What is. htaccess?
. The htaccess file (or "distributed configuration file") provides a method for changing the configuration of directories, that is, to place a file containing one or more commands in a specific document directory, to act on this directory and all its subdirectories. As a user, the commands that can be used are restricted. The administrator can set the parameter through the AllowOverride command of Apache.
In summary, the htaccess file is a configuration file on the Apache server, which is responsible for the web page configuration under the relevant directory. The htaccess file can help us achieve: webpage 301 redirection, custom 404 error pages, changing file extensions, allowing/blocking access to specific users or directories, forbidding directory lists, and configuring default documents.
To enable. htaccess, you must modify httpd. conf, enable AllowOverride, and use AllowOverride to restrict the use of specific commands. If you want to use a file name other than. htaccess, you can use the AccessFileName command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows: AccessFileName. config.
In general ,. htaccess can help us achieve the following: folder password protection, automatic user redirection, custom error pages, users who change your file extension, ban specific IP addresses, users who only allow specific IP addresses, and list of prohibited directories, and use other files as index files.
Working Principle
. The htaccess file (or "distributed configuration file") provides a method for changing the configuration of each directory, that is, to place a file containing commands in a specific directory, the commands act on this directory and all its subdirectories.
Note:
If you want to use a file name other than. htaccess, you can use the AccessFileName command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows:
AccessFileName. config
Generally, the. htaccess file uses the same configuration syntax as the main configuration file. The AllowOverride command determines which commands in the. htaccess file are valid by type. If a command allows. in htaccess, the instruction in this manual contains an overwrite section, which describes the value that must be set in AllowOverride for this instruction to take effect.
(No) use of. htaccess files
Generally, the. htaccess file should not be used unless you have no access permission to the master configuration file. There is a common misunderstanding that user authentication can only pass. the htaccess file implementation is not like this. It is feasible to write user authentication in the main configuration file, and it is a good method.
The. htaccess file should be used when the content provider needs to change the server configuration for a specific directory without the root permission. If the server administrator is unwilling to modify the configuration frequently, the user can pass. the htaccess file modifies the configuration by itself, especially when the ISP runs multiple user sites on the same machine, and you want to change the configuration by yourself.
Even so, we should avoid using the. htaccess file as much as possible. Any configuration that you want to put in the. htaccess file can be placed in the <Directory> segment of the main configuration file, and it is more efficient.
There are two main reasons to avoid using the. htaccess file.
First, performance. If AllowOverride enables the. htaccess file, Apache needs to find the. htaccess file in each directory. Therefore, whether or not it is actually used, enabling. htaccess will lead to performance degradation. In addition, you must read the. htaccess file once for each request.
In addition, Apache must be located in the directory of all superiors. the htaccess file to make all valid commands take effect (see the command takes effect). Therefore, if you request a page in/www/htdocs/example, Apache must find the following file:
/. Htaccess/www/. htaccess/www/htdocs/. htaccess/www/htdocs/example/. htaccess
A total of four additional files are required to be accessed, even if none of these files exist. (Note that this may only be because the root directory "/" is allowed to use. htaccess, although this is not the case .)
Second, security. This will allow users to modify their own server configurations, which may lead to some unexpected modifications, so please carefully consider whether such privileges should be given to users. However, if users are given fewer privileges but cannot meet their needs, additional technical support requests will be generated. Therefore, users must be explicitly notified of their permissions, describe the value set by AllowOverride and guide them to the corresponding instructions to avoid a lot of trouble in the future.
Note: in the/www/htdocs/example Directory. placing commands in the htaccess file is equivalent to placing the same commands in the <Directory/www/htdocs/example> section of the main configuration file.
The content of the. htaccess file in the/www/htdocs/example Directory:
AddType text/example. exm
Extracted content from the httpd. conf file:
<Directory/www/htdocs/example>
AddType text/example. exm
</Directory>
However, it is more efficient to put the configuration in the main configuration file, because it only needs to be read once at Apache startup, rather than every time the file is requested.
Setting AllowOverride to none completely disables the. htaccess file:
AllowOverride None
Scope of action
Configuration in the. htaccess fileThe command acts on. the directory where the htaccess file is located and all its subdirectories. However, it is important to note that its parent directory may also exist. the htaccess file, and the commands take effect in order of search, so the command under a specific directory. commands in the htaccess file may overwrite the commands in the parent directory. commands in the htaccess file, that is, the commands in the subdirectory overwrite the commands in the parent directory or main configuration file.
Troubleshooting
If some commands in the. htaccess file do not work, there may be multiple reasons.
