The .htaccess file allows us to modify some server settings for a particular directory and its subdirectories. Although this type of configuration is best handled in the section of the server's own configuration file, sometimes we do not have permission to access this configuration file at all, especially when We are on a shared hosting host, and most shared hosting providers only allow us to change server behavior in .htaccess.
The .htaccess file is a simple text file. Note the "." in front of the file name is important. We can edit it with your favorite text editor, upload it to our server and place it where we want to change the server default behavior Under the directory.
What we can do with .htaccess files include: setting password protection for folders, creating redirects, adjusting PHP settings, controlling file caching, controlling how the server handles extensions (for example, we can have an HTML file run through a PHP module, Rather than simply parsing it through the web server) and changing how the file is returned to the visitor. Now I start to introduce the most common usage of this file.
1, prohibit the non-indexed file directory list display
By default, the server displays a list of files and subdirectories for that directory when we visit one of the site's indexless files (such as index.html, index.htm, or index.php), which is very dangerous because it May reveal the internal structure of the site, and may inadvertently disclose the file containing sensitive information, in order to prohibit such behavior, we can create an .htaccess file in the root of the site, as follows:
Options -Indexes
2, create a redirect or change the response status of the missing file
When we request a file that can not be found from the server, the server returns a 404 status code by default, and the browser and the visitor know that the file can not be found at the location specified by the URL, but this is a generic message without Great practical significance, we hope to tell browsers and visitors more useful information, such as:
◆ files are permanently removed
The status code 301 tells the browser that the file has been permanently moved to another location so that we can redirect through the .htaccess file, for example, using the following code to redirect the browser to the new address:
Redirect 301 /path/from/htaccess/file.html http://www.jzread.com/path/file.html
◆ files are temporarily removed
The status code 307 tells the browser that the file has been removed, but this is temporary and the browser will access the new address upon receiving the 301 status code without changing the file's link or creating a cache for the new address (unless it Controlled by the Cache-Control or Expired header information fields), the browser continues to request the source address each time.
Redirect 307 /path/from/htaccess/file.html http://www.jzread.com/path/file.html
◆ file does not exist
The status code 410 tells the browser that the file it requested has been permanently deleted from the server, unlike 404, which simply means that the file is not here, and 410 means the file is not only there but not elsewhere.
Redirect 410 /path/from/htaccess/file.html
3, create a custom error response page
If we do not return a status code to the browser, we can create our own error page. We can create a custom error page. For example, we can create an unauthorized error page for the 401 status code. For the 404 status code, we can Create a page not found error, we need to do is modify the .htaccess file, add the following two lines of code:
ErrorDocument 401 /path/to/401.html
ErrorDocument 404 /path/to/404.html
4, to set different types of documents cache expiration time
This setting tells the browser how long to keep the file's cache, without having to expire before accessing the file without making a request to the server. When the server returns the file to the browser, an Expires header is appended.
We can use the ExpiresDefault directive followed by a base time + time length to set the default expiration time for the file, using the ExpiresByType directive followed by a file type + base time + time length to specify the expiration time for a particular file type.
The base time can be the access time, which starts counting when requested by the browser, or it can be the modification time, counting from the time the file was last modified. Note that if you use the modification time, the dynamic content returned to the browser is not Will add Expires header, such as dynamically generated images, because non-existent files do not exist to modify the time.
The expiration time is used in combination with the base time. By adding a plus and a time, this time can give the year, month, day, hour, minute, second, and if we only use one unit, we can use the singular, for example, we can Specify it as "1 minute" or "10 minutes."
In the following example, I use the ExpiresDefault directive to set the default expiration time for all files to 1 day, and then use the ExpiresByType directive to specify the expiration time for different file types.
