The Apache Web server can manipulate various information through the. htaccess file, which is the default name for a directory-level configuration file, allowing for centralized WEB server configuration management. Can be used to override the global configuration of the server. The purpose of this file is to allow access control configurations for individual directories, such as passwords and content access.
1. The Index file of the custom catalog
DirectoryIndex index.html index.php index.htm
You can use the configuration above to change the default page of the directory, for example, if you put the script in the Foo directory, the user requests/foo/to access/foo/index.html.
2. Custom error page
ErrorDocument 404 errors/404.html
This is how you can do this when a user accesses a page with an error, such as a page that does not find the page you wish to display a custom bug. or a dynamic page:
ErrorDocument 404/psych/cgi-bin/error/error?404
3. Control the level of access to files and directories
. htaccess is often used to restrict and deny access to a file and directory, such as we have a includes folder, where some scripts are stored, we do not want users to directly access this folder, then the following script can be implemented:
# no one gets in Here!deny from all
The above script denies all access, and you can deny it according to the IP segment:
# no Nasty crackers in Here!order deny,allowdeny from Allallow to 192.168.0.0/24# this would do the same thing. #allow from 192.168.0
In general, these methods are handled through firewalls, but in a production environment, this is a convenient adjustment for the server.
Sometimes you just want to disable an IP access:
# someone else giving the ruskies a bad name: Order Allow,denydeny from 83.222.23.219allow to all
4. Modifying environment variables
The environment variable contains some extended information about the server-side CGI, which can be set using SETENV and Unsetenv, as well as de-provisioning.
SETENV site_webmaster "Jack sprat" SetEnv site_webmaster_uri mailto:[email protected] unsetenv REMOTE_ADDR
5.301 Redirects
If you want a page to jump to a new page:
Redirect 301/old/file.html http://yourdomain.com/new/file.html
The following can be implemented to redirect the entire path:
Redirectmatch 301/blog (. *) http://yourdomain.com/$1
6. Implementing cache policies through. htaccess
You can improve the performance of your Web site by setting up caching of static files on your browser:
# Year<filesmatch ". (ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4) $ ">header set Cache-control" public "Header set Expires" Thu, APR 2010 20 : 00:00 GMT "Header unset last-modified</filesmatch> #2 hours<filesmatch". (html|htm|xml|txt|xsl) $ ">header set Cache-control" max-age=7200, Must-revalidate "</FilesMatch>< FilesMatch ". (JS|CSS) $ ">setoutputfilter Deflateheader set Expires" Thu, APR 20:00:00 GMT "</FilesMatch>
7. Compressing the output using GZIP
Add the following code to the. htaccess to compress all CSS, JS, and HTML using the GZIP algorithm:
<ifmodule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file. (html?| TXT|CSS|JS|PHP|PL) $ mod_gzip_item_include Handler ^cgi-script$ mod_gzip_item_include mime ^text/.* Mod_gzi P_item_include mime ^application/x-javascript.* mod_gzip_item_exclude MIME ^image/.* mod_gzip_item_exclude Rspheader ^content-encoding:.*gzip.*</ifmodule>
Using the above code is a prerequisite for enabling the Mod_gzip module, you can use the following script to determine whether the WEB server provides mod_deflate support:
<Location> setoutputfilter DEFLATE setenvifnocase Request_uri. (?: gif|jpe?g|png) $ no-gzip dont-vary setenvifnocase Request_uri. (?: Exe|t?gz|zip|gz2|sit|rar) $ no-gzip dont-vary</location>
If the WEB server does not support Mod_deflate, you can use the following methods:
<filesmatch ". (txt|html|htm|php) "> Php_value output_handler ob_gzhandler</filesmatch>
8. Mandatory use of HTTPS access
Use the following script to force the entire Web site to be accessed by using https:
