- .htaccess 檔案(或者"分散式配置檔案")提供了針對目錄改變配置的方法, 即,在一個特定的文件目錄中放置一個包含一個或多個指令的檔案, 以作用於此目錄及其所有子目錄.[1]作為使用者,所能使用的命令受到限制.管理員可以透過Apache的AllowOverride指令來設定.
- 子目錄中的指令會覆蓋更高階目錄或者主伺服器配置檔案中的指令.
- .htaccess必須以ASCII模式上傳,最好將其許可權設定為644.
錯誤文件的定位
常用的客戶端請求錯誤返回程式碼:
401 Authorization Required
403 Forbidden
404 Not Found
405 Method Not Allowed
408 Request Timed Out
411 Content Length Required
412 Precondition Failed
413 Request Entity Too Long
414 Request URI Too Long
415 Unsupported Media Type
常見的伺服器錯誤返回程式碼:
500 Internal Server Error
使用者可以利用.htaccess指定自己事先製作好的錯誤提醒頁面.一般情況下,人們可以專門設立一個目錄,例如errors放置這些頁面.然後再.htaccess中,加入如下的指令:
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/internalerror.html
一條指令一行.上述第一條指令的意思是對於404,也就是沒有找到所需要的文件的時候得顯示頁面為/errors目錄下的notfound.html頁面.不難看出語法格式為:
ErrorDocument 錯誤程式碼 /目錄名/檔名.副檔名
如果所需要提示的資訊很少的話,不必專門製作頁面,直接在指令中使用HTML號了,例如下面這個例子:
ErrorDocument 401 "
你沒有許可權訪問該頁面,請放棄!
"
文件訪問的密碼保護
要利用.htaccess對某個目錄下的文件設定訪問使用者和對應的密碼,首先要做的是生成一個.htpasswd的文字文件,例如:
zheng:y4E7Ep8e7EYV
這裡密碼經過加密,使用者可以自己找些工具將密碼加密成.htaccess支援的編碼.該文件最好不要放在www目錄下,建議放在www根目錄文件之外,這樣更為安全些.
有了授權使用者文件,可以在.htaccess中加入如下指令了:
AuthUserFile .htpasswd的伺服器目錄
AuthGroupFile /dev/null (需要授權訪問的目錄)
AuthName EnterPassword
AuthType Basic (授權型別)
require user wsabstract (允許訪問的使用者,如果希望表中所有使用者都允許,可以使用 require valid-user)
注,括號部分為學習時候自己新增的註釋
拒絕來自某個IP的訪問
如果我不想某個政府部門訪問到我的站點的內容,那可以透過.htaccess中加入該部門的IP而將它們拒絕在外.
例如:
order allow,deny
deny from 210.10.56.32
deny from 219.5.45.
allow from all
(2)
保護.htaccess文件
在使用.htaccess來設定目錄的密碼保護時,它包含了密碼檔案的路徑.從安全考慮,有必要把.htaccess也保護起來,不讓別人看到其中的內容.雖然可以用其他方式做到這點,比如文件的許可權.不過,.htaccess本身也能做到,只需加入如下的指令:
order allow,deny
deny from all
URL轉向
我們可能對網站進行重新規劃,將文件進行了遷移,或者更改了目錄.這時候,來自搜尋引擎或者其他網站連結過來的訪問就可能出錯.這種情況下,可以透過如下指令來完成舊的URL自動轉向到新的地址:
Redirect /舊目錄/舊文件名 新文件的地址
或者整個目錄的轉向:
Redirect 舊目錄 新目錄
改變預設的首頁檔案
一般情況下預設的首頁檔名有default、index等.不過,有些時候目錄中沒有預設檔案,而是某個特定的檔名,比如在pmwiki中是pmwiki.php.這種情況下,要使用者記住檔名來訪問很麻煩.在.htaccess中可以輕易的設定新的預設檔名:
DirectoryIndex 新的預設檔名
也可以列出多個,順序表明它們之間的優先順序別,例如:
DirectoryIndex filename.html index.cgi index.pl default.htm
防止盜鏈
如果不喜歡別人在他們的網頁上連線自己的圖片、文件的話,也可以透過htaccess的指令來做到.
所需要的指令如下:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
如果覺得讓別人的頁面開個天窗不好看,那可以用一張圖片來代替:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpg)$ http://www.mydomain.com/替代圖片檔名 [R,L]
(3)
.htaccess is a very useful way to accomplish things that HTML and CSS can't, however it is very rarely allowed on free-servers. You should check with your system administrator to make sure that .htaccess is allowed/enabled before trying out these tutorials.
1.error pages: customize your 404 error pages.
We all know what a 404 "Not Found" error page looks like. This tutorial will show you how to make those error pages anything you desire.
First you'll need to create your error pages. Just make some normal HTML pages, one for each error type. The error types and their definitions are:
400: Bad Request. The server doesn't understand the request.
401: Authentication Failed. The password was not accepted.
403: Access Forbidden. Access to the area is forbidden.
404: File Not Found. The requested file could not be found.
500: Internal Server Error. Usually the result of a misconfigured script.
Once you've made your error pages, upload them to a directory called error or something of the sort.
Now the important part. Create a file called htaccess.txt in Notepad. Add these lines to the file:
ErrorDocument 400 http://iiwnet.com/error/400.html
ErrorDocument 401 http://iiwnet.com/error/401.html
ErrorDocument 403 http://iiwnet.com/error/403.html
ErrorDocument 404 http://iiwnet.com/error/404.html
ErrorDocument 500 http://iiwnet.com/error/500.html
Change iiwnet.com to the location of your website. Save the file and upload it to your top-most web directory. Once it's there, rename it with your FTP program to .htaccess - complete with the dot starting it out, and with no .txt extension this time.
If the .htaccess file is in your top-most web directory, then all errors that occur in that directory and all its subdirectories will be referred to the appropriate error page.
That's it! Try it out by going to a page on your website that you know doesn't exist.
2.private directories: password protect your private folders.
Ever wanted a password protected directory? Click here for an example, use kali as your username and green as the password. With .htaccess and .htpasswd you can create as many users and passwords as you need.
To have one of your own, download this cgi script: password.cgi.
To use it, unzip the script and upload it to your cgi-bin.
CHMOD it 755 and run it from your web-browser.
Instructions will be detailed in the script.
3.anti-leech: stop people from linking to your image files.
If you've ever gone through your site logs and found someone hotlinking to your image files, stealing your bandwidth, then you need the following lines in your .htaccess file:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://iiwnet.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.iiwnet.com/.*$ [NC]
RewriteRule .*\.(gif|GIF|jpg|JPG|bmp|BMP)$ - [F]
Change "iiwnet.com" to your own URL, and upload the .htaccess file to the directory containing your images. Once it is in place, only people coming from "iiwnet.com" will be able to view the images; everyone else will only see a broken image placeholder. If you have an image you'd like to display instead of the placeholder, use the version below.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://iiwnet.com/ [NC]
RewriteCond %{HTTP_REFERER} !^http://www.iiwnet.com/ [NC]
RewriteCond %{REQUEST_URI} !^/theif.gif [NC]
RewriteRule \.(gif|GIF|jpg|JPG)$ [R]
"theif.gif" is the image you want to load whenever someone attempts to hotlink an image from your server. You only need to add the RewriteCond %{REQUEST_URI} !^/theif.gif [NC] line if the image you want to load is in a directory that the .htaccess file effects. Otherwise you can remove the line, and it will still function.