Explanation of the. htaccess file

Enable. htaccess, you need to modify httpd.conf, enable allowoverride, and use allowoverride to limit the usage of specific commands

Generally speaking,. Htaccess can help us implement include: folder password protection, user Auto Redirect, custom error page, change your file extension, block specific IP address of the user, only allow the specific IP address of the user, prohibit directory list, and use other files as index files and other features.

Create a. htaccess document

. htaccess is a quirky file name (from Win's point of view, it has no file name, only a 8-letter extension, but in fact it is under the name of Linux, and many things under Linux, we always think it is very strange), In the win system can not be created directly through the "new" file, but we can use the copy in CMD to achieve, such as copy Sample.txt. htaccess. You can also create a htaccess.txt, and then FTP to the server, using FTP to modify the file name.

Custom error page
One application of the. htaccess is the custom error page, which will allow you to have your own, personalized error pages (such as when a file is not found), rather than the error page provided by your service provider or no pages. This will make your site look more professional in the wrong time. You can also use a script to notify you when an error occurs (for example, to automatically email you when a page is not found).
Any page error code that you know (like 404 cannot find a page) can be changed into a custom page by adding the following text to the. htaccess file:
ErrorDocument errornumber/file.html
For example, if I have a notfound.html file under my root directory, I want to use it as a page for 404 error:
ErrorDocument 404/notfound.html
If the file is not in the root directory of the site, you only need to set the path to:
ErrorDocument 500/errorpages/500.html
The following are some of the most common errors:
401–authorization Required need to verify
400–bad Request Error Requests
403–forbidden Forbidden
500–internal Server error Internal servers errors
404–wrong Page Not found
Next, all you have to do is create a file that appears when the error occurs, and then upload them with the. htaccess.

.htaccess command
Suppress directory Listings
Sometimes, for some reason, there is no index file in your directory, which means that when someone types the path to the directory in the browser's address bar, all the files in that directory will be displayed, which will leave your site with a security risk.
To avoid this situation (without having to create a bunch of new index files), you can type the following command in your. htaccess document to block

Display of directory Listings:
Options-indexes

Block/allow a specific IP address
In some cases, you may want to allow only certain IP users to access your website (for example, only users with a particular ISP are allowed to enter a directory), or to block certain IP addresses (for example, to isolate low-level users from your information layout). Of course, this is only useful if you know the IP address you want to intercept, but now most users on the Web use dynamic IP addresses, so this is not a common method of limiting usage.
You can use the following command to block an IP address:
Deny from 000.000.000.000
The 000.000.000.000 here is the banned IP address, and if you specify only a few of them, you can block the entire network segment address. If you enter 210.10.56., all IP addresses of the 210.10.56.0~210.10.56.255 will be blocked.
You can use the following command to allow an IP address to access a Web site:
Allow from 000.000.000.000
The allowed IP address is 000.000.000.000, you can allow the entire network segment like a block IP address.
If you want to prevent everyone from accessing the directory, you can use:
Deny from all
However, this does not affect the script to use the document under this directory.

Replace index file
Maybe you don't want to always use index.htm or index.html as the index file for the directory. For example, if your site uses PHP files, you might want to use index.php as the index document for that directory. Of course, it doesn't have to be limited to the "index" document, if you want to, use. htaccess you can even set Foofoo.balh as your index document!
These alternate index files can be lined up in a list, and the server looks from left to right to check which documents exist in the real directory. If one is not found, it will display the list of directories (unless you have closed the list of displayed directory files).
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm

Redirect (rewrite)

1. Open mod_rewrite:
LoadModule Rewrite_module modules/mod_rewrite.so
2.
<directory/>
Options +indexes +followsymlinks +execcgi
AllowOverride All
Order Allow,deny
Allow from all
</Directory>

3. Create the rule in the. htaccess file:

Rewriteengine on
Rewriterule ^index (\d+) \.html$/index.php?id=$1

Password protection
Although there are all kinds of. htaccess usage, the most popular is probably the most useful way to use it for reliable password protection on the site directory. Although JavaScript can be done, but only. Htaccess has perfect security (that is, visitors must know the password to access the directory, and there is absolutely no "backdoor" to go).
Use the. htaccess to add a directory with password protection in two steps. The first step is to add the appropriate lines of code to your. htaccess document, and then put the. htaccess document in the directory you want to protect:
AuthName "section Name"
AuthType Basic
authuserfile/full/path/to/.htpasswd
Require Valid-user
You may need to modify some of the above content according to your website, such as replacing section name with the protected part's name "Members Area".
/FULL/PARTH/TO/.HTPASSWD should be replaced with a full server path that points to the. htpasswd file, which is detailed later in this document. If you do not know the full path of your site space, please ask your system administrator.
Password-protected. htpasswd files
The password protection of the directory is more troublesome than the other features of the. htaccess, because you must also create a document with a user name and password to access your website, and the information (default) is in a document called. htpasswd. Like. htaccess,. HTPASSWD is also a document that has a 8-bit extension without a file name and can be placed anywhere on your site (password should be encrypted), but it is recommended that you save it outside the Web root of the Web site so that it cannot be accessed over the network.
After you create the. htpasswd document (which can be created by using a text editor), the next step is to enter the user name and password to access the site, which should be:
Username:password
The location of "password" should be a password that has been encrypted. There are several ways you can get encrypted passwords: One is to use an online Permade script or write one yourself, and the other very good Username/password encryption service is through the KXS website, which allows you to enter your username and password, and then generate a password in the correct format. For multiple users, you only need to add a single line of the same format to the. htpasswd document. There are also some free scripting programs that can be conveniently managed. HTPASSWD documents, which can be automatically added/removed by users, etc.
When you try to access a directory protected by the. htaccess password, your browser pops up the standard Username/password dialog window. If you do not like this way, some scripts can allow you to embed the Username/password input box in the page to authenticate, you can also enter the user name and password (unencrypted) in the URL box of the browser in the following way:
Http://username:[email protected]/directory/

More commonly used is basically these, if you want to more specific understanding of the use of htaccess, that can refer to the Appache doc in the relevant documents.