Rewriteengine Onrewritecond%{https}!onrewriterule (. *) Https://%{http_host}%{request_uri}
9. URL Rewriting
For example, to rewrite product.php?id=12 to product-12.html
Rewriteengine onrewriterule ^product-([0-9]+). html$ product.php?id=$1
Rewrite product.php?id=12 to product/ipod-nano/12.html
Rewriteengine onrewriterule ^product/([a-za-z0-9_-]+)/([0-9]+]. html$ product.php?id=$2
REDIRECT does not have www to the URL address with www:
Rewriteengine Onrewritecond%{http_host} ^viralpatel.net$rewriterule (. *) http://www.viralpatel.net/$1 [R=301,L]
Rewrite yoursite.com/user.php?username=xyz to yoursite.com/xyz
Rewriteengine onrewriterule ^ ([a-za-z0-9_-]+) $ user.php?username=$1rewriterule ^ ([a-za-z0-9_-]+)/$ user.php? Username=$1
Redirect a domain name to a new subfolder in the public_html:
Rewriteengine Onrewritecond%{http_host} ^test.com$ [Or]rewritecond%{http_host} ^www.test.com$rewritecond%{REQUEST_ URI}!^/new/rewriterule (. *)/new/$1
10. Block listing of directory files
Use the following code to prevent all files in the list directory:
Options-indexes
Or
Indexignore *
11. Add a new Mime-types
Mime-types dependent on file extension, file extension not recognized as text data transfer
AddType application/x-endnote-connection enzaddtype application/x-endnote-filter enfAddType application/ X-spss-savefile sav
12. Anti-theft chain
You do not want others to refer to the site of your station images, CSS and other static files, which is the legendary anti-theft chain, you can use the following script:
Rewritecond%{http_referer}!^ $RewriteCond%{request_uri}!^/(wp-login.php|wp-admin/|wp-content/plugins/| wp-includes/). * [Nc]rewritecond%{http_referer}!^http://www.askapache.com.*$ [Nc]rewriterule. (ICO|PDF|FLV|JPG|JPEG|MP3|MPG|MP4|MOV|WAV|WMV|PNG|GIF|SWF|CSS|JS) $-[f,ns,l]
13. Specify the size limit of the upload file for PHP
Php_value upload_max_filesize 20mphp_value post_max_size 20mphp_value max_execution_time 200php_value max_input_time 200
In the above script, with four parameters to set the limit of the upload file, the first parameter is the size of the file, the second is the size of the POST data, the third is the transmission time (in seconds), the last is to parse the upload data time spent (in seconds)
14. Prohibit script execution
Options-execcgiaddhandler cgi-script. php. pl. py. jsp. asp. htm. shtml. Sh. CGI
15. Modifying the character set and language header
Adddefaultcharset utf-8defaultlanguage en-US
16. Set the server time zone (GMT)
SETENV TZ America/indianapolis
17. Force "File Save as" prompt
AddType application/octet-stream. avi. mpg. mov. pdf. xls. mp4
18. Protect Individual files
Under normal circumstances. htaccess can be used to restrict access to an entire directory, but you can restrict only one file:
<files Quiz.html>order Deny,allowdeny from Allauthtype basicauthname "characterology Student Authcate" AuthLDAP Onauthldapserver ldap://directory.characterology.com/authldapbase "Ou=student, o=characterology University, C=au" Require valid-usersatisfy any</files>
19. Setting Cookies
Setting cookies with Environment variables
Header set Set-cookie "LANGUAGE=%{LANG}E; path=/; "Env=lang
Based on the request setting cookie, the code sends the Set-cookie header to set the cookie value to match in the second parenthesis
Rewriteengine onrewritebase/rewriterule ^ (. *) (De|es|fr|it|ja|ru|en)/$-[co=lang:$2:.yourserver.com:7200:/]
20. Setting a custom response Headers
Header set P3P "policyref=" Http://www.askapache.com/w3c/p3p.xml "header set X-pingback" http://www.askapache.com/ xmlrpc.php "header set Content-language" en-US "header set Vary" Accept-encoding "
21. Block requests According to User-agent
Setenvifnocase ^user-agent$. * (craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher| Collector|grabber|webpictures) http_safe_badbotsetenvifnocase ^user-agent$. * (Libwww-perl|aesop_com_spiderman) Http_safe_badbotdeny from Env=http_safe_badbot
: horizontal where ' s blog» common. htaccess Tips for use
Common. htaccess Use tips reproduced