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 day"
ExpiresByType image / png "access plus 30 days"
ExpiresByType image / jpeg "access plus 4 weeks"
ExpiresByType image / gif "access plus 1 month"
ExpiresByType image / x-icon "access plus 1 year"
ExpiresByType application / javascript "modification plus 2 weeks"
ExpiresByType text / css "modification plus 14 days"
</ ifModule>
5, the file is compressed before sending to the browser
Any modern browser can handle the server compressed files, this also is to reduce the page load time, if the server does not open by default the file compression feature, we can. Htaccess file to open.
AddOutputFilterByType DEFLATE text / html text / plain text / xml text / css application / javascript application / x-javascript application / rss + xml application / atom_xml text / javascript
Note that I did not turn on compression for image files here because our image files have been handled by other compression techniques.
6, set the password protection for the folder
To protect special folders containing sensitive data, we need to create a file containing a valid username and password, then add some settings to the .htaccess file, but the username and password are still sent to the server in clear text, so it's easy Managed by middlemen unless we use SSL.
First, let's create a file named .htpasswd, change the permissions to 600 (only the file owner has read and write permissions) so that other users can not access it.
touch .htpasswd
chmod 600 .htpasswd
After creating the file, we need to inject the user name and password into this file. If you are using Linux or Unix operating system, you can do it using the htpasswd command. If you can log in to your server via SSH then you can use htpasswd The user name and password in the .htpasswd file, if not, there are many online tools (such as http://www.htaccesstools.com/htpasswd-generator/) that can help you generate the password used in the .htpasswd file.
Use the following command to inject a user name and password into this file:
htpasswd [passwd file] [user]
Such as:
htpasswd .htpasswd juan
It prompts you for the password, and then he encrypts the password and saves it to the .htpasswd file. If Apache is installed on any system other than Windows, Netware, and TPF, an IBM mainframe, by default it calls the crypt () function to encrypt the password. Use this command we can create multiple users, and can modify the existing user's password, you can use the-n parameter to obtain the encrypted password string value.
htpasswd -n juan
It will return a string like this:
juan: n94xSo6uSwhCY
Then use a text editor to open. Htpasswd file, paste the contents of the above back to the file, each line represents a user.
You can also use the -m parameter to invoke the md5 encryption method to encrypt passwords, using md5 encryption by default under Windows, Netware, and TPF, or SHA encryption using the -s parameter, telling the command to invoke the crypt function with the -d parameter, On most systems, this is also the default behavior.
If the file does not exist, add-c parameter, it will create a file, if the file already exists, add this parameter will overwrite the entire file, leaving only the newly created user, if you want to delete one of the .htpasswd file User, using the -D parameter.
Finally, we can use it in combination with other commands. If we add the parameter -b, we can add the password directly to the command, but this is insecure.
htpasswd .htpasswd juan randompassword
After creating the user, they can access this directory and its subdirectories, but we also need to add an .htaccess file in the folder to be protected as follows:
AuthName "Please authenticate in order to access the contents of this folder"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
AuthName here refers to the prompt message asking you to enter your user name and password. AuthType indicates the type of authentication you need. In this example, I just want to pop up a dialog asking for the user name and password, so set it to Basic and AuthUserFile Is the file location where usernames and passwords are stored, in this case the .htpasswd file, which is the same location as our .htaccess file, and Require valid-user specifies that only legitimate users included in the .htpasswd file should be able to access it.
7, HTML files will be used as PHP files
In order to use the html extension file as a php file, add the following to the .htaccess file:
AddType application / x-httpd-php .htm
AddType application / x-httpd-php .html
This server will HTML file parsed as a PHP file.
8, modify the PHP settings
If we can not access the php.ini file, some hosting providers allow us to change .htaccess files to change some PHP settings. For example, I want to generate thumbnails of uploaded images. Some hosting providers default to limiting PHP memory to 2MB, Obviously to generate thumbnails is not enough, so I want to change this limit larger, such as increased to 16MB, if you want to remove the memory limit, you can set it to -1.
In order to modify the PHP settings in the .htaccess file, the server must have the AllowOverride Options (or AllowOverride all) option enabled. In that case, we simply add the following line to the .htaccess file:
php_value memory_limit 16M