The most common cause is that the AllowOverride command is not correctly set. Make sure that AllowOverride None is not set for this file region. A good test method is to add meaningless junk content to the. htaccess file. If the server does not return an error message, it can be concluded that AllowOverride None is set.
When accessing the document, if you receive an error message from the server, check the Apache error log. which commands in the htaccess file are not allowed, and you may find the syntax errors to be corrected.
. Htaccess tool
Friends who won't write, here we will introduce a very good. htaccess redirection-URL rewriting tool rewriting-tool
---------------------------
Htaccess syntax tutorial
RewriteEngine On
RewriteCond % {HTTP_HOST} ^ (www \.)? Xxx \. com $
RewriteCond % {REQUEST_URI }! ^/Blog/
RewriteCond % {REQUEST_FILENAME }! -F
RewriteCond % {REQUEST_FILENAME }! -D
RewriteRule ^ (. *) $/blog/$1
# If no file name is input, it is sent to the homepage by default.
RewriteCond % {HTTP_HOST} ^ (www \.)? Xxx \. com $
RewriteRule ^ (/)? $ Blog/index. php [L]
Next I will explain the above:
[RewriteEngine On]
Indicates that the rewrite engine is enabled and off. The function is to conveniently enable or disable the following statements, so that a comment statement is not required.
[RewriteCond % {HTTP_HOST} ^ (www \.)? Xxx \. com $]
This is a rewrite condition. The preceding % {HTTP_HOST} indicates the current website address, which only refers to the prefix. The format is www.xxx.com and does not include "http: //" or "/". ^ indicates the start of the string, $ indicates the end of the string ,\. escape ., if you do not want to escape it, we recommend that you escape it to prevent some servers from not supporting it ,? It indicates that www \. Appears 0 times or 1 time in front of the brackets. This rule means that if the URL accessed is xxx.com or www.xxx.com, the following statement is executed. If the URL does not match, the statement is skipped.
[RewriteCond % {REQUEST_URI }! ^/Blog /]
It is also a rewriting condition. % {REQUEST_URI} indicates the relative address of the access, that is, the address of the relative root directory, that is, the domain name/the following component. The format includes the first "/",! This statement indicates that the access address does not start with/blog/, but starts with ^ and does not end with $
[RewriteCond % {REQUEST_FILENAME }! -F]
[RewriteCond % {REQUEST_FILENAME }! -D]
The two statements mean that the requested file or path does not exist. If the file or path exists, an existing file or path will be returned.
[RewriteRule ^ (. *) $/blog/$1]
Rewrite rules, the most important part, means that when all the above RewriteCond conditions are met, the rewrite rule will be executed, ^ (. *) $ is a regular expression match, matching the URL of the current request, ^ (. *) $ indicates matching any character of the current URL ,. represents any single character. * indicates that the string matches 0 or N times (N> 0), followed by/blog/$1 as the rewriting component, it means to rewrite the matched character to/blog/$1. This $1 indicates reverse matching and references the component of the first parentheses, that is, ^ (. *) $. * In fact, there will be a problem, which will be discussed later.
[RewriteCond % {HTTP_HOST} ^ (www \.)? Xxx \. com $]
[RewriteRule ^ (/)? $ Blog/index. php [L]
The two statements mean that the requested host address is www.xxx.com. If there are only 0 or 1 "/" at the end of the address, it will be rewritten to the home page under the subdirectory, I guess this is mainly because the rewritten address cannot automatically search for the home page, and you need to specify it yourself.
Now let's talk about the problem. The first part of RewriteRule ^ (. *) $/blog/$1 ^ (. *) $ will match the url of the current request.
For example, the request URL is.
The answer is: according to the RewriteBase rules, if rewritebase is/, it will match a.html without the front backslash. Therefore, the previous statement should be written as RewriteRule ^ (. *) $ blog/$1 (without/), but it can also be used to bring the forward backslash in actual applications. Now the problem arises. If rewritebase is not set to/, the whole website will be matched at http://www.xxx.com/a.html. This is an error, and the corresponding rewitebase/
Another problem is that each user cannot input a URL in lowercase. If the URL is entered in uppercase, the linux system is case sensitive, therefore, [NC] should be added after RewriteCond to ignore case sensitivity.
