Month: April 2015

Optimal Static Content Subdomain Configuration

Table of ContentsConfigure DNS Records Create Subdomains/Vhosts Change Magento URLs Secure the vhost Strip Cookies From FilesUsing subdomains for serving static content on your store will improve both performance and cacheability of static assets. Making this change is very straightforward … Continue reading

Implementing Vary:User-Agent

MageStack natively supports the Vary: User-Agent header, however, as it isn't a setting applicable to all stores, it is disabled by default. To enable the User-Agent vary header, you only need to set a single variable in your vhosts configuration, … Continue reading

PCI-DSS SAQ & Responsibility Matrix

Table of ContentsPhysical Architecture SAQ AnswersPCI Compliance is a merchants responsibility. Some questions within your SAQ relate to infrastructure/server configuration, for which you can find the scope and appropriate answer below. Physical Architecture SAQ Answers Section Scope Response Condition 1.1.1 … Continue reading

Identifying and blocking "Bad" Magento traffic

Table of ContentsMagento Connect Config Flush Attack SQL Injection Bad Bots/Crawlers/ScrapersThere's a number of common attacks on Magento stores; that can range from aggressive crawlers/bots, to XSS attacks, to severe SQL/compromise attacks. There are two approaches to dealing with attacks … Continue reading

Rate Limiting Requests

Table of ContentsOptions Enabling Custom Rate Limiter Examples Rate limit AJAX search to 1 request per 10 seconds Rate limit AJAX search to 1 request per 10 seconds, but whitelist given IPs Rate limit AJAX search to 1 request per … Continue reading

Installing Composer

Table of ContentsInstallationSonassi natively supports Composer, you can install and run composer in the conventional way for Linux for a global installation. Installation Composer is installed globally using the default installation method. cd /home/www-data curl -sS https://getcomposer.org/installer | php -- … Continue reading