document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2025-01-22 23:00:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Translated] sources/tech/20150127 25 Useful Apache '.htaccess' Tricks to Secure and Customize Websites.md

Browse Source
This commit is contained in:
ictlyh 2015-06-26 19:37:39 +08:00
parent 01c1036b1a
commit e81d5f0aa7
2 changed files with 422 additions and 423 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

423
sources/tech/20150127 25 Useful Apache '.htaccess' Tricks to Secure and Customize Websites.md
View File

@ -1,423 +0,0 @@
ictlyh Translating
25 Useful Apache .htaccess Tricks to Secure and Customize Websites
================================================================================
Websites are important parts of our lives. They serve the means to expand businesses, share knowledge and lots more. Earlier restricted to providing only static contents, with introduction of dynamic client and server side scripting languages and continued advancement of existing static language like html to html5, adding every bit of dynamicity is possible to the websites and what left is expected to follow soon in near future.
With websites, comes the need of a unit that can display these websites to a huge set of audience all over the globe. This need is fulfilled by the servers that provide means to host a website. This includes a list of servers like: Apache HTTP Server, Joomla, and WordPress that allow one to host their websites.
![Apache htaccess Tricks](http://www.tecmint.com/wp-content/uploads/2015/01/htaccess-tricks.jpg)
25 htaccess Tricks
One who wants to host a website can create a local server of his own or can contact any of above mentioned or any another server administrator to host his website. But the actual issue starts from this point. Performance of a website depends mainly on following factors:
- Bandwidth consumed by the website.
- How secure is the website against hackers.
- Optimism when it comes to data search through the database
- User-friendliness when it comes to displaying navigation menus and providing more UI features.
Alongside this, various factors that govern success of servers in hosting websites are:
- Amount of data compression achieved for a particular website.
- Ability to simultaneously serve multiple clients asking for a same or different website.
- Securing the confidential data entered on the websites like: emails, credit card details and so on.
- Allowing more and more options to enhance dynamicity to a website.
This article deals with one such feature provided by the servers that help enhance performance of websites along with securing them from bad bots, hotlinks etc. i.e. .htaccess file.
### What is .htaccess? ###
htaccess (or hypertext access) are the files that provide options for website owners to control the server environment variables and other parameters to enhance functionality of their websites. These files can reside in any and every directory in the directory tree of the website and provide features to the directory and the files and folders inside it.
What are these features? Well these are the server directives i.e. the lines that instruct server to perform a specific task, and these directives apply only to the files and folders inside the folder in which this file is placed. These files are hidden by default as all Operating System and the web servers are configured to ignore them by default but making the hidden files visible can make you see this very special file. What type of parameters can be controlled is the topic of discussion of subsequent sections.
Note: If .htaccess file is placed in /apache/home/www/Gunjit/ directory then it will provide directives for all the files and folders in that directory, but if this directory contains another folder namely: /Gunjit/images/ which again has another .htaccess file then the directives in this folder will override those provided by the master .htaccess file (or file in the folder up in hierarchy).
### Apache Server and .htaccess files ###
Apache HTTP Server colloquially called Apache was named after a Native American Tribe Apache to respect its superior skills in warfare strategy. Build on C/C++ and XML it is cross-platform web server which is based on NCSA HTTPd server and has a key role in growth and advancement of World Wide Web.
Most commonly used on UNIX, Apache is available for wide variety of platforms including FreeBSD, Linux, Windows, Mac OS, Novel Netware etc. In 2009, Apache became the first server to serve more than 100 million websites.
Apache server has one .htaccess file per user in www/ directory. Although these files are hidden but can be made visible if required. In www/ directory there are a number of folders each pertaining to a website named on users or owners name. Apart from this you can have one .htaccess file in each folder which configured files in that folder as stated above.
How to configure htaccess file on Apache server is as follows…
### Configuration on Apache Server ###
There can be two cases:
#### Hosting website on own server ####
In this case, if .htaccess files are not enabled, you can enable .htaccess files by simply going to httpd.conf (Default configuration file for Apache HTTP Daemon) and finding the <Directories> section.
<Directory "/var/www/htdocs">
And locate the line that says…
AllowOverride None
And correct it to.
AllowOverride All
Now, on restarting Apache, .htaccess will work.
#### Hosting website on different hosting provider server ####
In this case it is better to consult the hosting admin, if they allow access to .htaccess files.
### 25 .htaccess Tricks of Apache Web Server for Websites ###
#### 1. How to enable mod_rewrite in .htaccess file ####
mod_rewrite option allows you to use redirections and hiding your true URL with redirecting to some other URL. This option can prove very useful allowing you to replace the lengthy and long URLs to short and easy to remember ones.
