Guidance: Reasonable use of htaccess files, even without the administrative rights of the server can solve a lot of problems: for example, with htaccess anti-theft chain, to prevent thunder download, restrict the user access to the specified type of files. Judge user-agent stop Thunder Download.
Rewrite is a powerful, reasonable use of the htaccess file settings, even without the administrative rights of the server can solve many problems:
1. Restrict access to only one type of file control with htaccess
The order, files, and FilesMatch commands can be used in the httpd.conf configuration file to prevent users from viewing certain types of files, but when the user is rejected, they see "403 Forbidden". Please refer to the article: Prohibit uploading directory to run PHP method
If you do not want to hurt the user's feelings, you need to show something else, through htaccess to achieve:
- Rewriteengine on
- Rewritecond%{request_filename}!^ (. +). css$
- Rewritecond%{request_filename}!^ (. +). js$
- Rewritecond%{request_filename}!special.zip$
- Rewriterule ^ (. +) $/chat/[NC]
- The rule will only allow users to request. CSS,. js types of files and Special.zip files.
- Rewriterule later specifies the restriction rule: map to the/char/directory processing.
- Rewritecond "exclamation point" (!) in the back of the Plays the "negation" function, it shows that the rewriterule rule is applied to those who do not meet the following regular expression, that is, the rule will not be applied to files of the current type.
- Rewritecond is a logical "and" connection, that is, only if the three conditions are not satisfied when the rewriterule is executed.
- The rule also restricts access to. htm,. jpg, and other formats.
- The rule cannot be placed under the virtual site root (/) or it will die.
- If it is a level two directory, such as/test/, then the parameters passed in Rewritecond start with/test/, so the file name obtained from (. +) also contains/test/, which the reader must be cautious about.
- To get only the file name, you can replace (. +) with ([^/]+) and remove the symbol ^ as follows:
- Rewriteengine on
- Rewritecond%{request_filename}! ([^/]+). css$
- Rewritecond%{request_filename}! ([^/]+). js$
- Rewriterule ^ (. +) $/chat/[NC]
2. Use. htaccess to judge user-agent block Thunder Download
What is User-agent? User-agent is that all HTTP clients have to "tell" to the server so that the server responds differently to different clients. For example, a site may need to respond differently to browsers, search engine crawl, and various download tools. The server is differentiated by the so-called user-agent.
If your server provides downloads for certain resources, you will have to be cautious about downloading software such as "Thunder", as they may suck up your site resources and affect your normal visitor access. To do this, we can use rewrite to restrict access to certain UA:
- Rewriteengine on
- Rewritecond%{http_user_agent} 2.0.50727 [NC]
- Rewriterule. Abuse.txt [L]
- This rule restricts the "Thunderbolt" client from downloading resources and resets the download file to Abuse.txt
- Http_user_agent is an Apache built-in variable
- 2.0.50727 is the characteristic string of Thunderbolt user-agent
- The "dot" behind rewriterule means "arbitrary uri", that is, whatever is requested, outputs Abuse.txt
Generally, we do not limit only one UA. Use [OR] to achieve unified processing of multiple UA:
- Rewriteengine on
- Rewritecond%{http_user_agent} 2.0.50727 [Nc,or]
- Rewritecond%{http_user_agent} ^blackwidow [Nc,or]
- # etc..
- Rewritecond%{http_user_agent} ^net Vampire [NC]
- Rewriterule. Abuse.txt [L]
3. htaccess anti-Theft chain (hot-linking)
Hotlinking pictures are very shameful. Htaccess's rewrite can be very simple and effective anti-theft chain:
- Rewriteengine on
- Rewritecond%{http_referer}!^$
- Rewritecond%{http_referer}!^http://(www.) nowamagic.net/[NC]
- Rewritecond%{request_uri}!hotlink.png [NC]
- Rewriterule. *. (gif|jpg|png) $/hotlink.png [NC]
Simply explain the functionality of the rule:
- In addition to the site other than the website can not refer to the image of this site, in particular, may be understood as:
- If the reference site is "empty" or "local", or if the referenced object is "Hotlink.png", then access is allowed.
- Again, the default logical connection Word between rewritecond is logical "with".
- The difficulty here is to understand the logic transformation, namely the De Morgan law.
- Source: Reprint
- Former Academy of Modern Magic-http://www.nowamagic.net/academy/detail/1225940
- Copyright NOTICE: Welcome reprint, but please connect the way notes source, author.
- This article link address:Http://www.lao8.org/article_1445/htaccess_zuzhixunleixiazai
Htaccess Advanced Application: Anti-theft chain to prevent Thunder download and restrict access
