. Htaccess in apache and apache support for. htaccess

. Htaccess in apache and apache support for. htaccess

. Htaccess file function: "distributed configuration file" provides a method for changing the configuration of directories, that is, to place a file containing one or more commands in a specific document directory, to act on this directory and all its subdirectories. As a user, the commands that can be used are restricted. The administrator can set commands in the. Subdirectory through the AllowOverride command of Apache to overwrite the commands in the higher level directory or master server configuration file.

1. Locate the error document

(1) common client request error return code:

401 Authorization Required 403 Forbidden 404 Not Found 405 Method Not Allowed 408 Request Timed Out 411 Content Length Required 412 Precondition Failed 413 Request Entity Too Long 414 Request URI Too Long 415 Unsupported Media Type
(2) Common server error return code:

500 Internal Server Error
(3) you can use. htaccess to specify the error reminder page you have prepared in advance. Generally, you can set up a directory, such as errors, to place these pages. Then, add the following command to. htaccess:

ErrorDocument 404/errors/notfound.html ErrorDocument 500/errors/internalerror.html one command line.

The first instruction above indicates that for 404, that is, when the required document is not found, the page displays the notfound.html page under the/errorsdirectory. The syntax format is as follows:

ErrorDocument error code/directory name/file name. Extension
If there is very little information to be prompted, you do not have to create a page and use the HTML code directly in the command. For example, the following example:

ErrorDocument 401 "<body bgcolor = # ffffff>
You are not authorized to access this page!
</Body>"
2. Document access password protection: to use. htaccess to set the access user and password for documents in a directory, you must first generate a. htpasswd text document, for example:

Zheng: y4E7Ep8e7EYV
Here, the password is encrypted. You can find some tools to encrypt the password into the encoding supported by. htaccess. This document should not be stored in the www Directory. It is recommended that it be stored outside the www root directory file, which is safer.

With the authorization user documentation, you can add the following commands to. htaccess:

AuthUserFile. htpasswd's server directory AuthGroupFile/dev/null (the directory to be authorized to access) AuthName EnterPassword AuthType Basic (authorization type)
Require user wsabstract (users allowed to access, if you want all users in the table to allow, you can use require valid-user)

Note: The brackets are the comments you have added during learning.

3. Deny access from an IP address

If I don't want a government department to access the content of my site, I can add the department's IP address in. htaccess to reject them. For example:

Order allow, deny from 210.21.112.43deny from 219.146.95 allow from all
Note: The second line rejects an IP address, and the third line rejects an IP segment, that is, 219.146.95.0 ~ 219.146.95.255 want to reject all users? Use deny from all. You can use a domain name instead of an IP address.

IV. Protection of. htaccess documents

When you use. htaccess to set password protection for a directory, it contains the path of the password file. In terms of security, it is necessary to protect. htaccess from being visible to others. Although this can be done in other ways, such as document permissions. However,. htaccess can also be achieved by adding the following command:

<Files. htaccess> order allow, deny from all </Files>
V. URL redirection

We may have re-planned the website, migrated the document, or changed the directory. At this time, access from search engines or other websites may fail. In this case, you can use the following command to automatically redirect the old URL to the new address:

Redirect/old directory/old document name the address of the new document or the redirection of the entire directory: Redirect the old directory new directory changes the default homepage file
In general, the default homepage file names include default and index. However, sometimes there is no default file in the directory, but a specific file name, such as The pmwiki. php Tutorial in pmwiki. In this case, it is very difficult for users to remember the file name for access. You can easily set a new default file name in. htaccess:

New default file name of DirectoryIndex
You can also list multiple items. The order indicates the priority between them,

For example:

DirectoryIndex filename.html index. cgi index. pl default.htm

 

