Apache的設定檔.htaccess是個難點,也是個重點。一直都沒安下心好好學,甚至一直以為Redirect方法是屬於mod_rewrite,用到的時候也都是糊里糊塗的。今天找到了一個很好的教程,一邊學,一邊寫點心得。
updated: 不斷修正一些小問題
Source: Comprehensive guide to .htaccess
Officical reference: Directive Quick Reference
1 Introduction 介紹<br />檔名.htaccess 屬性644 (RW-R–R–)
htaccess會影響它所在目錄下的所有子目錄注意大多數內容都要求保持在一行之內,不要換行,否則會造成錯誤
2 Error Documents 錯誤文檔
Official document: ErrorDocument Directive
ErrorDocument code document
例子
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 404 http://yoursite/errors/notfound.html
ErrorDocument 401 “Authorization Required”
(注意之後內容如果出現的雙引號需要轉義為”)
常見HTTP狀態碼
Successful Client Requests
200 OK
201 Created
202 Accepted
203 Non-Authorative Information
204 No Content
205 Reset Content
206 Partial Content
Client Request Redirected
300 Multiple Choices
301 Moved Permanently
302 Moved Temporarily
303 See Other
304 Not Modified
305 Use Proxy
Client Request Errors
400 Bad Request
401 Authorization Required
402 Payment Required (not used yet)
403 Forbidden
404 Not Found
405 Method Not Allowed
406 Not Acceptable (encoding)
407 Proxy Authentication Required
408 Request Timed Out
409 Conflicting Request
410 Gone
411 Content Length Required
412 Precondition Failed
413 Request Entity Too Long
414 Request URI Too Long
415 Unsupported Media Type
Server Errors
500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
505 HTTP Version Not Supported
3 Password Protection 密碼保護
Official document: Authentication, Authorization and Access Control
假設密碼檔為.htpasswd
AuthUserFile /usr/local/safedir/.htpasswd (這裡必須使用全路徑名)
AuthName EnterPassword
AuthType Basic
兩種常見驗證方式:
Require user windix
(僅允許使用者windix登陸)
Require valid-user
(所有合法用戶均可登陸)
Tip: 如何產生密碼檔案使用htpasswd指令(apache自帶)
第一次產生需要建立密碼文件
htpasswd -c .htpasswd user1
之後增加新用戶
htpasswd .htpasswd user2
4 Enabling SSI Via htaccess 透過htaccess允許SSI(Server Side Including)功能
AddType text/html .shtml
AddHandler server-parsed .shtml
Options Indexes FollowSymLinks Includes
DirectoryIndex index.shtml index.html
5 Blocking users by IP 根據IP阻止用戶訪問
order allow,deny
deny from 123.45.6.7
deny from 12.34.5. (整個C類位址)
allow from all
6 Blocking users/sites by referrer 根據referrer阻止使用者/網站存取<br />需要mod_rewrite模組
例1. 阻止單一referrer: badsite.com
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite.com [NC]
RewriteRule .* - [F]
例2. 阻止多個referrer: badsite1.com, badsite2.com
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite1.com [NC,OR]
RewriteCond %{HTTP_REFERER} badsite2.com
RewriteRule .* - [F]
[NC] - 大小寫不敏感(Case-insensite)
[F] - 403 Forbidden
注意以上程式碼註解掉了”Options +FollowSymlinks”這個語句。如果伺服器未在httpd.conf 的段落設定FollowSymLinks, 則需要加上這句,否則會得到」500 Internal Server error」錯誤。
7 Blocking bad bots and site rippers (aka offline browsers) 阻止壞爬蟲和離線瀏覽器<br />需要mod_rewrite模組
壞爬蟲? 例如一些抓垃圾email地址的爬蟲和不遵守robots.txt的爬蟲(如baidu?)
可以根據HTTP_USER_AGENT 來判斷它們
(但是還有更無恥的如”中搜zhongsou.com”之流把自己的agent設置為“Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)” 太流氓了,就無能為力了)
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:[email protected] [OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
RewriteCond %{HTTP_USER_AGENT} ^Download Demon [OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [OR]
RewriteCond %{HTTP_USER_AGENT} ^Website Quester [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
[F] - 403 Forbidden
[L] - ?
8 Change your default directory page 改變預設目錄頁面
DirectoryIndex index.html index.php index.cgi index.pl
9 Redirects 轉向<br />單一文件
Redirect /old_dir/old_file.html http://yoursite.com/new_dir/new_file.html
整個目錄
Redirect /old_dir http://yoursite.com/new_dir
效果: 如同將目錄移動位置一樣
http://yoursite.com/old_dir -> http://yoursite.com/new_dir
http://yoursite.com/old_dir/dir1/test.html -> http://yoursite.com/new_dir/dir1/test.html
Tip: 使用使用者目錄時Redirect不能轉向的解決方法
當你使用Apache預設的使用者目錄,如http://mysite.com/~windix,當你想轉向http://mysite.com/~windix/jump時,你會發現下面這個Redirect不工作:
Redirect /jump http://www.google.com
正確的方法是改成
Redirect /~windix/jump http://www.google.com
(source: .htaccess Redirect in “Sites” not redirecting: why?)
10 Prevent viewing of .htaccess file 防止.htaccess檔案被檢視
order allow,deny
deny from all
11 Adding MIME Types 新增MIME 類型
AddType application/x-shockwave-flash swf
Tips: 設定類型為application/octet-stream 將提示下載
12 Preventing hot linking of images and other file types 防盜鏈<br />需要mod_rewrite模組
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www/.)?mydomain.com/.*$ [NC]
RewriteRule .(gif|jpg|js|css)$ - [F]
解析:
若HTTP_REFERER 非空(來源為其他站點,非直接連接) 且若HTTP_REFERER 非(www.)mydomain.com開頭(忽略大小寫[NC]) (來源非本站)
對於所有含有.gif/.jpg/.js/.css 結尾的檔案給出403 Forbidden 錯誤[F]
也可指定回應,如下例顯示替換圖片
RewriteRule .(gif|jpg)$ [R,L]
[R] - 轉向(Redirect)
[L] - 連接(Link)
13 Preventing Directory Listing 防止目錄清單時顯示
IndexIgnore *
IndexIgnore *.jpg *.gif
Tips:
允許目錄清單顯示: Options +Indexes
禁止牧師列表顯示: Options -Indexes
顯示提示訊息: 頁首檔HEADER, 頁尾文件README