The Apache Web server can manipulate a variety of information through the. htaccess file, which is the default name for a directory-level configuration file, allowing for centralized WEB server configuration management. Can be used to override the global configuration of the server. The purpose of this file is to allow access control configurations for individual directories, such as passwords and content access.
1. The index file of the custom catalog
Copy Code code as follows:
DirectoryIndex index.html index.php index.htm
You can use the above configuration to change the default page of the directory, for example, you put this script in the Foo directory, the user requests/foo/time will visit/foo/index.html.
2. Custom error page
Copy Code code as follows:
ErrorDocument 404 errors/404.html
You can do this when a user accesses a page with an error, such as a page where you can't find the wrong page that you want to display a custom. or a dynamic page:
Copy Code code as follows:
ErrorDocument 404/psych/cgi-bin/error/error?404
3. Control the level of access to files and directories
Htaccess is often used to restrict and deny access to a file and directory, for example, we have a includes folder where we have some scripts that we do not want users to directly access this folder, and the following script enables you to:
Copy Code code as follows:
# no one gets in here!
Deny from all
The above script is to deny all access, and you can reject it according to the IP segment:
# no Nasty crackers in here!
Order Deny,allow
Deny from all
Allow from 192.168.0.0/24
# This would do the same thing.
#allow from 192.168.0
Generally these methods are handled through firewalls, but this is convenient for servers in a production environment.
Sometimes you just want to block an IP access:
Copy Code code as follows:
# someone else giving the ruskies a bad name.
Order Allow,deny
Deny from 83.222.23.219
Allow from all
4. Modifying environment variables
Environment variables contain some extended information about server-side CGI, which can be set and canceled using Setenv and unsetenv.
Copy Code code as follows:
Setenv site_webmaster "Jack sprat"
Setenv Site_webmaster_uri mailto:jack.sprat@characterology.com
Unsetenv REMOTE_ADDR
5.301 redirect
If you want a page to jump to a new page:
Copy Code code as follows:
Redirect 301/old/file.html http://yourdomain.com/new/file.html
The following can be implemented to redirect the entire path:
Copy Code code as follows:
Redirectmatch 301/blog (. *) http://yourdomain.com/$1
6. Implementing caching policies through the htaccess.
By setting up caching of static files on the browser, you can improve the performance of your Web site:
Copy Code code as follows:
# year
<filesmatch "\. (ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4) $ ">
Header set Cache-control "public"
Header set Expires "Thu, APR 20:00:00 GMT"
Header unset last-modified
</FilesMatch>
#2 hours
<filesmatch "\. (html|htm|xml|txt|xsl) $ ">
Header set Cache-control "max-age=7200, Must-revalidate"
</FilesMatch>
<filesmatch "\. (JS|CSS) $ ">
Setoutputfilter DEFLATE
Header set Expires "Thu, APR 20:00:00 GMT"
</FilesMatch>
7. Use GZIP to compress output
Add the following code in. htaccess to compress all CSS, JS, and HTML using the GZIP algorithm:
Copy Code code as follows:
<ifmodule mod_gzip.c>
mod_gzip_on Yes
Mod_gzip_dechunk Yes
Mod_gzip_item_include file \. (html?| TXT|CSS|JS|PHP|PL) $
Mod_gzip_item_include Handler ^cgi-script$
Mod_gzip_item_include MIME ^text/.*
Mod_gzip_item_include MIME ^application/x-javascript.*
Mod_gzip_item_exclude MIME ^image/.*
Mod_gzip_item_exclude Rspheader ^content-encoding:.*gzip.*
</IfModule>
The premise of using the above code is to enable the Mod_gzip module, you can use the following script to determine whether the WEB server provides mod_deflate support:
Copy Code code as follows:
<Location>
Setoutputfilter DEFLATE
Setenvifnocase request_uri \
\. (?: gif|jpe?g|png) $ no-gzip dont-vary
Setenvifnocase request_uri \
\. (?: Exe|t?gz|zip|gz2|sit|rar) $ no-gzip dont-vary
</Location>
If the WEB server does not support Mod_deflate, you can use the following methods:
Copy Code code as follows:
<filesmatch "\. (txt|html|htm|php) ">
Php_value Output_handler Ob_gzhandler
</FilesMatch>
8. Force request to use HTTPS access
The following script can force the entire Web site to be accessed by using https:
Copy Code code as follows:
Rewriteengine on
