Basic functions of. htaccess and related syntaxes

Source: Internet
Author: User
Tags error code time zones php file regular expression password protection

I. Basic functions of. htaccess

To enable. htaccess, you must modify httpd. conf, enable AllowOverride, and use AllowOverride to restrict the use of specific commands.
If you want to use a file name other than. htaccess, you can use the AccessFileName command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows:
AccessFileName. config

In general ,. htaccess can help us achieve the following: folder password protection, automatic user redirection, custom error pages, users who change your file extension, ban specific IP addresses, users who only allow specific IP addresses, and list of prohibited directories, and use other files as index files.


II. htaccess access control

1. Access control basics: Order Command

To restrict user access to some key directories, A. htaccess file is usually added, which is commonly written as follows:

<Files ~ "^. *. ([Ll] [Oo] [Gg]) | ([eE] [xX] [eE])">
Order allow, deny
Deny from all


(1) "regular expression" is enabled for the wavy line after Files, which can be written as follows: <Files *>.

(2) Order Command: With the Allow and Deny parameters, Apache first finds and applies the Allow command, and then applies the Deny Command to block all accesses. You can also use the Deny and Allow commands.

3. URL rewriting

The following is a simple example of URL rewriting rules:

# Enable RewriteEngine mode
RewriteEngine On
# Do not modify Rewrite system rules
RewriteRule ^ p/(%0-9%%%%%.html $ index. php? Post_id = $1
RewriteRule ^ u-(username | uid316-(.20.0000.html $ space. php? $1 = $2

RewriteEngine indicates that URL rewriting is enabled, and RewriteRule indicates that URL rewriting is enabled.

IV. Custom error pages
. One application of htaccess is a custom error page, which enables you to have your own personalized error page (for example, when a file cannot be found ), instead of the error pages provided by your service provider or without any pages. This will make your website look more professional when an error occurs. You can also use the script program to notify you when an error occurs (for example, automatically Email you when the page cannot be found ).
You can add the following text to the. htaccess file to convert any page error code you know (such as page 404 cannot be found) to a custom page:
ErrorDocument errornumber/file.html
For example, if my root directory contains a notfound.html file, I want to use it as the 404 error page:
ErrorDocument 404/notfound.html
If the file is not in the root directory of the website, you only need to set the path:
ErrorDocument 500/errorpages/500.html
The following are some of the most common errors:
401-Authorization Required needs verification
400-Bad request error request
403-Forbidden prohibited
500-Internal Server Error
404-Wrong page cannot find the page
Next, you only need to create a file displayed when an error occurs, and then upload them together with. htaccess.
●. Htaccess command
? Disable Directory List Display
Sometimes, for some reason, there is no index file in your Directory, which means that when someone typed the directory path in the address bar of the browser, all the files in the directory will be displayed, this will leave security risks to your website.
To avoid this situation (instead of creating a bunch of new index files), you can type the following command in your. htaccess document to prevent

Display the directory list:

? Block/allow specific IP addresses
In some cases, you may only want to allow users of certain IP addresses to access your website (for example, only users of specific ISPs can access a directory ), or you want to block some specific IP addresses (for example, isolate low-level users from outside your information layout ). Of course, this is only useful when you know the IP address you want to intercept. However, most users on the Internet use dynamic IP addresses, so this is not a common method to restrict the use of dynamic IP addresses.
You can use the following command to block an IP address:
Deny from
Here, is the banned IP address. If you specify only a few of them, you can block the IP address of the entire network segment. If you enter 210.10.56., ~ All IP addresses of
You can use the following command to allow an IP address to access a website:
Allow from
The allowed IP address is You can allow the entire network segment like the banned IP address.
If you want to prevent everyone from accessing this directory, you can use:
Deny from all
However, this does not affect the use of the files in this directory by the script program.

? Replace the index file
You may not want to use index.htmor index.html as the index file of the Directory. For example, if your site uses the php file, you may want to use index. php as the index document for this directory. Of course, you don't have to be limited to the "index" document. If you want to use. htaccess, you can even set foofoo. balh as your index document!
These replace index files can be arranged in a list, and the server will search from left to right to check which document exists in the real directory. If one cannot be found, it will display the directory list (unless you have disabled the display directory file list ).
DirectoryIndex index. php index. php3 messagebrd. pl index.html index.htm
? Redirection (rewrite)
One of the most useful features of. htaccess is to redirect requests to different documents within or outside the same site. This is extremely useful when you change the name of a file but still want users to access it with an old address. Another application (which I found useful) is redirected to a long URL. For example, in my newsletters, I can use a very short URL to point to my member link. The following is an example of a redirection file:
Redirect/location/from/root/file. ext http: // new/file/location. xyz
In the previous example, if the name of "maid" in the rootdirectory is "oldfile.html", you can type:
To access a file in an old sub-directory, enter:
You can also use. htaccess to redirect the entire website directory. Assume that your website has a directory named olddirectory, and you have created the same document on a new website, http: // newdirectory, you can redirect all files in the old directory without declaring them one by one:
Redirect/olddirectory http: // newdirectory
In this way, any request directed to the/olddirectory directory at the site will be directed again to the new site, including additional URL information. For example, someone typed:
Http: // olddirecotry/oldfiles/images/image.gif
The request will be redirected:
Http: // newdirectory/oldfiles/images/image.gif
This feature is extremely powerful if used correctly.

