- Security through obscurity with HTTP Basic Authentication
Joor Loohuis, 2010-10-17
One of the undying fallacies of web development is that an application can be secured by requiring that the users authenticate themselves using HTTP Basic Authentication. We regularly have to explain to developers how easy it is to extract the authentication data from a request. So it's probably useful to put this down in writing for future reference.
- Logging unconfigured domain names in Apache
Joor Loohuis, 2010-04-01
When using virtual hosting with Apache, occasionally you may have domain names pointing to your webserver that you don't know about yet. A little tweak to the logging format will help you find out what these domain names are.
- Bad requests from the Reed Elsevier search engine
Joor Loohuis, 2009-12-03
Over the last weeks we're seeing ever increasing amounts of strange requests from a crawler that runs on IP addresses used by Reed-Elsevier in Australia. Time for some online forensics.