. htaccess is a plain text file that contains instructions related to Apache server configuration: URL rewriting, custom error pages, MIME type configuration, access control, and so on. Mainly embodied in pseudo-static applications, image anti-theft chain, custom 404 error page, block/allow specific IP/IP segments, directory Browsing and home page, prohibit access to the specified file type, file password protection, etc.. The htaccess's use range is primarily for the current directory.
I. Basic role of htaccess
Enable. htaccess, you need to modify httpd.conf, enable allowoverride, and use allowoverride to limit the usage of specific commands
If you need to use a file name other than. htaccess, you can use the Accessfilename directive to change it. For example, if you need to use. config, you can configure it in the server configuration file in the following ways:
Accessfilename. config
Generally speaking,. Htaccess can help us implement include: folder password protection, user Auto Redirect, custom error page, change your file extension, block specific IP address of the user, only allow the specific IP address of the user, prohibit directory list, and use other files as index files and other features.
Ii.. htaccess access Control
1. Access Control Basics: Order command
In order to restrict access to some critical directories, it is common to add. htaccess files, which are commonly written as follows:
<files ~ "^.*. ([Ll][oo][gg]) | ([Ee][xx][ee]) ">
Order Allow,deny
Deny from all
</Files>
Description
(1) The wavy line after Files indicates that "regular expression" is enabled, and the simple wording is: <files *>.
(2) Order command: With the Allow,deny parameter, Apache first finds and applies the Allow command, and then applies the Deny command to block all access, or you can use Deny,allow.
Third, URL rewrite
Here is an example of a simple URL rewrite rule:
# Open the Rewriteengine mode
Rewriteengine on
# Rewrite System rules do not modify
Rewriterule ^p/([0-9]+). html$ index.php?post_id=$1
Rewriterule ^u-(Username|uid)-(. +). html$ space.php?$1=$2
Where rewriteengine means to turn on URL rewriting, rewriterule is a rewrite rule.
Iv. Custom Error pages
One application of the. htaccess is the custom error page, which will allow you to have your own, personalized error pages (such as when a file is not found), rather than the error page provided by your service provider or no pages. This will make your site look more professional in the wrong time. You can also use a script to notify you when an error occurs (for example, to automatically email you when a page is not found).
Any page error code that you know (like 404 cannot find a page) can be changed into a custom page by adding the following text to the. htaccess file:
ErrorDocument errornumber/file.html
For example, if I have a notfound.html file under my root directory, I want to use it as a page for 404 error:
ErrorDocument 404/notfound.html
If the file is not in the root directory of the site, you only need to set the path to:
ErrorDocument 500/errorpages/500.html
The following are some of the most common errors:
401–authorization Required need to verify
400–bad Request Error Requests
403–forbidden Forbidden
500–internal Server error Internal servers errors
404–wrong Page Not found
Next, all you have to do is create a file that appears when the error occurs, and then upload them with the. htaccess.
.htaccess command
? Disable display of directory listings
Sometimes, for some reason, there is no index file in your directory, which means that when someone types the path to the directory in the browser's address bar, all the files in that directory will be displayed, which will leave your site with a security risk.
To avoid this situation (without having to create a bunch of new index files), you can type the following command in your. htaccess document to block
Display of directory Listings:
Options-indexes
? block/allow specific IP addresses
In some cases, you may want to allow only certain IP users to access your website (for example, only users with a particular ISP are allowed to enter a directory), or to block certain IP addresses (for example, to isolate low-level users from your information layout). Of course, this is only useful if you know the IP address you want to intercept, but now most users on the Web use dynamic IP addresses, so this is not a common method of limiting usage.
You can use the following command to block an IP address:
Deny from 000.000.000.000
The 000.000.000.000 here is the banned IP address, and if you specify only a few of them, you can block the entire network segment address. If you enter 210.10.56., all IP addresses of the 210.10.56.0~210.10.56.255 will be blocked.
You can use the following command to allow an IP address to access a Web site:
Allow from 000.000.000.000
The allowed IP address is 000.000.000.000, you can allow the entire network segment like a block IP address.
If you want to prevent everyone from accessing the directory, you can use:
Deny from all
However, this does not affect the script to use the document under this directory.
? Replace the index file
Maybe you don't want to always use index.htm or index.html as the index file for the directory. For example, if your site uses PHP files, you might want to use index.php as the index document for that directory. Of course, it doesn't have to be limited to the "index" document, if you want to, use. htaccess you can even set Foofoo.balh as your index document!
These alternate index files can be lined up in a list, and the server looks from left to right to check which documents exist in the real directory. If one is not found, it will display the list of directories (unless you have closed the list of displayed directory files).
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm
? Redirect (rewrite)
One of the most useful features of the. Htaccess is redirecting requests to different documents within or outside the same station. This is extremely useful when you change a file name, but still want the user to have access to it with the old address. Another application (which I found useful) was to redirect to a long URL, for example, in my newsletter, I could use a very short URL to point to my affiliate link. The following is an example of a redirected file:
Redirect/location/from/root/file.ext http:///new/file/location.xyz
In the example above, access to the root directory named oldfile.html can be typed:
/oldfile.html
To access a file in an old secondary directory, you can type:
/old/oldfile.html
You can also use. htaccess to redirect the entire site's directory. If you have a directory named OldDirectory on your website and you have created the same document on a new website http:///newdirectory/, you can redirect all files in the old directory once without having to one by one declare:
Redirect/olddirectory http:///newdirectory
Thus, any request to the/olddirectory directory in the site will be re-directed to the new site, including additional additional URL information. For example someone typed:
http:///olddirecotry/oldfiles/images/image.gif
The request will be redirected to:
http:///newdirectory/oldfiles/images/image.gif
If used correctly, this feature will be extremely powerful.