At this point, the complete statement should be:
RewriteEngine On
RewiteBase/
RewriteCond % {HTTP_HOST} ^ (www \.)? Xxx \. com $ [NC]
RewriteCond % {REQUEST_URI }! ^/Blog/
RewriteCond % {REQUEST_FILENAME }! -F
RewriteCond % {REQUEST_FILENAME }! -D
RewriteRule ^ (. *) $ blog/$1
# If no file name is input, it is sent to the homepage by default.
RewriteCond % {HTTP_HOST} ^ (www \.)? Xxx \. com $ [NC]
RewriteRule ^ (/)? $ Blog/index. php [L]
If the statement is still followed, the last [L] should not be added, because this indicates the meaning of the last statement.
RewiteBase/must be added to the anti-Leech statement as follows:
RewriteEngine on
RewiteBase/
RewriteCond % {HTTP_REFERER }! ^ $ [NC]
RewriteCond % {HTTP_REFERER }! Xxx.info [NC]
RewriteRule \. (jpg | gif | png | bmp | swf | jpeg) $/error/daolian.gif [R, NC, L]
If the statement is still followed, the final [L] and/error/daolian.gif should not be added as the image displayed when someone else leeching.
The following are simple syntax rules and flags.
[RewriteCond syntax]
RewriteCond TestString CondPattern [flags]
Other usage of rewritecond:
"-D" (directory)
Treat TestString as a path name and test whether it is an existing directory.
-F (regular file)
Treat TestString as a path name and test whether it is an existing regular file.
-S (non-empty regular files)
Consider TestString as a path name and test whether it is an existing regular file with a size greater than 0.
"-L" (symbolic connection)
Treat TestString as a path name and test whether it is an existing symbolic connection.
"-X" (executable)
Treat TestString as a path name and test whether it is an existing file with executable permissions. This permission is detected by the operating system.
"-F" (the file that exists in the subrequest)
Check whether TestString is a valid file and can be accessed under the current access control configuration of the server. It uses an internal sub-request for Check. Please use it with caution because it will reduce the server performance!
"-U" (the URL of the child request)
Check whether TestString is a valid URL and can be accessed under the current access control configuration of the server. It uses an internal sub-request for Check. Please use it with caution because it will reduce the server performance!
[RewriteRule syntax :]
RewriteRule Pattern Substitution [flags]
[Flags]
"Chain | C" (link to the next rule)
This flag links the current rule to the next rule. It produces the following effect: if a rule is matched, the subsequent rule is processed, that is, the tag does not work. If the rule is not matched, the subsequent rules are skipped. For example, when executing an external redirection in a directory-level rule, you may need to delete ". www" (". www" should not appear here ").
"Cookie | CO = NAME: VAL: domain [: lifetime [: path]" (set cookie)
Set a cookie on the client. The cookie NAME is NAME and the value is VAL. Domain is the cookie's domain, such as ".apache.org". The optional life time is the cookie's validity period (in minutes), and the optional path is the cookie's path.
"Env | E = VAR: VAL" (set environment variables)
This flag sets the environment variable VAR value to VAL, which can contain extensible regular expressions for reverse reference ($ N and % N ). This tag can be used multiple times to set multiple variables. These variables can be indirectly referenced in many cases, usually in XSSI (<! -# Echo var = "VAR"->) or CGI ($ ENV {"VAR"}), you can also use % {ENV in the CondPattern parameter of the subsequent RewriteCond command: VAR} references. You can use it to remember the information stripped from the URL.
"Forbidden | F" (forcibly forbid URLs)
The current URL is forcibly forbidden, that is, an HTTP response code 403 (forbidden) is immediately reported ). With this tag, you can link several RewriteConds to block certain URLs with conditions.
"Gone | G" (forcibly deprecated URL)
Force the current URL to be obsolete, that is, an HTTP response code 410 (obsolete) is immediately reported ). Use this tag to indicate that the page has been deprecated and does not exist.
"Handler | H = Content-handler" (mandatory Content processor)
The Content processor of the target file is Content-handler. For example, it is used to simulate the ScriptAlias command of the mod_alias module to force all files in the ing folder to be processed by the cgi-script processor.
"Last | L" (ending rule)
Stop the rewrite operation immediately and no other rewrite rules will be applied. It corresponds to the last command in Perl or the break command in C language. This flag is used to prevent a URL that has been rewritten from being overwritten by a subsequent rule. For example, you can use it to rewrite the root path URL ("/") to an existing URL (for example, "/e/www /").
"Next | N" (start from scratch)
Re-execute the rewrite operation (starting from the first rule ). At this time, the URL processed again is not the original URL, but the URL processed by the last rewrite rule. It corresponds to the next command in Perl or the continue command in C language. This flag allows you to re-start the rewrite operation (immediately return to the beginning of the loop ). But be careful not to create an endless loop!