Share some common settings

1. Time zone settings
Sometimes, when you use the date or mktime function in PHP, it will display some strange information due to different time zones. The following is one of the solutions to this problem. Is to set the time zone of your server. You can find a list of all supported time zones here.

1. SetEnv TZ Australia/Melbourne

2. seo/seo.html "target =" _ blank "> search engine-friendly 301 permanent redirection method
Why is this search engine friendly? Because many modern search engines now have the ability to update their existing records permanently based on check 301.

1. Redirect 301
3. Download blocking dialog box
Generally, when you download a file, you will see a dialog box asking whether you want to keep the file or open it directly. If you don't want to see this, you can put the following code in your. htaccess file.

1. AddType application/octet-stream. pdf
2. AddType application/octet-stream. zip
3. AddType application/octet-stream. mov
4. The www prefix is omitted.
One principle of SEO is to ensure that your website has only one URL. Therefore, you need to turn all the access via www to non-www, or reverse this.

1. RewriteEngine On
2. RewriteBase/
3. RewriteCond % {HTTP_HOST} ^ [NC]
4. RewriteRule ^ (. *) $ [L, R = 301]
5. Personalized Error page
Customize custom error pages for each error code.

1. ErrorDocument 401/error/401.php
2. ErrorDocument 403/error/403.php
3. ErrorDocument 404/error/404.php
4. ErrorDocument 500/error/500.php
6. Compressed files
By compressing your file volume, you can optimize the website access speed.

1. # compress text, html, javascript, css, and xml:
2. AddOutputFilterByType DEFLATE text/plain
3. AddOutputFilterByType DEFLATE text/html
4. AddOutputFilterByType DEFLATE text/xml
5. AddOutputFilterByType DEFLATE text/css
6. AddOutputFilterByType DEFLATE application/xml
7. AddOutputFilterByType DEFLATE application/xhtml + xml
8. AddOutputFilterByType DEFLATE application/rss + xml
9. AddOutputFilterByType DEFLATE application/javascript
10. AddOutputFilterByType DEFLATE application/x-javascript
7. Cache files
Caching files is another good way to speed up your website access.

1. <FilesMatch ". (flv | gif | jpg | jpeg | png | ico | swf | js | css | pdf) $">
2. Header set Cache-Control "max-age = 2592000 & Prime;
3. </FilesMatch>
8. Disable caching for certain file types
On the other hand, you can also disable caching for certain file types.

1. # explicitly prohibit the use of cache for scripts and other dynamic files
2. <FilesMatch ". (pl | php | cgi | spl | scgi | fcgi) $">
3. Header unset Cache-Control
4. </FilesMatch>
Security questions
The following htaccess code can improve the security level of your web server. Image link theft protection is very useful, it can prevent others from using the image resources on your server.

1. Put leeching through. htaccess
Hate the image resources on your web server that steal links and consume your bandwidth? You can try this to prevent this from happening.

1. RewriteBase/
2. RewriteCond % {HTTP_REFERER }! ^ $
3. RewriteCond % {HTTP_REFERER }! ^ Http: // (www .)?*$ [NC]
4. RewriteRule. (gif | jpg | swf | flv | png) $/feed/[R = 302, L]
2. Anti-hacker
If you want to improve the security level of your website, you can remove the following lines of code to prevent hacker attack techniques that match common malicious URLs.

1. RewriteEngine On
3. # proc/self/environ? No!
4. RewriteCond % {QUERY_STRING} proc/self/environ [OR]
6. # prevent the script from attempting to modify the mosConfig value through URL
7. RewriteCond % {QUERY_STRING} mosConfig _ [a-zA-Z _] {1, 21} (= | % 3D) [OR]
9. # Block base64_encode junk information transmitted by the script through the URL
10. RewriteCond % {QUERY_STRING} base64_encode. * (. *) [OR]
12. # Block scripts with the <script> flag in the URL
13. RewriteCond % {QUERY_STRING} (<| % 3C). * script. * (>|% 3E) [NC, OR]
15. # Block scripts that attempt to set the GLOBALS variable of PHP Through URL
16. RewriteCond % {QUERY_STRING} GLOBALS (= | [| % [0-9A-Z] {0, 2}) [OR]
18. # Block scripts that attempt to set the PHP _ REQUEST variable through URL
19. RewriteCond % {QUERY_STRING} _ REQUEST (= | [| % [0-9A-Z] {0, 2 })
21. # Turn all blocked requests to the 403 Forbidden page!
22. RewriteRule ^ (. *) $ index. php [F, L]
3. Block access to your. htaccess file
The following code prevents others from accessing your. htaccess file. You can also block multiple file types.

1. # protect your htaccess file
2. <Files. htaccess>
3. order allow, deny
4. deny from all
5. </Files>
7. # Block the specified object from being viewed
8. <Files secretfile.jpg>
9. order allow, deny
10. deny from all
11. </Files>
13. # Multiple File types
14. <FilesMatch ". (htaccess | htpasswd | ini | phps | fla | psd | log | sh) $">
15. Order Allow, Deny
16. Deny from all
17. </FilesMatch>

Disable script execution to enhance Directory Security

1. # prohibit script execution permissions in some directories
2. AddHandler cgi-script. php. pl. py. jsp. asp. htm. shtml. sh. cgi
3. Options-ExecCGI

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.