.htaccess Some knowledge
|
.htaccess can do a wide range of things, including: password protect folders, automatically redirect users, customize error pages, change your file extensions, block specific user IP addresses, only allow specific IP addresses, stop directory listings, use other files as index files, and more... 1. Introduction File name.htaccess Attribute 644 (RW-R–R–) htaccess will affect all subdirectories under the directory where it is located. Note that most content is required to be kept on one line, do not wrap, otherwise it will cause errors 2. Error Documents Official document: ErrorDocument Directive ErrorDocument code document example ErrorDocument 400 /errors/badrequest.html ErrorDocument 404 http://yoursite/errors/notfound.html ErrorDocument 401 "Authorization Required" (Note that any double quotes that appear in the following content need to be escaped as \") Common HTTP status codes Successful Client Requests 200 OK 201 Created 202 Accepted 203 Non-Authorative Information 204 No Content 205 Reset Content 206 Partial Content Client Request Redirected 300 Multiple Choices 301 Moved Permanently 302 Moved Temporarily 303 See Other 304 Not Modified 305 Use Proxy Client Request Errors 400 Bad Request 401 Authorization Required 402 Payment Required (not used yet) 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable (encoding) 407 Proxy Authentication Required 408 Request Timed Out 409 Conflicting Request 410 Gone 411 Content Length Required 412 Precondition Failed 413 Request Entity Too Long 414 Request URI Too Long 415 Unsupported Media Type Server Errors 500 Internal Server Error 501 Not Implemented 502 Bad Gateway 503 Service Unavailable 504 Gateway Timeout 505 HTTP Version Not Supported 3. Password Protection Official document: Authentication, Authorization and Access Control Assume the password file is .htpasswd AuthUserFile /usr/local/safedir/.htpasswd (the full path name must be used here) AuthName EnterPassword AuthType Basic Two common verification methods: Require user windix (Only user windix can log in) Require valid-user (All legitimate users can log in) Tip: How to generate a password file using the htpasswd command (built-in Apache) The first generation requires the creation of a password file htpasswd -c .htpasswd user1 Add new users later htpasswd .htpasswd user2 4. Enabling SSI Via htaccess AddType text/html .shtml AddHandler server-parsed .shtml Options Indexes FollowSymLinks Includes DirectoryIndex index.shtml index.html 5. Blocking users by IP order allow,deny deny from 123.45.6.7 deny from 12.34.5. (the entire class C address) allow from all 6. Blocking users/sites by referrer Blocking users/sites by referrer requires mod_rewrite module Example 1. Blocking a single referrer: badsite.com RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} badsite\.com [NC] RewriteRule .* – [F] Example 2. Block multiple referrers: badsite1.com, badsite2.com RewriteEngine on # Options +FollowSymlinks RewriteCond %{HTTP_REFERER} badsite1\.com [NC,OR] RewriteCond %{HTTP_REFERER} badsite2\.com RewriteRule .* – [F] [NC] – Case-insensite [F] – 403 Forbidden Note that the above code comments out the "Options +FollowSymlinks" statement. If the server does not have FollowSymLinks set in the httpd.conf section, you need to add this sentence, otherwise you will get a "500 Internal Server error" error. 7. Blocking bad bots and site rippers (aka offline browsers) Blocking bad bots and offline browsers requires mod_rewrite module Bad bots? For example, some bots that grab spam email addresses and bots that do not comply with robots.txt (such as Baidu?) They can be determined based on HTTP_USER_AGENT (But there are even more shameless ones like "zhongsou.com" which set their agent to "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)". It's too rogue, and there's nothing we can do about it.) RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR] RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR] RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR] RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR] RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR] RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR] RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR] RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR] RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR] RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR] RewriteCond %{HTTP_USER_AGENT} ^HMView [OR] RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR] RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR] RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR] RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR] RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR] RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR] RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR] RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR] RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR] RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR] RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR] RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR] RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR] RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR] RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR] RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR] RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR] RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR] RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR] RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR] RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR] RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR] RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR] RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR] RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR] RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] RewriteCond %{HTTP_USER_AGENT} ^Wget [OR] RewriteCond %{HTTP_USER_AGENT} ^Widow [OR] RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR] RewriteCond %{HTTP_USER_AGENT} ^Zeus RewriteRule ^.* – [F,L] [F] – 403 Forbidden [L] – Link 8. Change your default directory page DirectoryIndex index.html index.php index.cgi index.pl 9. Redirects to a single file Redirect /old_dir/old_file.html http://yoursite.com/new_dir/new_file.html Entire Directory Redirect /old_dir http://yoursite.com/new_dir Effect: Just like moving the directory http://yoursite.com/old_dir -> http://yoursite.com/new_dir http://yoursite.com/old_dir/dir1/test.html -> http://yoursite.com/new_dir/dir1/test.html Tip: Solution to Redirect not working when using user directory When you use Apache's default user directory, such as http://mysite.com/~windix, when you want to redirect to http://mysite.com/~windix/jump, you will find that the following Redirect does not work: Redirect /jump http://www.google.com The correct way is to change Redirect /~windix/jump http://www.google.com (source: .htaccess Redirect in “Sites” not redirecting: why? ) 10. Prevent viewing of .htaccess file order allow,deny deny from all 11. Adding MIME Types AddType application/x-shockwave-flash swf Tips: Set the type to application/octet-stream to prompt download 12. Preventing hot linking of images and other file types Anti-hot linking requires mod_rewrite module RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www/\.)?mydomain.com/.*$ [NC] RewriteRule \.(gif|jpg|js|css)$ – [F] Analysis: If HTTP_REFERER is not empty (the source is another site, not a direct connection) and if HTTP_REFERER does not start with (www.)mydomain.com (ignore case [NC]) (the source is not this site) Give 403 Forbidden error for all files ending with .gif/.jpg/.js/.css [F] You can also specify a response, as shown in the following example: RewriteRule \.(gif|jpg)$ [R,L] [R] – Redirect [L] – Link 13. Preventing Directory Listing IndexIgnore * IndexIgnore *.jpg *.gif Tips: Allow directory listing: Options +Indexes Disable directory listing: Options -Indexes Display prompt information: HEADER file, README file |
<<: inmotionhosting host introduction
>>: ixwebhosting dedicated IP and shared IP switching
![[Black Friday] aruba: unlimited traffic virtual hosting, 9.9 euros per year; .com 3.5 euros and other domain name discounts](/upload/images/67c9ec5be1f1b.webp)
Recommend
Juzi Data: 28 yuan/month/1GB memory/40GB SSD space/500GB traffic/15Mbps-30Mbps port/KVM/Japan CN2 GIA/Hong Kong BGP
Orange Data, a Chinese merchant, provides VPS, in...
Linode: S3 storage service, free 1TB monthly traffic, 250GB space, 5 USD monthly payment, optional Singapore
Linode is a very stable hosting provider with man...
Pyclouds: 99 yuan/quarter/384MB memory/10GB SSD space/4TB traffic/250Mbps port/KVM/San Jose HE
Pyclouds, a Chinese merchant, was established in ...
Netcup 6GB RAM German KVM VPS Review
Details: netcup: €1.99/month/1GB RAM/20GB/unlimit...
DMIT 2-core (AMD EPYC) 2GB RAM 50Mbps Bandwidth Los Angeles CN2 GIA KVM VPS Review
Details : DMIT: $11/month/2 cores/2GB memory/20GB...
[Black Friday] SpartanHost: Seattle/Dallas KVM VPS, Free 20Gb/s DDOS Protection, NVMe Hard Drive, 40% Off, High Cost-Effectiveness, Suitable for Website Building
SpartanHost is a stable merchant in the United St...
Pineapple Cloud: 12.9 yuan/month/192MB memory/20GB space/500GB traffic/50Mbps-200Mbps port/NAT/KVM/Guangzhou Mobile
Pineapple Cloud, a Chinese business, was establis...
Jiguang KVM: 39.7 yuan/month/2GB memory/30GB SSD space/600GB traffic/100Mbps port/KVM/Hong Kong CMI
Aurora KVM, a Chinese host manufacturer, was intr...
VPS Soldiers: $7/month/2GB RAM/40GB storage/3TB bandwidth/KVM/US
VPS Soldiers, a newly established US hosting comp...
VPS4Cheap: $3.5/month/512MB/5GB SSD/500GB traffic/KVM/Phoenix
VPS4Cheap, an Indian hosting provider, was establ...
[Black Friday] EZZHOST: €100/year/X3450/16GB memory/2TB hard drive/unlimited traffic/Romania
EZZHOST, a Romanian merchant, I don’t know if it ...
Host.ag: €66/month/E3-1240v6/8G memory/6TB hard disk/unlimited traffic/1Gbps/Bulgaria
Host.ag, a Bulgarian merchant, is a team-operated...
Avoro: €5.83/month/2 dedicated cores/8GB RAM/100GB SSD space/unlimited traffic/500Mbps port/DDOS/KVM/Germany
Avoro, a German merchant, was established at the ...
StockServers: $5/month/4GB memory/60GB SSD space/15TB traffic/1Gbps/KVM/Hetzner, Germany
StockServers is a foreign merchant that may be ne...
Mipony network hard disk, free space download tool
Mipony supports free storage including Megaupload...