I recently got h2 (HTTP 2.0) running on my server.
Continue reading post "HTTP 2 on Ubuntu 18.04 with Apache and PHP"http posts
Woo-hoo. My site is finally sending h2 (HTTP 2.0).
Continue reading post "#2103"While working on my site’s error pages, I became aware of the #save418 kerfuffle.
Continue reading post "#1644"Dreamhost, mod_rewrite, and logged status codes
I’ve done some more testing on the problem I mentioned before of all requests showing up as 200‘s in the Apache log on my Dreamhost shared server. I’m pretty sure it’s specific to their mod_rewrite module.
Struggling to figure out why every response from my Symfony application is showing up in the log files as a ‘200’ status. I thought it was related to this and this, since I’m running under FastCGI on Dreamhost, but attempting to set a Status header didn’t help. Setting a regular response header in a plain PHP file does work, in fact. If I use ‘mod_rewrite’ to write another URL to load that same plain file, however, the status shows as ‘200’, so it must have something to do with ‘mod_rewrite’. Must get to bed though, so I will have to try another day.
Security HTTP Headers
I’ve been working on the HTTP headers my site sends recently. I had been working on performance / cache related headers, but after seeing mention of a security header scanner built by Scott Helme, I decided to spend a little time implementing security related headers on my site. I don’t really know these headers that well, so I added the headers it suggested and mostly went with the recommended values. I did read up a bit on what they mean though and modified the Content-Security-Policy as I saw fit.
I added most of the headers using a Symfony reponse event listener. This handles all of my HTML responses without sending the headers for other responses, where they aren’t necessary. The exception is the X-Content-Type-Options, which should be set for all responses. I set that in Apache configuration.