Five common techniques for htaccess files

Source: Internet
Author: User
Tags html page php script regular expression password protection

1. Prevent hotlinking

Hotlinking is also called an inline link, which refers to a site's links directly to objects on another site. This can cause a loss of bandwidth and traffic to another site. For sites that provide a large number of pictures, this problem is more serious. Using htaccess can solve this problem.

We will follow the steps in the following step

First you have to open the mod_rewrite in Apache to implement the redirection of the user's request.

Next, set the condition with Rewritecond. This needs to be applied to two parameters teststring and condpattern.teststring are used to validate Condpattern strings (using regular Expressions). ${http_referer} is a domain name request variable supplied by Apache. To protect proxy server users from submitting blank requests, this allows users to send blank HTTP requests.

Next, use the same syntax to set the URL that allows the linked picture. command the last [NC] tag, just let the rewrite engine ignore it. You can add more domain names with the same syntax. For the convenience of example, I added my personal domain name.

Finally, the last line is to rewrite the rule to use if all of the above conditions are not satisfied. There are also two variable pattern and Substitution,pattern used to match the regular expression, substitution is to replace any matching use. At this point, the application should end with JPG, PNG, and GIF. After you find the application, replace it with white space. Through the label to further explain what to do, NC represents no match, F send 403 prohibit the error page to the user, L told the rewrite engine to stop rewriting, so the other rules are no longer applicable.

This method is quite simple, our goal is to tell users that we do not want them to steal our pictures, so simply do not send 403 error to prohibit the page directly to the hotlinking request to a picture. You can replace the last line of code with the following code.

#show an alternate image

Rewriterule. (jpg|png|gif) $ hotlink.jpeg [nc,r,l]

You can change the domain URL address to an image path, but you need to end with JPG, PNG, and GIF. Otherwise, the rules will be used again to cause a dead loop to the server. I recommend using. jpeg to solve this problem. Here R Mark replaces F to send a turn.

2. Block user via IP address

If there is a lot of spam on the Web site, you can block users by IP address. You can find their IP in the log file, just add the IP address to the htaccess file.

Order Deny,allow

Deny from 24.121.202.23

# Deny from 0.0.0.0

You can deny or allow IP access by using an order directive in the Mod_access module. These users can be prevented from accessing our directory as long as they use syntactic deny from IP addresses.

3.ErrorDocument

All professional Web sites will use custom error pages. You can use the ErrorDocument command to do this in Apache. The custom error page is much better than the default page.

ErrorDocument has two parameters Error-code and document. The code above is the most common HTTP Error prompt code: 404 Not Found, 403 blocked, 500 server error. You can provide the full URL or relative path to your error file. You can also turn to a PHP script, log an error with a database, or send a message to you (albeit a bit annoying). This is a great way to control the Web application. Take a look at the Smashing magazine 404 error page display to get some inspiration!

ErrorDocument 401/error/401.html//401 error to error/401.html page

ErrorDocument 403/error/403.html

ErrorDocument 404/error/404.html

ErrorDocument 500/error/500.html

4. Turn on upgrade

If your site is being upgraded, you will need to turn to another page to notify users to prevent users from seeing damaged pages or potential security vulnerabilities in the loading process. Before the page is open to all users, we need to allow specific IP access to test. All of these can be implemented on the htaccess file.

We still use mod_rewrite is just a reverse thinking. First we need to set the conditions to exclude the upgraded document, otherwise the server is stuck in a loop. Next, the test IP does not perform the steering. Finally, an upgrade page is sent back to the user with an overriding rule. The label is still the same as before, but directed to the 302 state, tells the browser that the page temporarily migrated and do the appropriate caching. Similarly in smashing Magazine, there are also a lot of website maintenance pages.

5. Hide Directory List

For security reasons, it is necessary to restrict the permissions of the directory list and the Apache default behavior. This can also be achieved on the htaccess file. Prevent visitors from seeing our catalog list.

Options-indexes

In this way, if a user sends a directory request without an index, the 403 block error page is displayed.

Is that any version of the Apache Web server is supported. htaccess. Generally speaking,. Htaccess can help us implement including: folder password protection, user automatic redirection, custom error page, change your file name extension, block specific IP address users, only allow specific IP address of users, prohibit directory list, and use other files as index files, and some other features.

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.