.htaccess files (or "distributed configuration files") provide a way to change configuration for a directory, i.e., place a file containing one or more directives in a specific document directory to affect that directory and all its subdirectories. . As a user, the commands that can be used are restricted. Administrators can set them through Apache's AllowOverride directive.
- Directives in subdirectories override directives in higher-level directories or in the main server configuration file.
- .htaccess must be uploaded in ASCII mode, preferably with its permissions set to 644.
Location of error document
Common client request error return codes:
401 Authorization Required
403 Forbidden
404 Not Found
405 Method Not Allowed
408 Request Timed Out
411 Content Length Required
412 Precondition Failed
413 Request Entity Too Long
414 Request URI Too Long
415 Unsupported Media Type
Common server error return codes:
500 Internal Server Error
Users can use .htaccess to specify their own pre-made error reminder page. In general, people can set up a special directory, such as errors, to place these pages. Then add the following instructions to .htaccess:
ErrorDocument 404 /errors/notfound.html
ErrorDocument 500 /errors/internalerror.html
One instruction per line. The meaning of the first instruction above is for 404, that is, when the required document is not found, the page must be displayed as the notfound.html page in the /errors directory. It is not difficult to see that the syntax format is:
ErrorDocument error code/directory name/file name.extension
If there is very little information to be prompted, there is no need to create a special page and use the HTML number directly in the command, such as the following example:
ErrorDocument 401 "
You do not have permission to access this page, please give up!
"
Password protection of document access
To use .htaccess to set access users and corresponding passwords for documents in a directory, the first thing to do is to generate a .htpasswd text document, for example:
zheng:y4E7Ep8e7EYV
The password here is encrypted, and users can find some tools to encrypt the password into an encoding supported by .htaccess. It is best not to place this document in the www directory. It is recommended to place it outside the www root directory document, which is safer.
With the authorized user document, you can add the following instructions to .htaccess:
Server directory for AuthUserFile .htpasswd
AuthGroupFile /dev/null (directory that requires authorized access)
AuthName EnterPassword
AuthType Basic (authorization type)
require user wsabstract (users allowed to access, if you want all users in the table to be allowed, you can use require valid-user)
Note, the brackets are the comments you added when studying.
Deny access from an IP
If I don't want a certain government department to access the content of my site, I can exclude them by adding the department's IP in .htaccess.
For example:
order allow,deny
deny from 210.10.56.32
deny from 219.5.45.
allow from all
The second line denies a certain IP, and the third line denies a certain IP range, that is, 219.5.45.0~219.2.45.255
Want to reject everyone? Just use deny from all. Not only IP, but also domain name can be used to set it.
Protect .htaccess documents
When using .htaccess to password-protect a directory, it contains the path to the password file. For security reasons, it is necessary to protect .htaccess so that others cannot see its contents. Although this can be done in other ways, such as permissions on the document. However, .htaccess itself can also do it, just add the following directive:
order allow,deny
deny from all
URL redirection
We may redesign the website, move documents, or change the directory. At this time, visits from search engines or links from other websites may go wrong. In this case, you can use the following command to automatically redirect the old URL to the new address:
Redirect /old directory/old document name address of new document
Or redirect the entire directory:
Redirect old directory new directory
Change the default homepage file
Generally, the default homepage file names include default, index, etc. However, sometimes there is no default file in the directory, but a specific file name, such as pmwiki.php in pmwiki. In this case, it is troublesome for the user to remember the file name to access it. New default file names can be easily set in .htaccess:
DirectoryIndex new default file name
Multiple lists can also be listed, with the order indicating the priority between them, for example:
DirectoryIndex filename.html index.cgi index.pl default.htm
Prevent hot links
If you don't like others to link their own pictures and documents on their web pages, you can also do it through the htaccess command.
The required instructions are as follows:
RewriteEngine on
RewriteCond% !^$
RewriteCond % !^http://(www.)?mydomain.com...*$ [NC]
RewriteRule .(gif|jpg)$ - [F]
If you think it doesn’t look good to have a skylight open on someone else’s page, you can use a picture instead:
RewriteEngine on
RewriteCond% !^$
RewriteCond % !^http://(www.)?mydomain.com...*$ [NC]
RewriteRule .(gif|jpg)$ http://www.mydomain.com/replacement image file name [R,L]
source:http://wsabstract.com/howt...