Today, in the foreign periodicals it review, I saw a summary of the use of. htaccess, I think it is very good, because WP blog there are other PHP Web Service site Many are used. htaccess to manage issues such as efficiency and security, it is necessary to learn.
1. Time zone settings
Sometimes, when you use the date or Mktime function in PHP, it shows some strange information because of the time zone difference. Here is one way to solve this problem. is to set the time zone of your server. You can find a list of all supported time zones here .
- SetEnv? TZ? Australia/melbourne
2. Search engine-friendly 301 Permanent Steering method
Why is this search engine friendly? Because many modern search engines now have the ability to update their existing records according to the Check 301 permanent turn.
- redirect?301?http://www.aqee.net/home?http://www.aqee.net/
3. Block the Download dialog box
Usually, when you download something, you'll see a dialog box asking if you'd like to keep the file or open it directly. If you don't want to see this, you can put the following piece of code in your. htaccess file.
- Addtype?application/octet-stream?. Pdf
- Addtype?application/octet-stream?. Zip
- Addtype?application/octet-stream?. mov
4. Omit WWW prefixes
One of the principles of SEO is to make sure that your site has only one URL. Therefore, you need to turn all the access through the WWW to non-www, or reverse this.
- Rewriteengine? On
- rewritebase?/
- Rewritecond?%{http_host}?^www.aqee.net? [NC]
- rewriterule?^ (. *) $?http://aqee.net/$1? [l,r=301]
5. Personalize the error page
Customize your own error page for each error code.
- errordocument?401?/error/401.php
- errordocument?403?/error/403.php
- errordocument?404?/error/404.php
- errordocument?500?/error/500.php
6. Compressing files
Optimize your website's access speed by compressing your file volume.
- # compression? Text,?html,?javascript,?css,?xml:
- Addoutputfilterbytype? Deflate?text/plain
- Addoutputfilterbytype? Deflate?text/html
- Addoutputfilterbytype? Deflate?text/xml
- Addoutputfilterbytype? Deflate?text/css
- Addoutputfilterbytype? Deflate?application/xml
- Addoutputfilterbytype? Deflate?application/xhtml+xml
- Addoutputfilterbytype? Deflate?application/rss+xml
- Addoutputfilterbytype? Deflate?application/javascript
- Addoutputfilterbytype? Deflate?application/x-javascript
7. cache files
Caching files is another good way to improve your website's speed of access.
- <filesmatch? ". (flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf) $ ">
- Header?set? Cache-control? " Max-age=2592000″
- </FilesMatch>
8. Disable the use of caching for certain file types
On the other hand, you can also customize the use of caching for certain file types.
- Explicit provisions prohibit the use of caching for scripts and other dynamic files
- <filesmatch? ". (pl|php|cgi|spl|scgi|fcgi) $ ">
- Header?unset? Cache-control
- </FilesMatch>
Security issues
The following htaccess code can improve the security level of your Web server. Image link theft protection is useful to prevent others from stealing image resources on your server.
1. Put hotlinking through. htaccess
Hate the behavior of stealing the image resources on your Web server and draining your bandwidth? Try this, you can prevent this kind of thing from happening.
- rewritebase?/
- rewritecond?%{http_referer}?! ^$
- rewritecond?%{http_referer}?! ^http://(www.)? aqee.net/.*$? [NC]
- Rewriterule?. (gif|jpg|swf|flv|png) $?/feed/? [R=302,l]
2. Anti-hacker
If you want to improve the security level of your website, you can remove the following lines of code, which will prevent some common malicious URLs from being matched by hacker attack techniques.
- Rewriteengine? On
- #?proc/self/environ?? No way!
- Rewritecond?%{query_string}?proc/self/environ? [OR]
- Block script attempts to modify Mosconfig value by URL
- REWRITECOND?%{QUERY_STRING}?MOSCONFIG_[A-ZA-Z_]{1,21} (=|\%3d)? [OR]
- # Base64_encode spam that prevents scripts from passing through URLs
- Rewritecond?%{query_string}?base64_encode.* (. *)? [OR]
- # block scripts that contain <script> tags in URLs
- Rewritecond?%{query_string}? (<|%3c). *script.* (>|%3e)? [Nc,or]
- # Block a script that attempts to set PHP's globals variable via a URL
- Rewritecond?%{query_string}? GLOBALS (=|[| \%[0-9a-z]{0,2})? [OR]
- # Block a script that attempts to set PHP's _request variable via a URL
- Rewritecond?%{query_string}?_request (=|[| \%[0-9a-z]{0,2})
- Turn all blocked requests to the 403 Forbidden prompt page!
- rewriterule?^ (. *) $?index.php? [F,l]
3. Block access to your. htaccess file
The following code can prevent someone from accessing your. htaccess file. Similarly, you can also set block multiple file types.
- Protect you, htaccess? documents
- <files?. Htaccess>
- Order?allow,deny
- Deny?from?all
- </Files>
- # Prevent viewing of specified files
- <Files?secretfile.jpg>
- Order?allow,deny
- Deny?from?all
- </Files>
- #? multiple file types
- <filesmatch? ". (HTACCESS|HTPASSWD|INI|PHPS|FLA|PSD|LOG|SH) $ ">
- Order? Allow,deny
- Deny?from?all
- </FilesMatch>
4. Renaming the htaccess file
You can protect it by renaming the htaccess file.
- Accessfilename?htacc.ess
5. Prohibit Directory browsing
Prevents the server from displaying the directory structure externally and vice versa.
- # Forbidden Directory Browsing
- Options? All?-indexes
- # Open Directory Browsing
- Options? All?+indexes
6. Change the default index page
You can change the default index.html, index.php, or index.htm to another page.
- Directoryindex?business.html
7. Blocking some unwelcome visitors by referencing information
- # block users from a Web site
- <IfModule?mod_rewrite.c>
- Rewriteengine?on
- Rewritecond?%{http_referer}?scumbag.com? [Nc,or]
- Rewritecond?%{http_referer}?wormhole.com? [Nc,or]
- Rewriterule?. *?-? F
- </ifModule>
8. Block some requests by judging the browser header information
This method can save your bandwidth by blocking some bots or spider crawlers from crawling your site.
- # block users from specific websites
- <IfModule?mod_rewrite.c>
- Setenvifnocase?^user-agent$?. * (Craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider
|leacher|collector|grabber|webpictures)? Http_safe_badbot
- Setenvifnocase?^user-agent$?. * (Libwww-perl|aesop_com_spiderman)? Http_safe_badbot
- Deny?from?env=http_safe_badbot
- </ifModule>
9. Prohibit script execution and enhance your directory security
- # Disable script execution permissions in some directories
- Addhandler?cgi-script?. Php?. Pl?. Py?. Jsp?. Asp?. Htm?. sHTML?. Sh?. Cgi
- options?-execcgi
. htaccess overrides, security protection, file access rights