II. Use the. htaccess configuration file
When configuring Apache, in addition to configuring access control in the master configuration file (http. conf), you can also use the. htaccess file to configure access control for the specified directory. You can use the. htaccess file to change the configuration in the main configuration file, but it can only set access control for the specified directory, which is the directory where the. htaccess file is stored. After a. htaccess file is set in a directory, Apache will read the configuration of the file to overwrite the configuration of the main configuration file (http. conf) when you access the Directory using a browser.
Note:
1. Modify the. htaccess file to take effect immediately without restarting the Apache server.
2. Avoid using the. htaccess file whenever possible, because using the. htaccess file will reduce the running performance of the server.
When to use the. htaccess file:
The. htaccess file is required in the following two cases:
* Separate configurations among multiple users
* If you want to change the server configuration without restarting the server
To use the. htaccess file, you must go through two configuration steps:
* First, enable and control the use of the. htaccess file in the main configuration file.
* The. htaccess file is generated in the directory that needs to overwrite the main configuration file.
Enable and control the use of the. htaccess file in the main configuration file
1. Set the file name
Make sure that the main configuration file contains the following configuration statements:
AccessFileName. htaccess
<Files ~ "^. Htaccess">
Order allow, deny
Deny from all
</Files>

2. Control the command groups that can be used in the. htaccess file
To control the command groups that can be used in the. htaccess file, you must use the AllowOverride command in the main configuration file. The following lists the command groups that can be used in the AllowOverride command.
Instructions available for instruction groups
======================================
AuthConfig
AuthDBMGroupFile, AuthDBMUserFile, AuthGroupFile, AuthName, AuthType, AuthUserFile, Require
Related commands for authentication, authorization, and security
==================================
FileInfo
DefaultType, ErrorDocument, ForceType, LanguagePriority, SetHandler, SetInputFilter, SetOutputFilter
Commands for controlling file processing methods
==================================
Indexes
AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, DirectoryIndex, FancyIndexing, HeaderName, IndexIgnore, IndexOptions, ReadmeName
Commands for controlling the directory list
====================================
Limit
Allow, Deny, Order
Commands for directory access control
====================================
Options
Options, XBitHack

Enable various options that cannot be used in the main configuration file

==================================

All

All command groups

All the preceding commands can be used.

==================================

None

Disable all commands

Disable the processing of. htaccess files

====================================

3. Generate A. htaccess file

After enabling and controlling the. htaccess file is configured in the main configuration file, you can generate the. htaccess file in the directory that needs to overwrite the main configuration file .. The configuration commands available in the htaccess file depend on the settings of the AllowOverride command in the main configuration file.

4. Example of using the. htaccess file

The following is a simple example to illustrate how to use the. htaccess file.

// Generate a private directory under the root directory of the document and create a test file

# Cd/var/www/html

# Mkdir private

# Cd private

# Touch test

// View the result in the client browser before modifying the configuration.

// Modify the master configuration file

# Vi/etc/httpd/conf/httpd. conf

// Add the following configuration statement

<Directory "/var/www/html/private">
AllowOverride Options
</Directory>

#

// Restart httpd

# Service httpd restart

// Generate the. htaccess file in the/var/www/html/private Directory

# Vi/var/www/html/private/. htaccess

// Add the following configuration statement

Options-Indexes

#

// View the result in the client browser.

// Access to the private directory does not generate a file list

III. Configuration of the. htaccess file

Apache can be configured using special files distributed in the entire webpage structure. These special files are usually called. htaccess, and can be changed using the AccessFileName command .. The command scope in the htaccess file is the directory where it is stored and all its subdirectories .. The syntax of the htaccess file is the same as that of the main configuration file. Because the. htaccess file is read for each request, changes to these files will take effect immediately.

You can refer to the Context to learn the commands that can be placed in the. htaccess file. The server administrator can use the AllowOverride command to determine the commands that can take effect in the. htaccess file.

. The htaccess file (or "distributed configuration file") provides a method for changing the configuration of directories, that is, to place a file containing one or more commands in a specific document directory, to act on this directory and all its subdirectories. As a user, the commands that can be used are restricted. The administrator can set the parameter through the AllowOverride command of Apache.

The commands in the subdirectory overwrite the commands in the more advanced directory or master server configuration file.

-. Htaccess must be uploaded in ASCII mode. It is best to set its permission to 644.

