The Apache server customizes the two methods of the 404 page as well as the important command summary of the. htaccess

Source: Internet
Author: User
Tags block ip address password protection

There are two ways to customize the 404 error page for the Apache server:

The first method is the simplest, directly under the Apache httpd.conf Configuration Modification Command, the contents of the changes are described in. htaccess command syntax in the custom error page

The second method can be configured in the. htaccess file, see the custom error page in the htaccess command syntax.


Summary of usage methods for htaccess.

1. First let the local Apache server allow. htaccess modification

Open httpd.conf
(1)
Options FollowSymLinks
AllowOverride None

Switch
Options FollowSymLinks
AllowOverride All

(2) Remove the following comment
LoadModule Rewrite_module modules/mod_rewrite.so


2. htaccess notation

Create a. htaccess document

. htaccess has no file name, only a 8-letter extension, but in fact it is the name under Linux, in the win system is not directly through the "new" file to create

But there are two ways we can create

The first: Use copy in cmd, such as Copy sample.txt. htaccess

Second: First create a htaccess.txt, then FTP to the server, through FTP to modify the file name.


Protect. htaccess Documentation
When you set the password protection for a directory in. htaccess, it contains the path to the password. From a safety point of view, it is necessary to protect the. htaccess from being seen. While doing this with others is like the permissions of the document. But, the. htaccess itself can do so by simply adding the following instructions:

Order Allow,deny
Deny from all


Custom Error page
One application of the. htaccess is the custom error page, which will allow you to have your own, personalized error pages (such as when a file is not found), rather than the error page provided by your service provider or no pages. This will make your site look more professional in the wrong time. You can also use a script to notify you when an error occurs (for example, to automatically email you when a page is not found).
Any page error code that you know (like 404 cannot find a page) can be changed into a custom page by adding the following text to the. htaccess file:
ErrorDocument errornumber/file.html
For example, if I have a notfound.html file under my root directory, I want to use it as a page for 404 error:
ErrorDocument 404/notfound.html
If the file is not in the root directory of the site, you only need to set the path to:

ErrorDocument 500/errorpages/500.html

Note the path to the error page must be correct, otherwise it may appear: Additionally, a 404 Not Found error is encountered while trying to use an errordocument to handle t He request.


The following are some of the most common errors:
401–authorization Required need to verify
400–bad Request Error Requests
403–forbidden Forbidden
500–internal Server error Internal servers errors
404–wrong Page Not found
Next, all you have to do is create a file that appears when the error occurs, and then upload them with the. htaccess.


Suppress Directory listings
Sometimes, for some reason, there is no index file in your directory, which means that when someone types the path to the directory in the browser's address bar, all the files in that directory will be displayed, which will leave your site with a security risk.
To avoid this situation (without having to create a bunch of new index files), you can type the following command in your. htaccess document to block

Display of directory Listings:
Options-indexes

block/allow a specific IP address
In some cases, you may want to allow only certain IP users to access your website (for example, only users with a particular ISP are allowed to enter a directory), or to block certain IP addresses (for example, to isolate low-level users from your information layout). Of course, this is only useful if you know the IP address you want to intercept, but now most users on the Web use dynamic IP addresses, so this is not a common method of limiting usage.
You can use the following command to block an IP address:
Deny from 000.000.000.000
The 000.000.000.000 here is the banned IP address, and if you specify only a few of them, you can block the entire network segment address. If you enter 210.10.56., all IP addresses of the 210.10.56.0~210.10.56.255 will be blocked.
You can use the following command to allow an IP address to access a Web site:
Allow from 000.000.000.000
The allowed IP address is 000.000.000.000, you can allow the entire network segment like a block IP address.
If you want to prevent everyone from accessing the directory, you can use:
Deny from all
However, this does not affect the script to use the document under this directory.

Replace index file
Maybe you don't want to always use index.htm or index.html as the index file for the directory. For example, if your site uses PHP files, you might want to use index.php as the index document for that directory. Of course, it doesn't have to be limited to the "index" document, if you want to, use. htaccess you can even set Foofoo.balh as your index document!
These alternate index files can be lined up in a list, and the server looks from left to right to check which documents exist in the real directory. If one is not found, it will display the list of directories (unless you have closed the list of displayed directory files).

DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm


REDIRECT (rewrite)
One of the most useful features of the. Htaccess is redirecting requests to different documents within or outside the same station. This is extremely useful when you change a file name, but still want the user to have access to it with the old address. Another application (which I found useful) was to redirect to a long URL, for example, in my newsletter, I could use a very short URL to point to my affiliate link. The following is an example of a redirected file:
Redirect/location/from/root/file.ext http://minidx.com/new/file/location.xyz
In the example above, access to the root directory named oldfile.html can be typed:
/oldfile.html
To access a file in an old secondary directory, you can type:
/old/oldfile.html
You can also use. htaccess to redirect the entire site's directory. If you have a directory named OldDirectory on your website and you have created the same document on a new website http://minidx.com/newdirectory/, you can redirect all files in the old directory once without having to one by one declare:
Redirect/olddirectory http://minidx.com/newdirectory
Thus, any request to the/olddirectory directory in the site will be re-directed to the new site, including additional additional URL information. For example someone typed:
http://minidx.com/olddirecotry/oldfiles/images/image.gif
The request will be redirected to:
http://minidx.com/newdirectory/oldfiles/images/image.gif
If used correctly, this feature will be extremely powerful.

