Home > Others

. htaccess overrides, security protection, file access rights

Source: Internet
Author: User
Tags time zones
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Today, in the foreign periodicals it review, I saw a summary of the use of. htaccess, I think it is very good, because WP blog there are other PHP Web Service site Many are used. htaccess to manage issues such as efficiency and security, it is necessary to learn.

1. Time zone settings

Sometimes, when you use the date or Mktime function in PHP, it shows some strange information because of the time zone difference. Here is one way to solve this problem. is to set the time zone of your server. You can find a list of all supported time zones here .

    1. SetEnv? TZ? Australia/melbourne
2. Search engine-friendly 301 Permanent Steering method

Why is this search engine friendly? Because many modern search engines now have the ability to update their existing records according to the Check 301 permanent turn.

    1. redirect?301?http://www.aqee.net/home?http://www.aqee.net/
3. Block the Download dialog box

Usually, when you download something, you'll see a dialog box asking if you'd like to keep the file or open it directly. If you don't want to see this, you can put the following piece of code in your. htaccess file.

    1. Addtype?application/octet-stream?. Pdf
    2. Addtype?application/octet-stream?. Zip
    3. Addtype?application/octet-stream?. mov
4. Omit WWW prefixes

One of the principles of SEO is to make sure that your site has only one URL. Therefore, you need to turn all the access through the WWW to non-www, or reverse this.

    1. Rewriteengine? On
    2. rewritebase?/
    3. Rewritecond?%{http_host}?^www.aqee.net? [NC]
    4. rewriterule?^ (. *) $?http://aqee.net/$1? [l,r=301]
5. Personalize the error page

Customize your own error page for each error code.

    1. errordocument?401?/error/401.php
    2. errordocument?403?/error/403.php
    3. errordocument?404?/error/404.php
    4. errordocument?500?/error/500.php
6. Compressing files

Optimize your website's access speed by compressing your file volume.

    1. # compression? Text,?html,?javascript,?css,?xml:
    2. Addoutputfilterbytype? Deflate?text/plain
    3. Addoutputfilterbytype? Deflate?text/html
    4. Addoutputfilterbytype? Deflate?text/xml
    5. Addoutputfilterbytype? Deflate?text/css
    6. Addoutputfilterbytype? Deflate?application/xml
    7. Addoutputfilterbytype? Deflate?application/xhtml+xml
    8. Addoutputfilterbytype? Deflate?application/rss+xml
    9. Addoutputfilterbytype? Deflate?application/javascript
    10. Addoutputfilterbytype? Deflate?application/x-javascript
7. cache files

Caching files is another good way to improve your website's speed of access.

    1. <filesmatch? ". (flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf) $ ">
    2. Header?set? Cache-control? " Max-age=2592000″
    3. </FilesMatch>
8. Disable the use of caching for certain file types

On the other hand, you can also customize the use of caching for certain file types.

    1. Explicit provisions prohibit the use of caching for scripts and other dynamic files
    2. <filesmatch? ". (pl|php|cgi|spl|scgi|fcgi) $ ">
    3. Header?unset? Cache-control
    4. </FilesMatch>
Security issues

The following htaccess code can improve the security level of your Web server. Image link theft protection is useful to prevent others from stealing image resources on your server.

1. Put hotlinking through. htaccess

Hate the behavior of stealing the image resources on your Web server and draining your bandwidth? Try this, you can prevent this kind of thing from happening.

    1. rewritebase?/
    2. rewritecond?%{http_referer}?! ^$
    3. rewritecond?%{http_referer}?! ^http://(www.)? aqee.net/.*$? [NC]
    4. Rewriterule?. (gif|jpg|swf|flv|png) $?/feed/? [R=302,l]
2. Anti-hacker

If you want to improve the security level of your website, you can remove the following lines of code, which will prevent some common malicious URLs from being matched by hacker attack techniques.

    1. Rewriteengine? On
    2. #?proc/self/environ?? No way!
    3. Rewritecond?%{query_string}?proc/self/environ? [OR]
    4. Block script attempts to modify Mosconfig value by URL
    5. REWRITECOND?%{QUERY_STRING}?MOSCONFIG_[A-ZA-Z_]{1,21} (=|\%3d)? [OR]
    6. # Base64_encode spam that prevents scripts from passing through URLs
    7. Rewritecond?%{query_string}?base64_encode.* (. *)? [OR]
    8. # block scripts that contain <script> tags in URLs
    9. Rewritecond?%{query_string}? (<|%3c). *script.* (>|%3e)? [Nc,or]
    10. # Block a script that attempts to set PHP's globals variable via a URL
    11. Rewritecond?%{query_string}? GLOBALS (=|[| \%[0-9a-z]{0,2})? [OR]
    12. # Block a script that attempts to set PHP's _request variable via a URL
    13. Rewritecond?%{query_string}?_request (=|[| \%[0-9a-z]{0,2})
    14. Turn all blocked requests to the 403 Forbidden prompt page!
    15. rewriterule?^ (. *) $?index.php? [F,l]
3. Block access to your. htaccess file

The following code can prevent someone from accessing your. htaccess file. Similarly, you can also set block multiple file types.

    1. Protect you, htaccess? documents
    2. <files?. Htaccess>
    3. Order?allow,deny
    4. Deny?from?all
    5. </Files>
    6. # Prevent viewing of specified files
    7. <Files?secretfile.jpg>
    8. Order?allow,deny
    9. Deny?from?all
    10. </Files>
    11. #? multiple file types
    12. <filesmatch? ". (HTACCESS|HTPASSWD|INI|PHPS|FLA|PSD|LOG|SH) $ ">
    13. Order? Allow,deny
    14. Deny?from?all
    15. </FilesMatch>
4. Renaming the htaccess file

You can protect it by renaming the htaccess file.

    1. Accessfilename?htacc.ess
5. Prohibit Directory browsing

Prevents the server from displaying the directory structure externally and vice versa.

    1. # Forbidden Directory Browsing
    2. Options? All?-indexes
    3. # Open Directory Browsing
    4. Options? All?+indexes
6. Change the default index page

You can change the default index.html, index.php, or index.htm to another page.

    1. Directoryindex?business.html
7. Blocking some unwelcome visitors by referencing information
    1. # block users from a Web site
    2. <IfModule?mod_rewrite.c>
    3. Rewriteengine?on
    4. Rewritecond?%{http_referer}?scumbag.com? [Nc,or]
    5. Rewritecond?%{http_referer}?wormhole.com? [Nc,or]
    6. Rewriterule?. *?-? F
    7. </ifModule>
8. Block some requests by judging the browser header information

This method can save your bandwidth by blocking some bots or spider crawlers from crawling your site.

    1. # block users from specific websites
    2. <IfModule?mod_rewrite.c>
    3. Setenvifnocase?^user-agent$?. * (Craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider
      |leacher|collector|grabber|webpictures)? Http_safe_badbot
    4. Setenvifnocase?^user-agent$?. * (Libwww-perl|aesop_com_spiderman)? Http_safe_badbot
    5. Deny?from?env=http_safe_badbot
    6. </ifModule>
9. Prohibit script execution and enhance your directory security
      1. # Disable script execution permissions in some directories
      2. Addhandler?cgi-script?. Php?. Pl?. Py?. Jsp?. Asp?. Htm?. sHTML?. Sh?. Cgi
      3. options?-execcgi

Ext.: http://www.cnblogs.com/kenshinobiy/p/5058430.html

. htaccess overrides, security protection, file access rights

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
linux file rights htaccess security file htaccess htaccess file htaccess deny access wordpress htaccess security htaccess file in php

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More