1. Locate the error document

Common client request error return code:
401 Authorization Required
403 Forbidden
404 Not Found
405 Method Not Allowed
408 Request Timed Out
411 Content Length Required
412 Precondition Failed
413 Request Entity Too Long
414 Request URI Too Long
415 Unsupported Media Type
Common server error response code:
500 Internal Server Error
You can use. htaccess to specify the error reminder page you have created in advance. Generally, you can set up a directory, such as errors, to place these pages. Then, add the following command to. htaccess:
ErrorDocument 404/errors/notfound.html
ErrorDocument 500/errors/internalerror.html
One command line. The first instruction above indicates that for 404, that is, when the required document is not found, the page displays the notfound.html page under the/errorsdirectory. The syntax format is as follows:
ErrorDocument error code/directory name/file name. Extension
If there is very little information to be prompted, you do not have to create a page and use the HTML code directly in the command. For example, the following example:
ErrorDocument 401 "you are not authorized to access this page. Please give up !"

2. Password protection for document access

To use. htaccess to set the access user and password for a document in a directory, you must first generate a. htpasswd text document, for example:
Martin: 123456
Here, the password is encrypted. You can find some tools to encrypt the password into the encoding supported by. htaccess. This document should not be stored in the www Directory. It is recommended that it be stored outside the www root directory file, which is safer.
With the authorization user documentation, you can add the following commands to. htaccess:
AuthUserFile. htpasswd server directory
AuthGroupFile/dev/null (directory to be authorized)
AuthName EnterPassword
AuthType Basic (authorization type)
Require user wsabstract (users allowed to access, if you want all users in the table to allow, you can use require valid-user)

3. Deny access from an IP address

If I don't want a government department to access the content of my site, I can add the department's IP address in. htaccess to reject them.

For example:
Order allow, deny
Deny from 210.10.56.32
Deny from 219.5.45.
Allow from all

The second line rejects an IP address, and the third line rejects an IP segment, that is, 219.5.45.0 ~ 219.2.45.255. Want to reject everyone? Use deny from all. You can use a domain name instead of an IP address.

4. Protect. htaccess documents

When you use. htaccess to set password protection for a directory, it contains the path of the password file. In terms of security, it is necessary to protect. htaccess from being visible to others. Although this can be done in other ways, such as document permissions. However,. htaccess can also be achieved by adding the following command:
Order allow, deny
Deny from all

5. URL redirection

We may have re-planned the website, migrated the document, or changed the directory. At this time, access from search engines or other websites may fail. In this case, you can use the following command to automatically redirect the old URL to the new address:
Redirect/old directory/address of the new document with the old document name
Or the entire directory's redirection:
New directory in the old Redirect Directory

6. Change the default homepage file

In general, the default homepage file names include default and index. However, sometimes there is no default file in the directory, but a specific file name, such as pmwiki. php in pmwiki. In this case, it is very difficult for users to remember the file name for access. You can easily set a new default file name in. htaccess:
New default file name of DirectoryIndex
You can also list multiple priorities in sequence, for example:
DirectoryIndex filename.html index. cgi index. pl default.htm

7. Use. htaccess to access and Stop leeching. If an image on your website is referenced by more than N other websites, this may cause your server performance to decline, use the following code to protect some popular links from being referenced too much.

Options + FollowSymlinks
# Protect Hotlinking
RewriteEngine On
RewriteCond % {HTTP_REFERER }! ^ $
RewriteCond % {HTTP_REFERER }! ^ Http: // (www .)? Domainname.com/[nc]
RewriteRule. *. (gif | jpg | png) $ yun_qi_img/hotlink_f_o.png [nc]

8. Set the time zone of the website

SetEnv TZ America/Houston

9. Blocked IP list

Sometimes, you need to block some access by IP address. Whether it is an IP address or a network segment, this is a very simple task, as shown below:

Allow from all
Deny from 145.186.14.122
Deny from 124.15

Apache returns the 403 error for the rejected IP address.

