 550 email client. (in reply to RCPT TO command)

You check your DNS records and everything seems to be in order…
You’ve changed your cname for mail to point to Google: ghs.google.com
You’ve changed your MX records for your domain to point to Googles: aspmx.l.google.com etc
You’ve configured your server in Cpanel to act as a Remote Mail Exchanger

For Google to accept your mail server as a relay, you need to enter a line in your DNS zone:

yourdomain.com TXT v=spf1 include:_spf.google.com ~all

(Do not use the built in SPF in Cpanel, and you may need your host to enter this line for you)

A little info is here for Google Support
Background reading in SPF in Wikipedia is here