. htaccess is a very powerful distributed configuration file for the Apache server. The correct understanding and use of the. htaccess file can help us optimize our own servers or virtual hosts. For example, you can use the. htaccess file to create a custom "404 error" page to change the configuration of many servers. All we need to do is just add a few simple instructions to the text document.
UNIX or Linux systems, or any version of the Apache Web service, are supported. htaccess, but some hosting providers may not allow you to customize your own. htaccess files. The current mainstream virtual host provider in foreign countries, almost all support customization features.
Enable. htaccess, you need to modify httpd.conf, enable allowoverride, and you can use allowoverride to restrict the use of specific commands
If you need to use a filename other than. htaccess, you can change it with the Accessfilename directive. For example, if you need to use. config, you can configure it in the server configuration file in the following ways:
Accessfilename. config
Generally speaking,. Htaccess can help us implement including: folder password protection, user automatic redirection, custom error page, change your file extension, block specific IP address users, only allow a specific IP address, prohibit directory list, and use other files as index files, and some other features.
Create a. htaccess document
. htaccess is an odd file name (from Win's point of view, it doesn't have a filename, only a 8-letter extension, but it's actually a name under Linux, and a lot of Linux stuff, we always think it's weird), In the win system is not directly through the "new" file to create, but we can use the copy in CMD to implement, such as Copy Sample.txt. htaccess. You can also create a htaccess.txt, and then FTP to the server, through FTP to modify the file name.
Custom error page
One application of htaccess is to customize the error page, which will allow you to have your own, personalized error page (for example, when you can't find a file), not your service provider's error page or no page. This will make your site look more professional when it goes wrong. You can also use a script to notify you when something is wrong (such as automatically email you when a page is not found).
Any page error code you know (like 404 can't find a page) can be made into a custom page by adding the following text to the. htaccess file:
ErrorDocument errornumber/file.html
For example, if I have a notfound.html file under my root directory, I want to use it as a 404 error page:
ErrorDocument 404/notfound.html
If the file is not in the root directory of the site, you only need to set the path to:
ErrorDocument 500/errorpages/500.html
Here are some of the most common errors:
401–authorization Required Need verification
400–bad Request Error Requests
403–forbidden forbid
500–internal Server error Internal servers errors
404–wrong Page Not found
Next, all you have to do is create a file that appears when the error occurs, and then upload it with the. htaccess.
.htaccess command
Disable display of directory listings
Sometimes, for some reason, there is no index file in your directory, which means that when someone has typed the path to the directory in the browser's address bar, all the files in that directory will be displayed, which will leave a security risk to your site.
To avoid this situation (without having to create a bunch of new index files), you can type the following command in your. htaccess document to block
Display of directory Listings:
Options-indexes
Block/allow a specific IP address
In some cases, you may want to allow only certain IP users to access your site (for example, only users of a particular ISP are allowed to enter a directory), or you might want to block certain IP addresses (for example, isolating low-level users from your information layout). Of course, this is only useful when you know the IP address you want to intercept, but most users on the Web now use dynamic IP addresses, so this is not a common way to restrict usage.
You can use the following command to block an IP address:
Deny from 000.000.000.000
The 000.000.000.000 here is the banned IP address, and if you specify only a few of them, you can block the entire network segment's address. If you enter 210.10.56, you will ban all IP addresses for 210.10.56.0~210.10.56.255.
You can use the following command to allow an IP address to access a Web site:
Allow from 000.000.000.000
The allowed IP address is 000.000.000.000, and you can allow the entire network segment as if you were banned from IP addresses.
If you want to prevent everyone from accessing the directory, you can use:
Deny from all
This does not, however, affect the scripting program's use of documents in this directory.
Replace the index file
Maybe you don't want to always use index.htm or index.html as the index file for the directory. For example, if your site uses PHP files, you might want to use index.php as the index document for that directory. Of course, you don't have to limit yourself to "index" documents, if you want to, use. htaccess you can even set up Foofoo.balh to be your index document!
These alternate index files can be lined up in a list, and the server searches from left to right to check which documents exist in the real directory. If one is not found, it will display the list of directories (unless you have turned off the list of directory files).
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm
Redirect (rewrite)
One of the most useful features of htaccess is redirecting requests to different documents within or outside the station. This becomes extremely useful when you change a file name, but still want users to access it with their old address. Another application (which I found useful) is to redirect to a long URL, for example, in my newsletter, I can use a very short URL to point to my affiliate link. The following is an example of a redirected file:
Redirect/location/from/root/file.ext http://minidx.com/new/file/location.xyz
In the example above, access to the root directory named oldfile.html can be typed:
/oldfile.html
To access a file in an older subdirectory, you can type:
/old/oldfile.html
You can also use the. htaccess to redirect the entire Web site's directory. If you have a directory named OldDirectory on your site, and you have set up the same document on a new website http://minidx.com/newdirectory/, you can redirect all files in the old directory without one by one statements:
Redirect/olddirectory http://minidx.com/newdirectory
In this way, any request to the/olddirectory directory in the site will be pointed back to the new site, including additional URL information. For example, someone type:
http://minidx.com/olddirecotry/oldfiles/images/image.gif
The request will be redirected to:
http://minidx.com/newdirectory/oldfiles/images/image.gif
If used correctly, this feature will be extremely powerful.
Note: Because Windows Live writer edits this article, you will automatically add hyperlinks when you encounter http://, so there is a special space added to it, which is not.
Password protection
Although there are all kinds of. htaccess usage, the most popular and perhaps most useful practice is to use it for secure password protection in the Web site directory. Although JavaScript can be done, only. Htaccess has the perfect security (that is, visitors must know the password to access the directory, and there is no "backdoor" to go).
Use. htaccess to add a directory password protection two steps. The first step is to add the appropriate few lines of code to your. htaccess document and put the. htaccess document in the directory you want to protect:
AuthName "section Name"
AuthType Basic
authuserfile/full/path/to/.htpasswd
Require Valid-user
You may need to modify some of these sections based on your site, such as substituting "section name" with the protected part name "Members Area".
/FULL/PARTH/TO/.HTPASSWD should be replaced with a full server path that points to the. htpasswd file (later detailing the document). If you don't know the full path to your site's space, ask your system administrator.
Password-protected. htpasswd file
The password protection of the directory is more cumbersome than the other features of the. htaccess because you have to create a document that contains a username and password to access your site, and the information (default) is in a document named. htpasswd. Like. htaccess,. HTPASSWD is also a document without a filename and has a 8-bit extension that can be placed anywhere on your site (the password should be encrypted), but it is recommended that you save it in the Web root directory of your Web site so that you cannot access it through the network.
After you create the. htpasswd document (which you can create from a text editor), the next step is to enter a username and password for accessing the Web site, which should be:
Username:password
The location of "password" should be a password that has been encrypted. There are several ways you can get encrypted passwords: One is to use an online Permade script or write one yourself; another good Username/password encryption service is through the KXS Web site, which allows you to enter your username and password, and then generate the password in the correct format. For multiple users, you only need to add a single line of the same format to the. htpasswd document. There are also a number of free scripting programs that can easily manage. htpasswd documents, which automatically add/remove users, and so on.
When you try to access a directory protected by the. htaccess password, your browser pops up the standard Username/password dialog window. If you don't like this, some scripts can allow you to embed the Username/password input box inside the page for authentication, and you can enter the username and password (unencrypted) in the browser's URL box as follows:
http://username:password@www.website.com/directory/
The more commonly used is basically this, if you want to more specific understanding of the use of htaccess, it can refer to the Appache doc related documents.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.