1. Password-protected. htaccess file
Although there are all kinds of. htaccess usage, the most popular and perhaps most useful practice is to use it for secure password protection in the Web site directory. Although Javascrip can do so, only. Htaccess has the perfect security (that is, visitors must know the password to access the directory, and there is no "backdoor" to go).
Use. htaccess to add a directory password protection two steps. The first step is to add the appropriate few lines of code to your. htaccess document and put the. htaccess document in the directory you want to protect:
You may need to modify some of these sections based on your site, such as substituting "section name" with the protected part name "Members Area".
/FULL/PARTH/TO/.HTPASSWD should be replaced with a full server path that points to the. htpasswd file (later detailing the document). If you don't know the full path to your site's space, ask your system administrator.
2. Password-protected. htpasswd file
The password protection of the directory is more cumbersome than the other features of the. htaccess because you have to create a document that contains a username and password to access your site, and the information (default) is in a document named. htpasswd. Like. htaccess,. HTPASSWD is also a document without a filename and has a 8-bit extension that can be placed anywhere on your site (the password should be encrypted), but it is recommended that you save it in the Web root directory of your Web site so that you cannot access it through the network. 1516501417
When you use. htaccess to set the password protection for a directory, it contains the path to the password file. From a security point of view, it is necessary to protect the htaccess, and not let others see the content. Although this can be done in other ways, such as the permissions of the document. However, htaccess itself can do so simply by adding the following directive: 1516501417
Order Allow,deny
Deny from all
3. Configure. htaccess Enter user name and password
To use. htaccess to set access to the user and corresponding password for a document in a directory, the first thing to do is to generate a. htpasswd text document, such as:
Forge:y4e7ec8e7ewv
The password is encrypted, and the user can find some tools to encrypt the password into a. htaccess supported encoding. This document is best not to be placed in the WWW directory, it is recommended to be placed outside the WWW root document, which is more secure.
With the authorized user documentation, you can add the following directive to the. htaccess:
Server directory for AuthUserFile. htpasswd
Authgroupfile/dev/null (directories that require authorization to access)
AuthName Enterpassword
AuthType Basic (Authorization type)
Require user wsabstract (users who are allowed to access, you can use require valid-user if you want all users in the table to allow it)
Note, brackets part for the time of learning to add their own notes
Deny access from an IP
If I don't want a government department to access the content of my site, I can reject it by joining the department's IP in the. htaccess.
For example:
Order Allow,deny
Deny from 210.10.56.32
Deny from 219.5.45.
Allow from all
The second line rejects an IP, and the third line rejects an IP segment, which is 219.5.45.0~219.2.45.255
Want to reject everyone? With the Deny from all. Not only with IP, you can also use domain name to set.
After you create the. htpasswd document (which you can create from a text editor), the next step is to enter a username and password for accessing the Web site, which should be:
Username:password
The location of "password" should be a password that has been encrypted. There are several ways you can get encrypted passwords: One is to use an online Permade script or write one yourself; another good Username/password encryption service is through the KXS Web site, which allows you to enter your username and password, and then generate the password in the correct format.
For multiple users, you only need to add a single line of the same format to the. htpasswd document. There are also a number of free scripting programs that can easily manage. htpasswd documents, which automatically add/remove users, and so on.
4. Configure. htaccess direct access to encrypted web site
When you try to access a directory protected by the. htaccess password, your browser pops up the standard Username/password dialog window. If you don't like this, some scripts can allow you to embed the Username/password input box inside the page for authentication, and you can enter the username and password (unencrypted) in the browser's URL box as follows:
http://username:password@www.w3sky.com/directory/
5. Use. htaccess prevent hotlinking
If you do not like others to connect their own pictures and documents on their Web pages, you can also do so by htaccess instructions.
The required directives are as follows:
Rewriteengine on
Rewritecond%{Http_referer}!^$
Rewritecond%{http_referer}!^http://(www.) w3sky.com/.*$ [NC]
Rewriterule. (GIF &line;jpg) $-[F]
If you feel that letting someone else's page open a skylight doesn't look good, you can use a picture instead:
Rewriteengine on
Rewritecond%{Http_referer}!^$
Rewritecond%{http_referer}!^http://(www.) w3sky.com/.*$ [NC]
Rewriterule. (GIF &line;jpg) $ http://www.w3sky.com/Alternate picture file name [r,l]
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