Share some of the usual settings
1. Time zone settings
Sometimes, when you use the date or Mktime function in PHP, it shows some strange information because of the time zone difference. Here is one way to solve this problem. is to set the time zone of your server. You can find a list of all supported time zones here.
1.SETENV TZ Australia/melbourne
2. seo/seo.html "target=" _blank "> Search Engine Friendly 301 Permanent steering method
Why is this search engine friendly? Because many modern search engines now have the ability to update their existing records according to the Check 301 permanent turn.
1.Redirect 301 Http://www.aqee.net/home http://www.aqee.net/
3. Block the Download dialog box
Usually, when you download something, you'll see a dialog box asking if you'd like to keep the file or open it directly. If you don't want to see this, you can put the following piece of code in your. htaccess file.
1.AddType Application/octet-stream. pdf
2.AddType application/octet-stream. zip
3.AddType Application/octet-stream. mov
4. Omit WWW prefixes
One of the principles of SEO is to make sure that your site has only one URL. Therefore, you need to turn all the access through the WWW to non-www, or reverse this.
1.RewriteEngine on
2.RewriteBase/
3.RewriteCond%{http_host} ^www.aqee.net [NC]
4.RewriteRule ^ (. *) $ http://aqee.net/$1 [l,r=301]
5. Personalize the error page
Customize your own error page for each error code.
1.ErrorDocument 401/error/401.php
2.ErrorDocument 403/error/403.php
3.ErrorDocument 404/error/404.php
4.ErrorDocument 500/error/500.php
6. Compressing files
Optimize your website's access speed by compressing your file volume.
1.# compressed text, HTML, JavaScript, CSS, xml:
2.AddOutputFilterByType DEFLATE Text/plain
3.AddOutputFilterByType DEFLATE text/html
4.AddOutputFilterByType DEFLATE Text/xml
5.AddOutputFilterByType DEFLATE Text/css
6.AddOutputFilterByType DEFLATE Application/xml
7.AddOutputFilterByType DEFLATE Application/xhtml+xml
8.AddOutputFilterByType DEFLATE Application/rss+xml
9.AddOutputFilterByType DEFLATE Application/javascript
10.AddOutputFilterByType DEFLATE Application/x-javascript
7. cache files
Caching files is another good way to improve your website's speed of access.
1.<filesmatch ". (flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf) $ ">
2.Header set Cache-control "Max-age=2592000″
3.</filesmatch>
8. Disable the use of caching for certain file types
On the other hand, you can also customize the use of caching for certain file types.
1.# Explicit rules prohibit the use of caching for scripts and other dynamic files
2.<filesmatch ". (pl|php|cgi|spl|scgi|fcgi) $ ">
3.Header unset Cache-control
4.</filesmatch>
Security issues
The following htaccess code can improve the security level of your Web server. Image link theft protection is useful to prevent others from stealing image resources on your server.
1. Put hotlinking through. htaccess
Hate the behavior of stealing the image resources on your Web server and draining your bandwidth? Try this, you can prevent this kind of thing from happening.
1.RewriteBase/
2.RewriteCond%{http_referer}!^$
3.RewriteCond%{http_referer}!^http://(www.) aqee.net/.*$ [NC]
4.RewriteRule. (gif|jpg|swf|flv|png) $/feed/[r=302,l]
2. Anti-hacker
If you want to improve the security level of your website, you can remove the following lines of code, which will prevent some common malicious URLs from being matched by hacker attack techniques.
1.RewriteEngine on
2.
3.# Proc/self/environ? No way!
4.RewriteCond%{query_string} Proc/self/environ [OR]
5.
6.# Block script attempts to modify Mosconfig value by URL
7.RewriteCond%{query_string} mosconfig_[a-za-z_]{1,21} (=|%3d) [OR]
8.
9.# blocking Base64_encode spam messages passed through URLs
10.RewriteCond%{query_string} base64_encode.* (. *) [OR]
11.
12.# block scripts that contain <script> tags in URLs
13.RewriteCond%{query_string} (<|%3c). *script.* (>|%3e) [Nc,or]
14.
15.# block attempts to set PHP's globals variable by URL script
16.RewriteCond%{query_string} GLOBALS (=|[| %[0-9a-z]{0,2}) [OR]
17.
18.# block attempts to set PHP's _request variable by URL script
19.RewriteCond%{query_string} _request (=|[| %[0-9a-z]{0,2})
20.
21.# turn all blocked requests to the 403 Forbidden prompt page!
22.RewriteRule ^ (. *) $ index.php [f,l]
3. Block access to your. htaccess file
The following code can prevent someone from accessing your. htaccess file. Similarly, you can also set block multiple file types.
1.# Protect your htaccess files
2.<files .htaccess>
3.order Allow,deny
4.deny from all
5.</files>
6.
7.# preventing viewing of specified files
8.<files secretfile.jpg>
9. Order Allow,deny
Ten. Deny from all
11.</files>
12.
13.# multiple file types
14.<filesmatch ". (HTACCESS|HTPASSWD|INI|PHPS|FLA|PSD|LOG|SH) $ ">
. Order Allow,deny
. Deny from all
17.</filesmatch>
Prohibit script execution and enhance your directory security
1.# prohibit script execution permissions in some directories
2.AddHandler cgi-script. php. pl. py. jsp. asp. htm. shtml. Sh. CGI
3.options-execcgi
The basic role of htaccess and the introduction of related grammar