.htaccess study notes

Apache's configuration file .htaccess is a difficult and important point. I have never settled down to learn it carefully. I have always thought that the Redirect method belongs to mod_rewrite, and I am confused when using it. I found a very good tutorial today, and while learning it, I wrote down some thoughts.

updated: Continuously correct some minor issues

Source: Comprehensive guide to .htaccess

Officical reference: Directive Quick Reference

1 Introduction Introduction <br />File name.htaccess attribute 644 (RW-R–R–)
htaccess will affect all subdirectories in the directory where it is located. Note that most content is required to be kept within one line and do not wrap. Otherwise, an error will occur.

2 Error Documents Error Documents
Official document: ErrorDocument Directive

ErrorDocument code document
example
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 404 http://yoursite/errors/notfound.html
ErrorDocument 401 “Authorization Required”
(Note that any double quotes that appear later in the content need to be escaped as ")

Common HTTP status codes

Successful Client Requests

200 OK
201 Created
202 Accepted
203 Non-Authorative Information
204 No Content
205 Reset Content
206 Partial Content

Client Request Redirected

300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy

Client Request Errors

400 Bad Request
401 Authorization Required
402 Payment Required (not used yet)
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable (encoding)
407 Proxy Authentication Required
408 Request Timed Out
409 Conflicting Request
410 Gone
411 Content Length Required
412 Precondition Failed
413 Request Entity Too Long
414 Request URI Too Long
415 Unsupported Media Type

Server Errors

500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported

3 Password Protection Password Protection
Official document: Authentication, Authorization and Access Control

Assume the password file is .htpasswd

AuthUserFile /usr/local/safedir/.htpasswd (the full path name must be used here)
AuthName EnterPassword
AuthType Basic

Two common verification methods:
Require userwindix
(Only user windix is ​​allowed to log in)
Require valid-user
(All legal users can log in)

Tip: How to generate a password file using the htpasswd command (included with apache)

A password file needs to be created for the first generation
htpasswd -c .htpasswd user1

Add new users later
htpasswd .htpasswd user2

4 Enabling SSI Via htaccess Allow SSI (Server Side Including) function through htaccess
AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes

DirectoryIndex index.shtml index.html

5 Blocking users by IP Blocking user access based on IP
order allow,deny
deny from 123.45.6.7
deny from 12.34.5. (entire class C address)
allow from all

6 Blocking users/sites by referrer Blocking users/sites based on referrer <br />Requires mod_rewrite module

Example 1. Blocking a single referrer: badsite.com
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite.com [NC]
RewriteRule .* - [F]

Example 2. Block multiple referrers: badsite1.com, badsite2.com
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite1.com [NC,OR]
RewriteCond %{HTTP_REFERER} badsite2.com
RewriteRule .* - [F]

[NC] - Case-insensitive
[F] - 403 Forbidden

Note that the "Options +FollowSymlinks" statement is commented out in the above code. If the server does not set FollowSymLinks in the httpd.conf section, you need to add this sentence, otherwise you will get a "500 Internal Server error" error.

7 Blocking bad bots and site rippers (aka offline browsers) Blocking bad bots and offline browsers <br />Requires mod_rewrite module

Bad crawlers? For example, some crawlers that grab spam email addresses and crawlers that do not comply with robots.txt (such as baidu?)
They can be judged based on HTTP_USER_AGENT
(But there are even more shameless ones like "Zhongsou zhongsou.com" who set their own agent to "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)". They are too rogue and can't do anything.)

RewriteEngineOn
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:[email protected] [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]

[F] - 403 Forbidden
[L] - ?

8 Change your default directory page Change your default directory page
DirectoryIndex index.html index.php index.cgi index.pl

9 Redirects <br />Single file
Redirect /old_dir/old_file.html http://yoursite.com/new_dir/new_file.html

entire directory
Redirect /old_dir http://yoursite.com/new_dir

Effect: Same as moving the directory
http://yoursite.com/old_dir -> http://yoursite.com/new_dir
http://yoursite.com/old_dir/dir1/test.html -> http://yoursite.com/new_dir/dir1/test.html

Tip: Solution to the problem that Redirect cannot redirect when using the user directory

When you use Apache's default user directory, such as http://mysite.com/~windix, and when you want to redirect to http://mysite.com/~windix/jump, you will find that the following Redirect does not work:
Redirect /jump http://www.google.com

The correct way is to change it to
Redirect /~windix/jump http://www.google.com

(source: .htaccess Redirect in “Sites” not redirecting: why?)

10 Prevent viewing of .htaccess file Prevent viewing of .htaccess file

order allow,deny
deny from all

11 Adding MIME Types Adding MIME types
AddType application/x-shockwave-flash swf

Tips: Setting the type to application/octet-stream will prompt you to download

12 Preventing hot linking of images and other file types Anti-hot linking <br />Requires mod_rewrite module

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www/.)?mydomain.com/.*$ [NC]
RewriteRule .(gif|jpg|js|css)$ - [F]

Analysis:
If HTTP_REFERER is not empty (the source is other sites, not directly connected) and if HTTP_REFERER does not start with (www.)mydomain.com (ignore case [NC]) (the source is not this site)
Gives 403 Forbidden error [F] for all files ending with .gif/.jpg/.js/.css

You can also specify a response, as the following example shows a replacement image

RewriteRule .(gif|jpg)$ [R,L]

[R] - Redirect
[L] - Link

13 Preventing Directory Listing Preventing directory listing from being displayed
IndexIgnore*

IndexIgnore *.jpg *.gif

Tips:
Allow directory listing display: Options +Indexes
Disable priest list display: Options -Indexes
Display prompt information: header file HEADER, footer file README