. Htaccess usage Summary

Source: Internet
Author: User
Tags password protection

. Htaccess is a very powerful distributed configuration file of the Apache server. Correct understanding and use of the. htaccess file can help us optimize our servers or virtual hosts. For example, you can use the. htaccess file to create a custom "404 error" Page and change the configuration of many servers. All we need to do is to add a few simple commands in this text document.

Unix, Linux, or any version of Apache Web Services Support. htaccess, but some host service providers may not allow you to customize your. htaccess file. Almost all mainstream VM providers abroad support custom functions.

To enable. htaccess, you must modify httpd. conf, enable AllowOverride, and use AllowOverride to restrict the use of specific commands.
If you want to use a file name other than. htaccess, you can use the AccessFileName command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows:
AccessFileName. config

In general ,. htaccess can help us achieve the following: folder password protection, automatic user redirection, custom error pages, users who change your file extension, ban specific IP addresses, users who only allow specific IP addresses, and list of prohibited directories, and use other files as index files.

● Create a. htaccess document

. Htaccess is a weird file name (from Win's point of view, it has no file name and only has an extension consisting of eight letters, but it is actually named in linux, in many linux systems, we always think it is odd.) In Win systems, we cannot directly create new files, however, we can use copy in cmd, such as copy sample.txt. htaccess. You can also create an htaccess.txt file, Ftp it to the server, and modify the file name through FTP.

● Custom error page
. One application of htaccess is a custom error page, which enables you to have your own personalized error page (for example, when a file cannot be found ), instead of the error pages provided by your service provider or without any pages. This will make your website look more professional when an error occurs. You can also use the script program to notify you when an error occurs (for example, automatically Email you when the page cannot be found ).
You can add the following text to the. htaccess file to convert any page error code you know (such as page 404 cannot be found) to a custom page:
ErrorDocument errornumber/file.html
For example, if my root directory contains a notfound.html file, I want to use it as the 404 error page:
ErrorDocument 404/notfound.html
If the file is not in the root directory of the Website, you only need to set the path:
ErrorDocument 500/errorpages/500.html
The following are some of the most common errors:
401-Authorization Required needs verification
400-Bad request error request
403-Forbidden prohibited
500-Internal Server Error
404-Wrong page cannot find the page
Next, you only need to create a file displayed when an error occurs, and then upload them together with. htaccess.

●. Htaccess command
Forbidden to display the Directory List
Sometimes, for some reason, there is no index file in your directory, which means that when someone typed the directory path in the address bar of the browser, all the files in the directory will be displayed, this will leave security risks to your website.
To avoid this situation (instead of creating a bunch of new index files), you can type the following command in your. htaccess document to prevent

Display the directory list:
Options-Indexes

Deny blocking/allowing specific IP addresses
In some cases, you may only want to allow users of certain IP addresses to access your website (for example, only users of specific ISPs can access a directory ), or you want to block some specific IP addresses (for example, isolate low-level users from outside your information layout ). Of course, this is only useful when you know the IP address you want to intercept. However, most users on the Internet use dynamic IP addresses, so this is not a common method to restrict the use of dynamic IP addresses.
You can use the following command to block an IP Address:
Deny from 000.000.000.000
Here, 000.000.000.000 is the banned IP address. If you specify only a few of them, you can block the IP address of the entire network segment. If you enter 210.10.56., 210.10.56.0 ~ All IP addresses of 210.10.56.255.
You can use the following command to allow an IP address to access a website:
Allow from 000.000.000.000
The allowed IP address is 000.000.000.000. You can allow the entire network segment like the banned IP address.
If you want to prevent everyone from accessing this directory, you can use:
Deny from all
However, this does not affect the use of the files in this directory by the script program.

Replacement index file
You may not want to use index.htmor index.html as the index file of the directory. For example, if your site uses the php file, you may want to use index. php as the index document for this directory. Of course, you don't have to be limited to the "index" document. If you want to use. htaccess, you can even set foofoo. balh as your index document!
These replace index files can be arranged in a list, and the server will search from left to right to check which document exists in the real directory. If one cannot be found, it will display the Directory List (unless you have disabled the display directory file list ).
DirectoryIndex index. php index. php3 messagebrd. pl index.html index.htm
Redirect (rewrite)
One of the most useful features of. htaccess is to redirect requests to different documents within or outside the same site. This is extremely useful when you change the name of a file but still want users to access it with an old address. Another application (which I found useful) is redirected to a long URL. For example, in my newsletters, I can use a very short URL to point to my member link. The following is an example of a redirection file:
Redirect/location/from/root/file. ext http: // minidx.com/new/file/location.xyz
In the previous example, if the name of "maid" in the rootdirectory is "oldfile.html", you can type:
/Oldfile.html
To access a file in an old sub-directory, enter:
/Old/oldfile.html
You can also use. htaccess to redirect the entire website directory. Assume that you have a directory named olddirectory on your website, and you are already in the http: // website of a new website:
Redirect/olddirectory http: // minidx.com/newdirectory
In this way, any request directed to the/olddirectory directory at the site will be directed again to the new site, including additional URL Information. For example, someone typed:
Http: // minidx.com/olddirecotry/oldfiles/images/image.gif
The request will be redirected:
Http: // minidx.com/newdirectory/oldfiles/images/image.gif
This feature is extremely powerful if used correctly.

Note: Windows Live Writer automatically adds a hyperlink when editing this article at http: //. Therefore, a space is added to the hyperlink, which is not included in this article.

● Password protection
Although there are a variety of. htaccess usage, the most popular and most useful practice is to use it for reliable password protection of website directories. Although JavaScript can also be achieved, only. htaccess has perfect security (that is, visitors must know the password to access the directory, and there is no "backdoor" to go ).
Using. htaccess to add password protection to a directory involves two steps. The first step is to add the appropriate lines of code to your. htaccess document, and then put the. htaccess document in the directory you want to protect:
AuthName "Section Name"
AuthType Basic
AuthUserFile/full/path/to/. htpasswd
Require valid-user
You may need to modify some of the above content based on your website situation, such as replacing "Section Name" with "Members Area" with "Section Name ".
/Full/parth/to/. htpasswd should be replaced with the complete server path pointing to the. htpasswd file (which will be detailed later. If you do not know the complete path of your website space, ask your system administrator.
Password-protected. htpasswd File
Directory password protection ratio. other features of htaccess are troublesome because you must create a document containing the user name and password to access your website. The relevant information (by default) is located in a file named. htpasswd document. Like. like htaccess ,. htpasswd is also a document without a file name and has an 8-bit extension. It can be stored anywhere on your website (the password should be encrypted at this time ), however, it is recommended that you save it outside the Web root directory of the website so that it cannot be accessed through the network.
After creating the. htpasswd document (you can create it in a text editor), enter the user name and password used to access the website:
Username: password
The "password" must be an encrypted password. You can obtain the encrypted password in several ways: First, you can use a permade script provided on the Internet or write it yourself; the other good username/password encryption service is through the KxS website, here, you can enter the user name and password, and then generate a password in the correct format. For multiple users, you only need to add a line in the same format in the. htpasswd document. In addition, there are some free script programs that can easily manage the. htpasswd documentation and automatically Add/Remove users.
When you try to access a directory protected by the. htaccess password, the standard username/password dialog window will pop up in your browser. If you do not like this method, some script programs allow you to embed username/password input boxes in the page for authentication, you can also enter the user name and password (unencrypted) in the URL of your browser in the following ways ):
Http: // username: password@www.website.com/directory/

This is basically the most common practice. If you want to learn more about the use of. htaccess, you can refer to the relevant documentation in the Appache doc.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.