Common. htaccess Use tips reproduced

Source: Internet
Author: User
Tags set set

The Apache Web server can manipulate various information through the. htaccess file, which is the default name for a directory-level configuration file, allowing for centralized WEB server configuration management. Can be used to override the global configuration of the server. The purpose of this file is to allow access control configurations for individual directories, such as passwords and content access.

1. The Index file of the custom catalog

DirectoryIndex index.html index.php index.htm

You can use the configuration above to change the default page of the directory, for example, if you put the script in the Foo directory, the user requests/foo/to access/foo/index.html.

2. Custom error page

ErrorDocument 404 errors/404.html

This is how you can do this when a user accesses a page with an error, such as a page that does not find the page you wish to display a custom bug. or a dynamic page:

ErrorDocument 404/psych/cgi-bin/error/error?404

3. Control the level of access to files and directories

. htaccess is often used to restrict and deny access to a file and directory, such as we have a includes folder, where some scripts are stored, we do not want users to directly access this folder, then the following script can be implemented:

# no one gets in Here!deny from all

The above script denies all access, and you can deny it according to the IP segment:

# no Nasty crackers in Here!order deny,allowdeny from Allallow to 192.168.0.0/24# this would do the same thing. #allow from 192.168.0

In general, these methods are handled through firewalls, but in a production environment, this is a convenient adjustment for the server.

Sometimes you just want to disable an IP access:

# someone else giving the ruskies a bad name: Order Allow,denydeny from 83.222.23.219allow to all

4. Modifying environment variables

The environment variable contains some extended information about the server-side CGI, which can be set using SETENV and Unsetenv, as well as de-provisioning.

SETENV site_webmaster "Jack sprat" SetEnv site_webmaster_uri mailto:[email protected] unsetenv REMOTE_ADDR

5.301 Redirects

If you want a page to jump to a new page:

Redirect 301/old/file.html http://yourdomain.com/new/file.html

The following can be implemented to redirect the entire path:

Redirectmatch 301/blog (. *) http://yourdomain.com/$1

6. Implementing cache policies through. htaccess

You can improve the performance of your Web site by setting up caching of static files on your browser:

# Year<filesmatch ". (ico|pdf|flv|jpg|jpeg|png|gif|swf|mp3|mp4) $ ">header set Cache-control" public "Header set Expires" Thu, APR 2010 20 : 00:00 GMT "Header unset last-modified</filesmatch> #2 hours<filesmatch". (html|htm|xml|txt|xsl) $ ">header set Cache-control" max-age=7200, Must-revalidate "</FilesMatch>< FilesMatch ". (JS|CSS) $ ">setoutputfilter Deflateheader set Expires" Thu, APR 20:00:00 GMT "</FilesMatch>

7. Compressing the output using GZIP

Add the following code to the. htaccess to compress all CSS, JS, and HTML using the GZIP algorithm:

<ifmodule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file. (html?| TXT|CSS|JS|PHP|PL) $ mod_gzip_item_include Handler ^cgi-script$ mod_gzip_item_include mime ^text/.* Mod_gzi  P_item_include mime ^application/x-javascript.* mod_gzip_item_exclude MIME ^image/.* mod_gzip_item_exclude Rspheader ^content-encoding:.*gzip.*</ifmodule>

Using the above code is a prerequisite for enabling the Mod_gzip module, you can use the following script to determine whether the WEB server provides mod_deflate support:

<Location> setoutputfilter DEFLATE setenvifnocase Request_uri. (?: gif|jpe?g|png) $ no-gzip dont-vary setenvifnocase Request_uri. (?: Exe|t?gz|zip|gz2|sit|rar) $ no-gzip dont-vary</location>

If the WEB server does not support Mod_deflate, you can use the following methods:

<filesmatch ". (txt|html|htm|php) "> Php_value output_handler ob_gzhandler</filesmatch>

8. Mandatory use of HTTPS access

Use the following script to force the entire Web site to be accessed by using https:

Rewriteengine Onrewritecond%{https}!onrewriterule (. *) Https://%{http_host}%{request_uri}

