Htaccess to strengthen the security settings of the website tutorial detailed

Source: Internet
Author: User
Tags php and password protection

Through the. htaccess settings you can: Implement folder password protection, redirect, custom error page, change your file name extension, url rewrite, block IP, prohibit directory list, prohibit directory running a type of file, modify default directory files, and so on a series of functions.

Use the Script Editor, such as notepad++, VIM, editplus, etc. to create a new (. htaccess) file, note that this file is hidden under Linux by default, you need to set the FTP display hidden files to see OH.

Ways to customize error pages with. htaccess

System default error page is too ugly, you design a bar, can be PHP and other dynamic file format Oh.

Make the custom page by adding the following text to the. htaccess file:

ErrorDocument 404/err/404.php
ErrorDocument 503/err/503.php
Whether it is 404/403/400/503 and other errors can be designed to specify a page oh.

Use. htaccess to disable display of directory listings

Sometimes, your directory does not have the default index file, when someone in the browser address bar access to the directory, the directory all the files will be displayed, which will leave your site a security risk.

To avoid this situation (without having to create a bunch of new index files), you can block the display of directory listings by adding the following code to your. htaccess:

Options-indexes
Use. htaccess to block specific IP addresses

You want to allow certain IP-specific users access to your site (for example, only users of a particular ISP are allowed to enter a directory), or you want to block specific IP addresses (for example, isolating low-level users from your information layout).

Most users on the Web now use dynamic IP addresses, a method that is generally rarely used.

Use the following command to block an IP address:

Deny from 127.0.0.10
The 127.0.0.10 here is the banned IP address.

If you ban the address of the entire network segment, you can write

Deny from 210.10.56.
All IP addresses of 210.10.56.0~210.10.56.255 will be banned.

Use. htaccess to only allow an IP address to access a Web site:

Allow from 127.0.0.10
Of course, you can also want to run an IP segment access as above.

Use. htaccess to prevent everyone from accessing the directory

Deny from all
This command does not affect the Scripting program's use of documents in this directory.

Replace the default home page index file with. htaccess

If you want to change the default home file (index.htm, etc.). Use the. htaccess to specify any page as the default homepage!

The following code setting index.php/index.php3/messagebrd.pl/index.html/index.htm also specifies these pages as the default home page, from left to right, if there is access.

DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm
Use. htaccess redirection

Examples of redirected files:

Redirect/location/from/root/file.html/new/file/2.html

Haccess redirect the entire Web site's directory

If you have a directory named/olddirectory on your site, and you have created a new/newdirectory document, you can redirect all files in the old directory without one by one statements:

Redirect/olddirectory/newdirectory

Use. htaccess to protect passwords

Htaccess has the perfect security (that is, visitors must know the password to access the directory, and there is no "backdoor" to go).

1. Password-protected. htaccess file

Use. htaccess to add a directory password protection two steps.

Add a few lines of code to your. htaccess document and put the. htaccess document in the directory you want to protect:

AuthName "section Name"
AuthType Basic
authuserfile/full/path/to/.htpasswd
Require Valid-user
Modify the above content according to your website, such as the name "section name" with the protected part. /FULL/PARTH/TO/.HTPASSWD should be replaced with a full server path that points to the. htpasswd file (later detailing the document). If you don't know the full path to your site's space, ask your system administrator.

2. Password-protected. htpasswd file

The password protection of the directory is more cumbersome than the other features of the. htaccess because you have to create a document that contains a username and password to access your site, and the information (default) is in a document named. htpasswd. Like. htaccess,. HTPASSWD is also a document without a filename and has a 8-bit extension that can be placed anywhere on your site (the password should be encrypted), but it is recommended that you save it in the Web root directory of your Web site so that you cannot access it through the network.

3. Enter user name and password

After you create the. htpasswd document (which you can create from a text editor), the next step is to enter a username and password for accessing the Web site, which should be:

Username:password
The location of "password" should be a password that has been encrypted. There are several ways you can get encrypted passwords: One is to use an online Permade script or write one yourself; another good Username/password encryption service is through the KXS Web site, which allows you to enter your username and password, and then generate the password in the correct format.

For multiple users, you only need to add a single line of the same format to the. htpasswd document. There are also a number of free scripting programs that can easily manage. htpasswd documents, which automatically add/remove users, and so on.

4. Visit the website

When you try to access a directory protected by the. htaccess password, your browser pops up the standard Username/password dialog window. If you don't like this, some scripts can allow you to embed the Username/password input box inside the page for authentication, and you can enter the username and password (unencrypted) in the browser's URL box as follows:

http://username:password@www.website.com/directory/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.