Category: tips
Caution…
Inspired by the article Block a Website for Everyone But You over at CSS Tricks, I thought I’d post my way of blocking people from accessing my websites while I work on them.
Chris Coyier over at CSS Tricks uses the following code in his .htaccess file to block visitors.
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^71\.225\.113\.171
RewriteCond %{REMOTE_HOST} !^71\.185\.239\.212
RewriteCond %{REMOTE_HOST} !^69\.253\.223\.254
RewriteCond %{REQUEST_URI} !/comingsoon\.html$
RewriteRule .* /comingsoon.html [R=302,L]
What he’s doing there is checking for specific IP addresses that are allowed to see the website but everyone else is sent to the “comingsoon.html” webpage. This is great for people who have specific IP addresses but if you’re behind a proxy like I am at work then everyone else with you behind that proxy can still see the site.
I find it much easier to redirect everyone but check for a custom cookie that I can set using the Webdeveloper Firefox extension. That way I can check to make sure that the redirect to the maintenance page is actually working. Here’s the relevant code that I use (taken from a RoR tutorial of old)
RewriteCond %{DOCUMENT_ROOT}/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteCond %{HTTP_COOKIE} !^.*access_cookie=1.*$
RewriteRule ^.*$ /maintenance.html [L]
where the text “access_cookie” (sans quotes) would be whatever cookie name you want to use. I just create a “session cookie” set to a value of “1” (or whatever you want to make it) and check for it’s existence.
That gets around the problem of DHCP granted or spoofed IP addresses. Sure a cookie is easy to add but if you make the name and/or value sufficiently difficult to guess, no one is getting in.
Now just add your cookie.
Note in the image that I have set it to be a “session cookie”. This helps when you forget to delete the cookie. Just close your tab (FF) or browser (IE), reopen it and the cookie will be gone.
Oh yeah. The other thing that my .htaccess code does is, on the first line, check for the existence of the “maintenance.html” file. I don’t want to have to add and remove this code everytime I want to take the site down. It’s much easier to just have this code permanently in my .htaccess file and then upload the file that people will see when the site is down. I then delete it when the site is ready to be reopened. This is all performed using a custom Capistrano command that I run when I’m ready to deploy a new version.
A perfect scare for Halloween. For me, this has got to be one of the scariest videos ever. 🙂 Please vote on November 4th.
note to self re: git unpacker error
when you get an unpacker error “unpack failed” and git is being RIDICULOUSLY CRYPTIC (as usual) about it’s error, try this.
git repack remote/origin/master
I’m sick of pulling my hair out over this.
Cathy and I have BIG NEWS! However, instead of repeating ourselves everywhere, I’m just going to ask you to head over to Cathy’s blog and read about it there. Without further ado, we present…
XSendFile note
Note to everyone using Apache and the XSendFile module. If you’ve included the module and are getting 0-byte files, like I was today, make sure you have the following lines in your VirtualHost config
XSendFile on
XSendFileAllowAbove on
The website needs to know you want to use the module. Duh. 🙂
I’m coming out of blog hiatus to post about this important bill recently passed in Virginia. It relates to my biggest pet peeve about driving. People who don’t use their signal.
Didn’t use your turn signal? That’ll be $1,050, please!
Now, if only every state decided to use this. The world would be a better place.
PLEASE USE YOUR SIGNAL!!!!