A summary of the detailed understanding and configuration techniques of Apache. htaccess file _linux

Source: Internet
Author: User
Tags time zones password protection

I. The basic role of htaccess

. htaccess is a plain text file containing instructions for Apache server configuration.
The main roles of htaccess are URL rewriting, custom error pages, MIME type configuration, and access control. Mainly embodied in the application of pseudo static, picture anti-theft chain, custom 404 error page, block/allow specific IP/IP segment, Directory Browsing and home page, prohibit access to the specified file type, file password protection.
The purpose of the htaccess is mainly for the current directory.


Second, enable. htaccess Configuration
Enable. htaccess, you need to modify httpd.conf, enable allowoverride, and you can use allowoverride to limit the use of specific commands.
After opening the httpd.conf file with a text editor, find

Copy Code code as follows:

<directory/>
Options FollowSymLinks
AllowOverride None
</Directory>
To
<directory/>
Options FollowSymLinks
AllowOverride All
</Directory>

If you need to use a filename other than. htaccess, you can change it with the Accessfilename directive. For example, if you need to use. config, you can configure it in the server configuration file in the following ways:
Copy Code code as follows:
Accessfilename. config

Iii.. htaccess access Control

1, access control base: Order command

To restrict access to some key directories, you usually Add. htaccess files, which are commonly written as follows:

Copy Code code as follows:

<files ~ "^.*\. ([Ll][oo][gg]) | ([Ee][xx][ee]) ">
Order Allow,deny
Deny from all
</Files>

Description

(1) The Wave line after the Files to enable the "regular expression", the simple wording is: <files *>.

(2) Order command: With the Allow,deny argument, Apache first finds and applies the Allow command, and then applies the Deny command to block all access, or use Deny,allow.

Four, URL rewrite

Here is a simple example of a URL rewrite rule:

Copy Code code as follows:

# Open the Rewriteengine mode
Rewriteengine on
# Rewrite System rules do not modify
Rewriterule ^p/([0-9]+) \.html$ index.php?post_id=$1
Rewriterule ^u-(Username|uid)-(. +) \.html$ space.php?$1=$2

Where rewriteengine represents the opening URL rewrite, rewriterule is the overriding rule.

V. Configuration Error page

The basic syntax is as follows:

Copy Code code as follows:

# Custom Error Documents
ErrorDocument 401/err/401.php
ErrorDocument 403/err/403.php
ErrorDocument 404/err/404.php
ErrorDocument 500/err/500.php

Vi. htaccess common commands and configuration tips
1. Disable display of directory listings
Sometimes, for some reason, there is no index file in your directory, which means that when someone has typed the path to the directory in the browser's address bar, all the files in that directory will be displayed, which will leave a security risk to your site.
To avoid this situation (without having to create a bunch of new index files), you can type the following command in your. htaccess document to block
Display of directory Listings:

Copy Code code as follows:
Options-indexes

2. Block/allow specific IP address
In some cases, you may want to allow only certain IP users to access your site (for example, only users of a particular ISP are allowed to enter a directory), or you might want to block certain IP addresses (for example, isolating low-level users from your information layout). Of course, this is only useful when you know the IP address you want to intercept, but most users on the Web now use dynamic IP addresses, so this is not a common way to restrict usage.
You can use the following command to block an IP address:
Copy Code code as follows:
Deny from 000.000.000.000

The 000.000.000.000 here is the banned IP address, and if you specify only a few of them, you can block the entire network segment's address. If you enter 210.10.56, you will ban all IP addresses for 210.10.56.0~210.10.56.255.
You can use the following command to allow an IP address to access a Web site:
Copy Code code as follows:
Allow from 000.000.000.000

The allowed IP address is 000.000.000.000, and you can allow the entire network segment as if you were banned from IP addresses.
If you want to prevent everyone from accessing the directory, you can use:
Copy Code code as follows:
Deny from all

This does not, however, affect the scripting program's use of documents in this directory.
3. Replace the index file
Maybe you don't want to always use index.htm or index.html as the index file for the directory. For example, if your site uses PHP files, you might want to use index.php as the index document for that directory. Of course, you don't have to limit yourself to "index" documents, if you want to, use. htaccess you can even set up Foofoo.balh to be your index document!
These alternate index files can be lined up in a list, and the server searches from left to right to check which documents exist in the real directory. If one is not found, it will display the list of directories (unless you have turned off the list of directory files).
Copy Code code as follows:
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm

4. Redirect (rewrite)
One of the most useful features of htaccess is redirecting requests to different documents within or outside the station. This becomes extremely useful when you change a file name, but still want users to access it with their old address. Another application (which I found useful) is to redirect to a long URL, for example, in my newsletter, I can use a very short URL to point to my affiliate link. The following is an example of a redirected file:
Copy Code code as follows:
Redirect/location/from/root/file.ext http:///new/file/location.xyz

In the example above, access to the root directory named oldfile.html can be typed:
Copy Code code as follows:
/oldfile.html

To access a file in an older subdirectory, you can type:
Copy Code code as follows:
/old/oldfile.html

You can also use the. htaccess to redirect the entire Web site's directory. If you have a directory named OldDirectory on your site, and you have set up the same document on a new website http:///newdirectory/, you can redirect all files in the old directory without one by one statements:
Copy Code code as follows:
Redirect/olddirectory http:///newdirectory

In this way, any request to the/olddirectory directory in the site will be pointed back to the new site, including additional URL information. For example, someone type:
Copy Code code as follows:
http:///olddirecotry/oldfiles/images/image.gif

The request will be redirected to:
Copy Code code as follows:
http:///newdirectory/oldfiles/images/image.gif

If used correctly, this feature will be extremely powerful.

