When Shared Servers Don’t Work….

For some businesses, having an up to date, easily accessible and manageable website is the lifeblood of their company.  For web designers maintaining various sites on a community/shared server, access and software updates can prove difficult to manage, if not almost impossible.  While a dedicated hardware server may not be the answer, Gconnect’s 30:30 server could be.

The 30:30 server bridges the gap between a dedicated hardware server and shared hosting on a community server.  The servers are delivered as a base server, with a number of optional add-ons.  These allow customisation with the “everything you need, and nothing you don’t” ethos.

The security advantages of these “lightweight” dedicated servers make hosting web sites with specialist software requirements and PCI compliance need a breeze.  The flexibility offered by full root access, and the option to install or develop your own software, makes the 30:30 server the ideal solution for many IT headaches.

Based upon industry leading “VMWare ESX Enterprise” software and enterprise grade Dell hardware, our 30:30 servers are built for reliability and resilience, giving you peace of mind that your application will be available day and night.  To find out more about these fantastic servers, call us on 0845 006 0866.

Using .htaccess to Secure a Website

As promised, here are some .htaccess examples to help secure your web site. First off is preventing .php or other scripts from being run from within an ‘upload’ folder in the web space. You would expect images and in some cases, zip files or even Office type files. In order to block the script being run, add the .htaccess file into the directory in question, this file prevents .php files from being accessed:

<Files *.php>
   deny from all
</Files>

This one prevents .php, .pl, .cgi and .rb (for the Ruby enthusiasts)..

<FilesMatch "\.(php|pl|cgi|rb)$">
   deny from all
</FilesMatch>

Next up is to prevent access to the directory from any IP address but the ones you trust:

<Limit GET POST PUT>
 order deny,allow
 deny from all
 allow from 1.1.1.1                     # Use a single host
 allow from 192.168.0.0/16              # Use a CIDR slash notation
 allow from 172.16.0.0/255.255.0.0      # Use a netmask
 allow from 10.*.*.*                    # Use wildcards
</Limit>

Ive used various notations here for allowing the ip addresses.
The .htaccess files can do loads of great stuff, far too much to document here, but why not look on the Apache website here: http://httpd.apache.org/docs/2.2/howto/htaccess.html

Spring Has Sprung, Time For A Clean

Spring is in the air, and as is traditional most people will soon be undertaking a “Spring Clean”.  While you’re busy cleaning out your cupboards and emptying that drawer full of used batteries, it would be worth considering taking stock of your IT, and having a clean of your tech closet.

A slow, over loaded machine can be a source of endless frustration, and while it’s easy to focus on the big issues such as broadband speeds and updating hardware, sometimes following a simple cleaning regime can have surprising impacts on performance.  Take a look at these tips for keeping your machine clear and quick:

  1. Ensure your virus software is up to date, and perform a full system scan.
  2. Clear out your hard drive. It’s all too easy to build up temporary files which will clog up your hard drive and slow down overall performance.
  3. Delete cache. A simple, but effective task
  4. Remove programmes you no longer have use for.  Uninstalling unwanted software will reduce the strain on your machine.

Done regularly, these steps can help keep your computer running smoother, for longer.

Deprecation of Internal Server Names from SSL certificates

We have had to reconfigure some of our customers Exchange Server settings recently as part of their SAN UC certificate renewal. This is due to the CA/Browser Forum, a collaborative effort between the Certificate Authorities and Browser vendors, phasing out the use of internal server names and reserved IP addresses from certificates from November 2015.

In a nutshell, this means if you use internal server names on your SAN UC certificate and have a domain such as .local, you will almost certainly need to change some settings on your Exchange Server, or apply your certificate at the perimeter of your network and use an internal CA for your Exchange server certificate. These changes are designed to stop the use of domains that cannot be verified in the public namespace.

Further information on the CA/Browser Forum and the changes can be found here: https://www.cabforum.org/index.html