apache.htaccess file details and summary of configuration tips

1.. the basic role of htaccess

           .htaccess is a plain text file containing the Apache server configuration instructions.
           .the main functions of htaccess are: URL rewrite, custom error page, MIME type configuration, and access control. Mainly reflected in the application of pseudo-static, image anti-hotlinking, custom 404 error page, block/allow specific IP/IP section, directory browsing and home page, prohibit access to the specified file type, file password protection, and so on.
           . The scope of use of htaccess is mainly for the current directory.

2. Enable the configuration of.htaccess
enables.htaccess, you need to modify httpd.conf to enable AllowOverride, and you can restrict the use of certain commands with AllowOverride.
Open the httpd.conf file with a text editor and look it up

<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
 To: 
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>

If you need to use a file name other than.htaccess, you can use the AccessFileName directive to change it. For example, if you need to use.config, you can configure it in the server configuration file as follows:

AccessFileName .config

3.. htaccess access control

1. Basic access control: Order command

          htaccess          

<Files  ~ "^.*\.([Ll][Oo][Gg])|([eE][xX][eE])">
 Order allow,deny
 Deny from all
</Files>

Description:

(1) the wavy line after Files means "regular expression" is enabled. < Files * > .

(2) Order command: through the Allow,Deny parameters, Apache first finds and applies the Allow command, then applies the Deny command to block all access, Deny,Allow can also be used.

4. URL rewrite

Here is a simple one-paragraph URL rewrite rule example:

#  will  RewriteEngine  Open mode  
RewriteEngine On 
# Rewrite  Please do not modify the system rules  
RewriteRule ^p/([0-9]+)\.html$ index.php?post_id=$1
RewriteRule ^u-(username|uid)-(.+)\.html$ space.php?$1=$2

Where, RewriteEngine means to turn on URL rewrite, RewriteRule means to rewrite the rule.

5. Configuration error page

The basic syntax is as follows:

# custom error documents
ErrorDocument 401 /err/401.php
ErrorDocument 403 /err/403.php
ErrorDocument 404 /err/404.php
ErrorDocument 500 /err/500.php

6. htaccess common command and configuration tips
1. Disables the display of directory lists
Sometimes, for some reason, you don't have the index file in your directory, which means that when someone types in the directory's path in the browser's address bar, all the files in that directory will show up, leaving a security risk for your site.
To avoid this (instead of creating 1 heap of new index files), you can type the following command in your.htaccess document to prevent it
Display of directory list:

Options -Indexes

2. Block/allow specific IP addresses
In some cases, you may only want to allow certain IP users to access your site (for example, only certain ISP users are allowed to access a certain directory), or you may want to block certain IP addresses (for example, isolate low-level users from your message board). Of course, this is only useful if you know the IP address you want to intercept, but most users on the web today use dynamic IP addresses, so it's not a common way to restrict use.
You can ban 1 IP address using the following command:

deny from 000.000.000.000

000.000.000.000 here is the banned IP address. If you specify only a few of them, you can block the entire segment. If you enter 210.10.56., all IP addresses from 210.10.56.0 to 210.10.56.255 will be blocked.
You can allow 1 IP address to access the site using the following command:

allow from 000.000.000.000

The permitted IP address is 000.000.000.000, and you can allow the entire segment as if you were blocking IP address 1.
If you want to block everyone from accessing the directory, you can use:

deny from all

However, this does not prevent scripts from using the documents in this directory.
Replace the index file
You may not want to use index.htm or index.html directly as the index file of the directory. For example, if your site USES PHP files, you might want to use index.php as an index document for that directory. Of course, you don't have to limit yourself to "index" documents; you can even set foofoo.balh to be your index document if you prefer.
These alternate index files can be arranged into a list, and the server will search from left to right to check which documents exist in the real directory. If none is found, it will display the directory list (unless you have turned off the display directory file list).

DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm

4. Redirection (rewrite)
One of the most useful features of.htaccess is to redirect requests to different documents on or off the same site. This becomes extremely useful if you change the name of a file, but still want the user to access it from the old address. The other application (which I found useful) was to redirect to a long URL, for example in my newsletter I could use a very short URL to point to my member link. Here is an example of a redirection file:

AccessFileName .config

0
In the above example, access to root directory named oldfile.html can be typed:

AccessFileName .config

1
To access files in 1 old subdirectory, type:

/old/oldfile.html

You can also use.htaccess to redirect the entire site directory. If you have a directory called olddirectory on your site, and you have created the same document on a new site called http: ///newdirectory/, you can redirect all the files in the old directory once without having to declare:

Redirect /olddirectory http:　///newdirectory

In this way, any requests to the /olddirectory directory in the destination will be redirected to the new site, including additional URL information. For example, someone types in:

AccessFileName .config

4
The request will be redirected to:

AccessFileName .config

5
This is extremely powerful if used correctly.

7. Security configuration
The htaccess code below can improve the security level of your web server. Image link theft protection is very useful to prevent others from stealing and using the image resources on your server.
1. Put hotlinking through.htaccess
Hate it when you use up your bandwidth by stealing images from your web server? Try this. You can prevent this from happening.

AccessFileName .config

6
2. Prevent hackers
If you want to improve the security level of your website, you can remove the following lines of code, which can prevent some common malicious URL matching hacker attack techniques.

AccessFileName .config

7
Block access to your.htaccess file or files of the specified type
The following code blocks access to your.htaccess file. Also, you can configure to block multiple file types.
Protect your htaccess file  
< Files .htaccess >  
order allow,deny  
deny from all  
< /Files >  

Prevents viewing the specified file  
< Files secretfile.jpg >  
order allow,deny  
deny from all  
< /Files >  

Multiple file types  
< FilesMatch ". (htaccess | htpasswd | ini | phps | fla | psd | log | sh) $" >  
  Order Allow,Deny  
Deny from all  
< /FilesMatch > [/code]
4. Disable script execution to enhance your directory security

AccessFileName .config

8

8.1 some common Settings
1. Time zone Settings
Sometimes, when you use the date or mktime functions in PHP, it will display some very strange information depending on the time zone. Here's one way to solve the problem. This is to set the time zone of your server. You can find a list of all supported time zones here.
1.SetEnv TZ Australia/Melbourne
2. seo/seo.html" target="_blank" > Search engine friendly 301 permanent redirection method
Why is this search engine friendly? Because many modern search engines now have the ability to update their existing records by checking for permanent changes to 301.

AccessFileName .config

9
3. Block the download dialog
Usually, when you download something, you will see a dialog asking you to keep the file or open it. If you don't want to see this, you can put the following 1 piece of code in your.htaccess file.

<Files  ~ "^.*\.([Ll][Oo][Gg])|([eE][xX][eE])">
 Order allow,deny
 Deny from all
</Files>

0
4. Leave out the www prefix
One rule of SEO is to make sure your site has only one URL. Therefore, you need to redirect all access via www to non-www, or vice versa.

RewriteEngine On  
RewriteBase /  
RewriteCond %{HTTP_HOST} ^www.aqee.net [NC]  
RewriteRule ^(.*)$ http://aqee.net/$1 [L,R=301]

Personalize the Error page
Customize your own personalized error page for each error code.

ErrorDocument 401 /error/401.php  
ErrorDocument 403 /error/403.php  
ErrorDocument 404 /error/404.php  
ErrorDocument 500 /error/500.php 

Compress files
Optimize the speed of your site by compressing your files.

#  The compression  text, html, javascript, css, xml:  
AddOutputFilterByType DEFLATE text/plain  
AddOutputFilterByType DEFLATE text/html  
AddOutputFilterByType DEFLATE text/xml  
AddOutputFilterByType DEFLATE text/css  
AddOutputFilterByType DEFLATE application/xml  
AddOutputFilterByType DEFLATE application/xhtml+xml  
AddOutputFilterByType DEFLATE application/rss+xml  
AddOutputFilterByType DEFLATE application/javascript  
.AddOutputFilterByType DEFLATE application/x-javascript  

7. Cache files
Caching files is another great way to speed up your site.

<FilesMatch  " .(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$ " >  
Header set Cache-Control  " max-age=2592000 "   
</FilesMatch>  

8. Caching is prohibited for certain file types
On the other hand, you can also customize to disable caching for certain file types.

#  Explicit rules prohibit caching for scripts and other dynamic files   
<FilesMatch  " .(pl|php|cgi|spl|scgi|fcgi)$ " >  
Header unset Cache-Control  
</FilesMatch>