9. URL Rewriting

For example, to rewrite product.php?id=12 to product-12.html

Rewriteengine onrewriterule ^product-([0-9]+). html$ product.php?id=$1

Rewrite product.php?id=12 to product/ipod-nano/12.html

Rewriteengine onrewriterule ^product/([a-za-z0-9_-]+)/([0-9]+]. html$ product.php?id=$2

REDIRECT does not have www to the URL address with www:

Rewriteengine Onrewritecond%{http_host} ^viralpatel.net$rewriterule (. *) http://www.viralpatel.net/$1 [R=301,L]

Rewrite yoursite.com/user.php?username=xyz to yoursite.com/xyz

Rewriteengine onrewriterule ^ ([a-za-z0-9_-]+) $ user.php?username=$1rewriterule ^ ([a-za-z0-9_-]+)/$ user.php? Username=$1

Redirect a domain name to a new subfolder in the public_html:

Rewriteengine Onrewritecond%{http_host} ^test.com$ [Or]rewritecond%{http_host} ^www.test.com$rewritecond%{REQUEST_ URI}!^/new/rewriterule (. *)/new/$1

10. Block listing of directory files

Use the following code to prevent all files in the list directory:

Options-indexes

Or

Indexignore *

11. Add a new Mime-types

Mime-types dependent on file extension, file extension not recognized as text data transfer

AddType application/x-endnote-connection enzaddtype application/x-endnote-filter enfAddType application/ X-spss-savefile sav

12. Anti-theft chain

You do not want others to refer to the site of your station images, CSS and other static files, which is the legendary anti-theft chain, you can use the following script:

Rewritecond%{http_referer}!^ $RewriteCond%{request_uri}!^/(wp-login.php|wp-admin/|wp-content/plugins/| wp-includes/). * [Nc]rewritecond%{http_referer}!^http://www.askapache.com.*$ [Nc]rewriterule. (ICO|PDF|FLV|JPG|JPEG|MP3|MPG|MP4|MOV|WAV|WMV|PNG|GIF|SWF|CSS|JS) $-[f,ns,l]

13. Specify the size limit of the upload file for PHP

Php_value upload_max_filesize 20mphp_value post_max_size 20mphp_value max_execution_time 200php_value max_input_time 200

In the above script, with four parameters to set the limit of the upload file, the first parameter is the size of the file, the second is the size of the POST data, the third is the transmission time (in seconds), the last is to parse the upload data time spent (in seconds)

14. Prohibit script execution

Options-execcgiaddhandler cgi-script. php. pl. py. jsp. asp. htm. shtml. Sh. CGI

15. Modifying the character set and language header

Adddefaultcharset utf-8defaultlanguage en-US

16. Set the server time zone (GMT)

SETENV TZ America/indianapolis

17. Force "File Save as" prompt

AddType application/octet-stream. avi. mpg. mov. pdf. xls. mp4

18. Protect Individual files

Under normal circumstances. htaccess can be used to restrict access to an entire directory, but you can restrict only one file:

<files Quiz.html>order Deny,allowdeny from Allauthtype basicauthname "characterology Student Authcate" AuthLDAP Onauthldapserver ldap://directory.characterology.com/authldapbase "Ou=student, o=characterology University, C=au" Require valid-usersatisfy any</files>

19. Setting Cookies

Setting cookies with Environment variables

Header set Set-cookie "LANGUAGE=%{LANG}E; path=/; "Env=lang

Based on the request setting cookie, the code sends the Set-cookie header to set the cookie value to match in the second parenthesis

Rewriteengine onrewritebase/rewriterule ^ (. *) (De|es|fr|it|ja|ru|en)/$-[co=lang:$2:.yourserver.com:7200:/]

20. Setting a custom response Headers

Header set P3P "policyref=" Http://www.askapache.com/w3c/p3p.xml "header set X-pingback" http://www.askapache.com/ xmlrpc.php "header set Content-language" en-US "header set Vary" Accept-encoding "

21. Block requests According to User-agent

Setenvifnocase ^user-agent$. * (craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher| Collector|grabber|webpictures) http_safe_badbotsetenvifnocase ^user-agent$. * (Libwww-perl|aesop_com_spiderman) Http_safe_badbotdeny from Env=http_safe_badbot

: horizontal where ' s blog» common. htaccess Tips for use

Common. htaccess Use tips reproduced

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.