Distributed configuration file. htaccess

Working Principle and usage
. The htaccess file (or "distributed configuration file" provides a way to change the configuration of directories, that is, to place a file containing one or more commands in a specific document directory, to act on this directory and all its subdirectories.
Note: To use a file name other than. htaccess, you can use the accessfilename command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows:
Accessfilename. config

 

The commands allowed to be placed in these files depend on the AllowOverride command, which determines which commands in the. htaccess file are valid by type. If a command can be placed in. in the htaccess file, the instruction in this Manual contains an overwrite section, which describes the value that must be set in the AllowOverride command for this instruction to take effect.
For example, the description of the adddefacharcharset command in this Manual indicates that this command can be used. the htaccess file (see the context line), while the override line is "fileinfo. if this command is valid in htaccess, at least "AllowOverride fileinfo" must be set ".
Example:
Context: Server config, virtual host, directory,. htaccess
Override: fileinfo
If you cannot determine whether a specific command is allowed to be used in the. htaccess file, you can refer to the instructions in the manual to see if ". htaccess." exists in the context ("context") line .".

 

. Htaccess can do a lot of things, including: folder password protection, automatic user redirection, custom error pages, users who change your file extension, ban specific IP addresses, users who only allow specific IP addresses, and list of prohibited directories, and use other files as index files.

Create a. htaccess document

Creating a. htaccess file may bring you some difficulties. It is easy to write files. You only need to write the appropriate code in the Text Editor (for example, WordPad. The real difficulty may be the file storage, because. htaccess is an odd file name (it does not actually have a file name and only has an extension consisting of eight letters), which cannot be accepted in some systems (such as Windows 3.1. In most operating systems, what you need to do is to save the document as follows:

". Htaccess"

(Including quotation marks ). If so, you should first name it as its nickname (for example, htaccess.txt), then upload it to the server, and then rename it using FTP software.

Authentication example
If you want to know how to authenticate your password, you can start from here. There is a common misunderstanding that password authentication must be used. this is not the case with the htaccess file. Placing authentication commands in the <directory> segment of the master server configuration file is a better method. The. htaccess file should only be used when you do not have access to the master server configuration file. For more information, see. htaccess.
If you still need to use the. htaccess file, see the following description.
You must set "AllowOverride authconfig" to allow these commands to take effect.
. Htaccess file content:
Authtype basic
Authname "Password required"
Authuserfile/www/passwords/password. File
Authgroupfile/www/passwords/group. File
Require group admins
Note: AllowOverride authconfig must be set to allow these commands to take effect.
For more details about identity recognition and authentication, see authentication tutorial.

 

Custom error page

I want to introduce. the first application of htaccess is a custom error page, which allows you to have your own personalized error page (for example, when a file cannot be found ), it is not the error page provided by your service provider or there is no page. This will make your website look more professional when an error occurs. You can also use the script program to notify you when an error occurs (for example, I use the free webmaster help PHP script program and automatically email me when the page cannot be found ).

You can add the following text to the. htaccess file to convert any page error code you know (such as page 404 cannot be found) to a custom page:

Errordocument errornumber/file.html

For example, if my root directory contains a notfound.html file, I want to use it as the 404 error page:

Errordocument 404/notfound.html

If the file is not in the root directory of the Website, you only need to set the path:

Errordocument 500/errorpages/500.html

The following are some of the most common errors:

401-authorization required needs verification
400-bad request error request
403-Forbidden prohibited
500-Internal Server Error
404-Wrong page cannot find the page

Next, you only need to create a file displayed when an error occurs, and then upload them together with. htaccess.

 

Show the Directory List

Sometimes, for some reason, there is no index file in your directory, which means that when someone typed the directory path in the address bar of the browser, all the files in the directory will be displayed, this will leave security risks to your website.