Note: As Windows Live Writer edits this article, it will automatically add a hyperlink when it encounters http://, so there is a space on it, which was originally not.

Password protection
Although there are all kinds of. htaccess usage, the most popular is probably the most useful way to use it for reliable password protection on the site directory. Although JavaScript can be done, but only. Htaccess has perfect security (that is, visitors must know the password to access the directory, and there is absolutely no "backdoor" to go).
Use the. htaccess to add a directory with password protection in two steps. The first step is to add the appropriate lines of code to your. htaccess document, and then put the. htaccess document in the directory you want to protect:
AuthName "section Name"
AuthType Basic
authuserfile/full/path/to/.htpasswd
Require Valid-user
You may need to modify some of the above content according to your website, such as replacing section name with the protected part's name "Members Area".
/FULL/PARTH/TO/.HTPASSWD should be replaced with a full server path that points to the. htpasswd file, which is detailed later in this document. If you do not know the full path of your site space, please ask your system administrator.
Password-protected. htpasswd files
The password protection of the directory is more troublesome than the other features of the. htaccess, because you must also create a document with a user name and password to access your website, and the information (default) is in a document called. htpasswd. Like. htaccess,. HTPASSWD is also a document that has a 8-bit extension without a file name and can be placed anywhere on your site (password should be encrypted), but it is recommended that you save it outside the Web root of the Web site so that it cannot be accessed over the network.
After you create the. htpasswd document (which can be created by using a text editor), the next step is to enter the user name and password to access the site, which should be:
Username:password
The location of "password" should be a password that has been encrypted. There are several ways you can get encrypted passwords: One is to use an online Permade script or write one yourself, and the other very good Username/password encryption service is through the KXS website, which allows you to enter your username and password, and then generate a password in the correct format. For multiple users, you only need to add a single line of the same format to the. htpasswd document. There are also some free scripting programs that can be conveniently managed. HTPASSWD documents, which can be automatically added/removed by users, etc.
When you try to access a directory protected by the. htaccess password, your browser pops up the standard Username/password dialog window. If you do not like this way, some scripts can allow you to embed the Username/password input box in the page to authenticate, you can also enter the user name and password (unencrypted) in the URL box of the browser in the following way:
Http://username:[email protected]/directory/



Prevent hotlinking

Do not like others on the Web page connected, the document, also htaccess instructions to do.

The instructions are as follows:

Rewriteengine on
Rewritecond%{Http_referer}!^$
Rewritecond%{http_referer}!^http://(www.) mydomain.com/.*$ [NC]
Rewriterule. (gif&line;jpg) $-[F]

Feel that let other people's page open a skylight is not good-looking, then use a one to replace:

Rewriteengine on
Rewritecond%{Http_referer}!^$
Rewritecond%{http_referer}!^http://(www.) mydomain.com/.*$ [NC]
Rewriterule. (gif&line;jpg) $ http://www.mydomain.com/Alternative name [r,l]

Other additions:
Before giving a look at how to configure Apache to support. htaccess files, first make a statement: using the. htaccess file reduces a bit of performance for the httpd server.

If you need to use a file name other than. htaccess, you can use the Accessfilename directive to change it.
For example, if you need to use. config, you can configure it in the server configuration file in the following ways:

Accessfilename. config typically, the. htaccess file uses the same configuration syntax as the master configuration file. The allowoverride directive determines, by category, which directives in the. htaccess file are valid.

3. Where the. htaccess file is not used
In general, you should not use. htaccess files unless you have no access to the master profile. There is a common misconception that user authentication can only be achieved through the. htaccess file, which is not true, and it is perfectly feasible to write user authentication in the main configuration file, and it is a good method.
The. htaccess file should be used when the content provider needs to change the configuration of the server for a specific directory without root privileges. If the server administrator is reluctant to modify the configuration frequently, you can allow the user to modify the configuration by using the. htaccess file itself, especially if the ISP runs multiple user sites on the same machine and wants the user to change the configuration themselves.
Even so, it is generally best to avoid using. htaccess files. Any configuration that you wish to place in the. htaccess file can be placed in the section of the master configuration file and is more efficient.
There are two main reasons for avoiding the use of. htaccess files.
The first is performance. If the. htaccess file is enabled for allowoverride, Apache needs to find the. htaccess file in each directory, so whether or not it is actually used, enabling. Htaccess can result in degraded performance. In addition, for each request, you need to read the. htaccess file once.
Also, Apache must look up the. htaccess file in all superior directories to make all valid directives work, so if you request a page in/ctusky/ctu/sky, Apache must look for the following files:

/.htaccess
/ctusky/.htaccess
/ctusky/ctu/.htaccess

/ctusky/ctu/sky/.htaccess

There will be a total of 4 additional files to access, even if none of these files exist, which is why this article began to say that it would affect the performance of the server.

Next is security. This allows the user to modify the configuration of the server itself, which may lead to some unexpected modifications, so consider carefully whether the user should be given such privileges.


Reference documents

Http://www.jb51.net/article/25492.htm

Http://www.jb51.net/article/25476.htm

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.