"Nocase | NC" (case insensitive)
It causes Pattern to be case-insensitive, that is, when Pattern matches the current URL, there is no difference between "A-Z" and "a-z.
"Noescape | NE" (do not escape URI in the output)
This flag prevents mod_rewrite from applying regular URI escape rules to rewrite results. In general, special characters ("%", "$", ";", etc.) will be escaped as equivalent hexadecimal encoding ("% 25 & prime ;, "% 24 & prime;," % 3B ", etc ). This mark can prevent such escaping to allow symbols such as percent signs to appear in the output, for example:
RewriteRule/foo/(. *)/bar? Arg = P1 \ % 3d $1 [R, NE]
Can I redirect "/foo/zed to a secure request"/bar? Arg = P1 = zed ".
"Nosubreq | NS" (internal subrequests are not processed)
When the current request is an internal subrequest, This flag forces the rewrite engine to skip this rewrite rule. For example, when mod_include tries to search for the default directory file (index. xxx), Apache will generate a subrequest internally. For a subrequest, the rewrite rule is not necessarily useful. If the entire rule set takes effect, it may even cause an error. Therefore, you can use this tag to exclude certain rules.
Usage principle: if you add a CGI script prefix to the URL to force them to be processed by the CGI script, but the error rate (or resource overhead) of the sub-request processing is very high, in this case, you can use this tag.
"Proxy | P" (forced as a proxy)
This flag forces the replacement component internally to be sent as a proxy request, and immediately interrupts the rewrite processing, and then transfers the processing to the mod_proxy module. You must ensure that the replacement string is a valid URI that can be processed by mod_proxy (for example, starting with http: // hostname). Otherwise, an error will be returned by the proxy module. Using this tag, you can map some remote components to the domain name space of the local server, thus enhancing the ProxyPass command function.
Note: To use this function, you must have enabled the mod_proxy module.
"Passthrough | PT" (handed over to the next processor)
The force rewrite engine sets the uri field in the internal request_rec structure as the value of the filename field. This small modification allows the output of the RewriteRule command to be (converted from URI to file name) Alias, scriptAlias, Redirect and other commands for subsequent processing [Original: This flag is just a hack to enable post-processing of the output of RewriteRule directives, using Alias, ScriptAlias, Redirect, and other directives from various URI-to-filename translators.]. For example, if you want to rewrite/abc to/def and then use mod_alias to convert/def to/ghi, you can do this:
RewriteRule ^/abc (. *)/def $1 [PT]
Alias/def/ghi
If the PT tag is omitted, although the uri =/abc /... Rewrite to filename =/def /... But the subsequent mod_alias attempts to convert the URI to the file name will fail.
Note: If you need to use multiple modules to convert URIs to file names, you must use this tag .. The mixed use of mod_alias and mod_rewrite is a typical example.
"Qsappend | QSA" (append query string)
This flag forces the rewrite engine to append a query string to an existing replacement string, instead of simply replacing it. If you need to add information to the request string by using the rewrite rule, you can use this flag.
"Redirect | R [= code]" (force redirect)
If the Substitution starts with http: // thishost [: thisport]/(to make the new URL a URI), an external redirection can be executed forcibly. If no code is specified, an HTTP response code 302 (temporary movement) is generated ). To use other response codes in the range of-, you only need to specify them here (or use one of the following Symbol names: temp (default), permanent, seeother ). The canonicalized URL can be fed back to the client, for example "/~" Rewrite it to "/u/", or always add a slash to/u/user, and so on.
Note: When using this tag, make sure that the field to be replaced is a valid URL. Otherwise, it will point to an invalid location! Remember that this flag only adds the http: // thishost [: thisport]/prefix to the URL, and the rewrite operation will continue. Generally, if you want to stop the rewrite operation and redirect immediately, you still need to use the "l' mark.
"Skip | S = num" (skip the successor rule)
This flag forces the rewrite engine to skip the num rules after the current matching rule. It can simulate the if-then-else structure: The last rule is the then clause, and the skipped skip = N rules are the else clause. Note: it is different from the "chain | C" Mark!
"Type | T = MIME-type" (mandatory MIME type)
The MIME type of the target file is forced to be MIME-type, which can be used to forcibly set the content type based on certain conditions. For example, the following command enables the. PHP file to be displayed by mod_php according to the php source code MIME type (application/x-httpd-PHP-source) when the. php file is called with the. phps extension:
RewriteRule ^ (. + \. php) s $1 [T = application/x-httpd-php-source]