Vii. Security Configuration
The following htaccess code can improve the security level of your Web server. Image link theft protection is very useful, it can prevent others from stealing the use of your server image resources.
1. Adoption. htaccess put hotlinking
Hate the behavior that steals your bandwidth by stealing picture resources from your Web server? Try this, and you can prevent it from happening.

Copy Code code as follows:
Rewritebase/
Rewritecond%{http_referer}!^$
Rewritecond%{http_referer}!^http://(www.)? aqee.net/.*$ [NC]
Rewriterule. (gif|jpg|swf|flv|png) $/feed/[r=302,l]

2. Anti-hacker
If you want to improve the security level of the site, you can remove the following lines of code, which can prevent some common malicious URL matching hacker attack technology.
Copy Code code as follows:
Rewriteengine on

# Proc/self/environ? No way!
Rewritecond%{query_string} Proc/self/environ [OR]

# block script attempts to modify Mosconfig value via URL
Rewritecond%{query_string} mosconfig_[a-za-z_]{1,21} (=|%3d) [OR]

# block Base64_encode spam messages that scripts pass through URLs
Rewritecond%{query_string} base64_encode.* (. *) [OR]

# block scripts that contain <script> tags in URLs
Rewritecond%{query_string} (<|%3c). *script.* (>|%3e) [Nc,or]

# block script that attempts to set PHP's globals variable via URL
Rewritecond%{query_string} GLOBALS (=|[| %[0-9a-z]{0,2}) [OR]

# block script that attempts to set PHP's _request variable via URL
Rewritecond%{query_string} _request (=|[| %[0-9a-z]{0,2})

# turn all blocked requests to the 403 Stop prompt page!
Rewriterule ^ (. *) $ index.php [f,l]

3. Block access to your. htaccess file or to a file of the specified type
The following code can prevent someone from accessing your. htaccess file. Similarly, you can also set blocks for multiple file types.
# to protect your htaccess files
<files .htaccess>
Order Allow,deny
Deny from all
</Files>

# prevents viewing of specified files
<files secretfile.jpg>
Order Allow,deny
Deny from all
</Files>

# Multiple file types
<filesmatch ". (HTACCESS|HTPASSWD|INI|PHPS|FLA|PSD|LOG|SH) $ ">
Order Allow,deny
Deny from all
</filesmatch>[/code]
4. Prohibit script execution, enhance your directory security
Copy Code code as follows:
# Disable script execution permissions in certain directories
AddHandler cgi-script. php. pl. py. jsp. asp. htm. shtml. Sh.
options-execcgi


Eight, some commonly used settings
1. Time zone settings
Sometimes, when you use the date or Mktime function in PHP, it will show some very strange information because of the different time zones. Here is one way to solve this problem. is to set your server's time zone. You can find a list of all the supported time zones here.
1.SETENV TZ Australia/melbourne
2. seo/seo.html "target=" _blank "> Search Engine Friendly 301 Permanent steering method
Why is this search engine friendly? Because now many modern search engines have the ability to update their existing records based on a permanent turn to check 301.

Copy Code code as follows:
Redirect Http://www.aqee.net/home http://www.aqee.net/

3. Screen Download dialog box
Typically, when you download something, you see a dialog box asking whether you are keeping the file or opening it directly. If you don't want to see this, you can put the following piece of code in your. htaccess file.
Copy Code code as follows:
AddType Application/octet-stream. pdf
AddType application/octet-stream. zip
AddType Application/octet-stream. mov

4. Omit www prefix
One of the principles of SEO is to make sure that your site has only one URL. Therefore, you need to turn all the access through WWW to non-www, or to reverse this.
Copy Code code as follows:
Rewriteengine on
Rewritebase/
Rewritecond%{http_host} ^www.aqee.net [NC]
Rewriterule ^ (. *) $ http://aqee.net/$1 [l,r=301]

5. Personalized error page
Customize your own personalized error page for each error code.
Copy Code code as follows:
ErrorDocument 401/error/401.php
ErrorDocument 403/error/403.php
ErrorDocument 404/error/404.php
ErrorDocument 500/error/500.php

6. Compressed Files
Optimize the speed of your Web site by compressing your file volume.
Copy Code code as follows:
# compress text, HTML, JavaScript, CSS, xml:
Addoutputfilterbytype DEFLATE Text/plain
Addoutputfilterbytype DEFLATE text/html
Addoutputfilterbytype DEFLATE Text/xml
Addoutputfilterbytype DEFLATE Text/css
Addoutputfilterbytype DEFLATE Application/xml
Addoutputfilterbytype DEFLATE Application/xhtml+xml
Addoutputfilterbytype DEFLATE Application/rss+xml
Addoutputfilterbytype DEFLATE Application/javascript
. Addoutputfilterbytype DEFLATE Application/x-javascript

7. Caching files
Caching files is another good way to improve the speed of your Web site access.
Copy Code code as follows:
<filesmatch ". (flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf) $ ">
Header set Cache-control "Max-age=2592000″
</FilesMatch>

8. Prohibit the use of caching for certain file types
On the other hand, you can also customize some file types to prohibit the use of caching.
Copy Code code as follows:
# Explicit rules prohibit the use of caching for scripts and other dynamic files
<filesmatch ". (pl|php|cgi|spl|scgi|fcgi) $ ">
Header unset Cache-control
</FilesMatch>

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.