10. Transfer some old links to new links-search engine optimization SEO

Redirect 301/d/file.html http://www.htaccesselite.com/r/file.html

11. Set email for the server administrator.

ServerSignature EMail
SetEnv SERVER_ADMIN default@domain.com

12. Block all requests from the User Agent

#. Htaccess Code: BEGIN
# Block Bad Bots by user-Agent
SetEnvIfNoCase user-Agent ^ FrontPage [NC, OR]
SetEnvIfNoCase user-Agent ^ Java. * [NC, OR]
SetEnvIfNoCase user-Agent ^ Microsoft. URL [NC, OR]
SetEnvIfNoCase user-Agent ^ MSFrontPage [NC, OR]
SetEnvIfNoCase user-Agent ^ Offline. Explorer [NC, OR]
SetEnvIfNoCase user-Agent ^ [Ww] eb [Bb] andit [NC, OR]
SetEnvIfNoCase user-Agent ^ Zeus [NC]
Order Allow, Deny
Allow from all
Deny from env = bad_bot
#. Htaccess Code: END

13. Redirect requests from some special IP addresses to other sites

ErrorDocument 403 http://www.youdomain.com
Order deny, allow
Deny from all
Allow from ip
Allow from ip

14. directly open the file instead of downloading it. Normally, when opening the online file, a dialog box is always displayed asking whether to download or directly open the file. This problem will not occur if you use the following settings, open directly.

AddType application/octet-stream. pdf
AddType application/octet-stream. zip
AddType application/octet-stream. mov

15. Modify the file type-the following example allows the server to interpret any file as PHP. For example, myphp, cgi, and phtml.

ForceType application/x-httpd-php
SetHandler application/x-httpd-php

16. Block access to. htaccess files

# Secure htaccess file
Order allow, deny
Deny from all

17. Protect files on the server from being accessed

# Prevent access of a certain file order allow, deny
Deny from all

18. Blocking directory browsing

# Disable directory browsing
Options All-Indexes

19. Password Authentication-you can create a file for authentication. The following is an example:

# To protect a file

AuthType Basic

AuthName "Prompt"

AuthUserFile/home/path/. htpasswd

Require valid-user

# Password-protect a directory

Resides

AuthType basic

AuthName "This directory is protected"

AuthUserFile/home/path/. htpasswd

AuthGroupFile/dev/null

Require valid-user

Configure apache to support. htaccess

Open the default site configuration file (do not modify apache2.conf because apache2.conf will include this configuration file)
Code:
Gksu gedit/etc/apache2/sites-available/default
First introduce the default configuration
Code:
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow, deny
Allow from all
Options Indexes FollowSymLinks MultiViews
Indexedindicates that the directory content is generated as a webpage containing subdirectories and file hyperlink lists when you cannot find the internal web page (such as index.htm;
FollowSymLinks indicates that if A link exists in the file system, you can also access it by link during URL access. That is, if you create A link file for directory A to directory B, double-click File A under file B to access file A. You can also use http: //… in the URL ://.... B/A to access;
Multiviews. If index.htm is not found in the directory, index. php is automatically searched for and some settings for the same access are used.
AllowOverride indicates whether the access permission of a directory and its subdirectories can be controlled using the. htaccess file.
Order allow, deny indicates that the Allow command is evaluated before the Deny Command. By default, all accesses are prohibited. Any customer that does not match the Allow command or the Deny Command will be banned from accessing the server.
Solution: add
Code:
AllowOverride All
Order allow, deny
Allow from 127.0.0.1
The first directory path is the path when apache is actually accessed, because I gave phpmyadmin a link to/var/www /, therefore, apache accesses phpmyadmin through/var/www/phpmyadmin instead of/usr/share/phpmyadmin. And if you use multiple links, for example, the directory link/var/www/admin/phpmyadmin, you need to write another
Secondly, because/var/www sets allow from all, if we only want the local machine to access phpmyadmin, we need to overwrite the original settings,
Code:
Order allow, deny
Allow from 127.0.0.1
Set phpmyadmin and its subdirectories to allow. htaccess file control access permissions.
Code:
AllowOverride All
Apache commands
Disable apache
Code:
Sudo/usr/sbin/apache2ctl stop
Start apache
Code:
Sudo/usr/sbin/apache2ctl start
Restart apache (sometimes the restart does not change the settings. You need to disable or restart apache)
Code:
Sudo/usr/sbin/apache2ctl restart
Restart firefox and apache and then access it.
If phpmyadmin enables. htaccess permission control and does not appear in the parent directory list, you can directly access http: // localhost/phpmyadmin through URL.
Apache and other detailed documentation http://www.111cn.net/n86/
Tags: configuration, supported,. htaccess