Rewritecond%{https}!on
Rewriterule (. *) Https://%{http_host}%{request_uri}
9. URL Rewrite
For example, to rewrite product.php?id=12 to product-12.html
Copy Code code as follows:
Rewriteengine on
Rewriterule ^product-([0-9]+) \.html$ product.php?id=$1
Rewrite product.php?id=12 as product/ipod-nano/12.html
Copy Code code as follows:
Rewriteengine on
Rewriterule ^product/([a-za-z0-9_-]+)/([0-9]+) \.html$ product.php?id=$2
REDIRECT does not have www to www URL address:
Copy Code code as follows:
Rewriteengine on
Rewritecond%{http_host} ^viralpatel\.net$
Rewriterule (. *) http://www.viralpatel.net/$1 [r=301,l]
Rewrite yoursite.com/user.php?username=xyz to yoursite.com/xyz
Copy Code code as follows:
Rewriteengine on
Rewriterule ^ ([a-za-z0-9_-]+) $ user.php?username=$1
Rewriterule ^ ([a-za-z0-9_-]+)/$ user.php?username=$1
Redirect a domain name to a public_html new subfolder:
Copy Code code as follows:
Rewriteengine on
Rewritecond%{http_host} ^test\.com$ [OR]
Rewritecond%{http_host} ^www\.test\.com$
Rewritecond%{request_uri}!^/new/
Rewriterule (. *)/new/$1
10. Block Listing Directory files
Use the following code to prevent all files in the list directory:
Copy Code code as follows:
Or
Copy Code code as follows:
11. Add a new Mime-types
Mime-types dependent on file extensions, file extensions that could not be recognized as text data transfer
Copy Code code as follows:
AddType Application/x-endnote-connection Enz
AddType Application/x-endnote-filter Enf
AddType application/x-spss-savefile sav
12. Anti-Theft Chain
You do not want someone else's site to reference your station pictures, CSS and other static files, that is, the legendary anti-theft chain, you can use the following script:
Copy Code code as follows:
Rewritecond%{http_referer}!^$
Rewritecond%{request_uri}!^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/). * [NC]
Rewritecond%{http_referer}!^http://www.askapache.com.*$ [NC]
Rewriterule \. (ICO|PDF|FLV|JPG|JPEG|MP3|MPG|MP4|MOV|WAV|WMV|PNG|GIF|SWF|CSS|JS) $-[f,ns,l]
13. Specify the size limit of uploaded files, applicable to PHP
Copy Code code as follows:
Php_value upload_max_filesize 20M
Php_value post_max_size 20M
Php_value Max_execution_time 200
Php_value Max_input_time 200
The above script, through four parameters to set the limit of the upload file, the first parameter is the size of the file, the second is the size of the POST data, the third is the transmission time (in seconds), the last one is to resolve the upload data to spend the most time (in seconds)
14. Prohibit script execution
Copy Code code as follows:
options-execcgi
AddHandler cgi-script. php. pl. py. jsp. asp. htm. shtml. Sh.
15. Modify character set and language header
Copy Code code as follows:
Adddefaultcharset UTF-8
DefaultLanguage en-US
16. Set the server time zone (GMT)
Copy Code code as follows:
Setenv TZ America/indianapolis
17. Force the "File Save as" prompt
Copy Code code as follows:
AddType application/octet-stream. avi. mov. pdf. xls. mp4
18. Protect Individual files
Normally. Htaccess can be used to restrict access to the entire directory, but you can limit only one file:
Copy Code code as follows:
<files quiz.html>
Order Deny,allow
Deny from all
AuthType Basic
AuthName "Characterology Student authcate"
Authldap on
Authldapserver ldap://directory.characterology.com/
Authldapbase "Ou=student, o=characterology University, C=au"
Require Valid-user
Satisfy any
</Files>
19. Set Cookies
Setting cookies through environment variables
Copy Code code as follows:
Header set Set-cookie "LANGUAGE=%{LANG}E; path=/; "Env=lang
Sets a cookie based on the request that sends the Set-cookie header to set the cookie value to the match in the second bracket
Copy Code code as follows:
Rewriteengine on
Rewritebase/
Rewriterule ^ (. *) (De|es|fr|it|ja|ru|en)/$-[co=lang:$2:.yourserver.com:7200:/]
20. Set the customized response Headers
Copy Code code as follows:
Header set P3P "policyref=\" http://www.askapache.com/w3c/p3p.xml\ ""
Header set X-pingback "http://www.askapache.com/xmlrpc.php"
Header set Content-language "en-US"
Header set Vary "Accept-encoding"
21. Block requests According to User-agent
Copy Code code as follows:
Setenvifnocase ^user-agent$. * (craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher| Collector|grabber|webpictures) Http_safe_badbot
Setenvifnocase ^user-agent$. * (Libwww-perl|aesop_com_spiderman) Http_safe_badbot
Deny from Env=http_safe_badbot