To avoid this situation (instead of creating a bunch of new index files), you can type the following command in your. htaccess document to prevent the display of the Directory List:

Options-Indexes

URL redirection
We may have re-planned the website, migrated the document, or changed the directory. At this time, access from search engines or other websites may fail. In this case, you can use the following command to automatically redirect the old URL to the new address:

Redirect/old directory/address of the new document with the old document name
Or the entire directory's redirection:
New directory in the old redirect directory

You can also use. htaccess to redirect the entire website directory. Assume that you have a directory named olddirectory on your website, and you have logged on to a new website:

Redirect/olddirectory http://www.newsite.com/newdirectory

In this way, any request directed to the/olddirectory directory at the site will be directed again to the new site, including additional URL Information. For example, someone typed:

Http://www.youroldsite.com/olddirecotry/oldfiles/images/image.gif

The request will be redirected:

Http://www.newsite.com/newdirectory/oldfiles/images/image.gif

This feature is extremely powerful if used correctly.

Change the default homepage File
In general, the default homepage file names include default and index. However, sometimes there is no default file in the directory, but a specific file name, such as pmwiki. php In pmwiki. In this case, it is very difficult for users to remember the file name for access. You can easily set a new default file name in. htaccess:
New default file name of directoryindex
You can also list multiple priorities in sequence, for example:
Directoryindex filename.html index. cgi index. pl default.htm

 

Protect. htaccess documents
When you use. htaccess to set password protection for a directory, it contains the path of the password file. In terms of security, it is necessary to protect. htaccess from being visible to others. Although this can be done in other ways, such as document permissions. However,. htaccess can also be achieved by adding the following command:
<Files. htaccess>
Order allow, deny
Deny from all
</Files>

 

Advantages and disadvantages: double-edged sword

Generally, the. htaccess file should not be used unless you have no access permission to the configuration file of the master server. There is a common misunderstanding that user authentication can only pass. htaccess file implementation, but this is not the case. It is feasible to write user authentication in the master server configuration, and it is a good method.
When the content provider needs to change the server configuration in the directory but has no root permission on the server system, The. htaccess file should be used. If the server administrator is unwilling to modify the configuration frequently, the user can pass. the htaccess file modifies the configuration by itself, especially when the ISP hosts multiple user sites on a machine and wants the user to change the configuration by themselves.
Even so, we should avoid using the. htaccess file as much as possible. Any configuration that you want to put in the. htaccess file can be placed in the <directory> segment of the master server, and it is more efficient.
There are two main reasons to avoid using the. htaccess file.
First, performance. If AllowOverride allows the. htaccess file, Apache needs to search for the. htaccess file in each directory. Therefore, whether or not the. htaccess file is actually used or not, the performance will decrease. In addition, you must read the. htaccess file every time you request a page.
In addition, Apache must be found in all more advanced directories. htaccess file to make all valid commands take effect (see how ctictives are applied .), therefore, if you have a request for a page in/www/htdocs/example, Apache must search for the following files:
/. Htaccess
/Www/. htaccess
/Www/htdocs/. htaccess
/Www/htdocs/example/. htaccess
In addition, there are four additional file systems for access to each file other than this directory, even if these files do not exist. (Note that this may only happen when/permits the use of. htaccess files, although this is not the case .)
Second, security. In this way, the user is allowed to modify the server configuration, which may lead to unlimitedly modified modifications. Please carefully consider whether to grant such privileges to the user. However, if users are given fewer privileges but cannot meet their needs, additional technical support requests will be generated. Therefore, users must be explicitly notified of their permissions, describe the value set by AllowOverride and guide them to the corresponding instructions to avoid much trouble in the future.
Note: In the/www/htdocs/example directory. put commands in the htaccess file, which is equivalent to placing the same commands in the <directory/www/htdocs/example> section of the master server configuration file. :
. Htaccess in/www/htdocs/example:
Content of the. htaccess file in/www/htdocs/Example
Addtype text/example. exm
Segments in the httpd. conf file
<Directory/www/htdocs/example>
Addtype text/example. exm
</Directory>
However, it is more efficient to place this configuration in the server configuration file, because it only needs to be read once at Apache startup, rather than every time when there is a file request.
Setting AllowOverride to "NONE" completely disables the. htaccess file.
AllowOverride none