To allow mod_rewrite just have a practice to add the following line as the first line of your .htaccess file.
Options +FollowSymLinks
This option allows you to follow symbolic links and thus enable the mod_rewrite option on the website. Replacing the URL with short and crispy one is presented later on.
#### 2. How to Allow or Deny Access to Websites ####
htaccess file can allow or deny access of website or a folder or files in the directory in which it is placed by using order, allow and deny keywords.
**Allowing access to only 192.168.3.1 IP**
Order Allow, Deny
Deny from All
Allow from 192.168.3.1
OR
Order Allow, Deny
Allow from 192.168.3.1
Order keyword here specifies the order in which allow, deny access would be processed. For the above Order statement, the Allow statements would be processed first and then the deny statements would be processed.
**Denying access to only one IP Address**
The below lines provide the means to allow access of the website to all the users accept one with IP Address: 192.168.3.1.
rder Allow, Deny
Deny from 192.168.3.1
Allow from All
OR
Order Deny, Allow
Deny from 192.168.3.1
#### 3. Generate Apache Error documents for different error codes. ####
Using some simple lines, we can fix the error document that run on different error codes generated by the server when user/client requests a page not available on the website like most of us would have seen the 404 Page not found page in their web browser. .htaccess files specify what action to take in case of such error conditions.
To do this, the following lines are needed to be added to the .htaccess files:
ErrorDocument <error-code> <path-of-document/string-representing-html-file-content>
ErrorDocument is a keyword, error-code can be any of 401, 403, 404, 500 or any valid error representing code and lastly, path-of-document represents the path on the local machine (in case you are using your own local server) or on the server (in case you are using any others server to host your website).
**Example:**
ErrorDocument 404 /error-docs/error-404.html
The above line sets the document error-404.html placed in error-docs folder to be displayed in case the 404 error is reported by the server for any invalid request for a page by the client.
rrorDocument 404 "<html><head><title>404 Page not found</title></head><body><p>The page you request is not present. Check the URL you have typed</p></body></html>"
The above representation is also correct which places the string representing a usual html file.
#### 4. Setting/Unsetting Apache server environment variables ####
In .htaccess file you can set or unset the global environment variables that server allow to be modified by the hosters of the websites. For setting or unsetting the environment variables you need to add the following lines to your .htaccess files.
**Setting the Environment variables**
SetEnv OWNER “Gunjit Khera”
Unsetting the Environment variables
UnsetEnv OWNER
#### 5. Defining different MIME types for files ####
MIME (Multipurpose Internet Multimedia Extensions) are the types that are recognized by the browser by default when running any web page. You can define MIME types for your website in .htaccess files, so that different types of files as defined by you can be recognized and run by the server.
<IfModule mod_mime.c>
AddType application/javascript js
AddType application/x-font-ttf ttf ttc
</IfModule>
Here, mod_mime.c is the module for controlling definitions of different MIME types and if you have this module installed on your system then you can use this module to define different MIME types for different extensions used in your website so that server can understand them.
#### 6. How to Limit the size of Uploads and Downloads in Apache ####
.htaccess files allow you the feature to control the amount of data being uploaded or downloaded by a particular client from your website. For this you just need to append the following lines to your .htaccess file:
php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200
The above lines set maximum upload size, maximum size of data being posted, maximum execution time i.e. the maximum time the a user is allowed to execute a website on his local machine, maximum time constrain within on the input time.
#### 7. Making Users to download .mp3 and other files before playing on your website. ####
Mostly, people play songs on websites before downloading them to check the song quality etc. Being a smart seller you can add a feature that can come in very handy for you which will not let any user play songs or videos online and users have to download them for playing. This is very useful as online playing of songs and videos consumes a lot of bandwidth.
Following lines are needed to be added to be added to your .htaccess file:
AddType application/octet-stream .mp3 .zip
#### 8. Setting Directory Index for Website ####
Most of website developers would already know that the first page that is displayed i.e. the home page of a website is named as index.html .Many of us would have seen this also. But how is this set?
.htaccess file provides a way to list a set of pages which would be scanned in order when a client requests to visit home page of the website and accordingly any one of the listed set of pages if found would be listed as the home page of the website and displayed to the user.
Following line is needed to be added to produce the desired effect.
DirectoryIndex index.html index.php yourpage.php
The above line specifies that if any request for visiting the home page comes by any visitor then the above listed pages will be searched in order in the directory firstly: index.html which if found will be displayed as the sites home page, otherwise list will proceed to the next page i.e. index.php and so on till the last page you have entered in the list.
#### 9. How to enable GZip compression for Files to save sites bandwidth. ####
This is a common observation that heavy sites generally run bit slowly than light weight sites that take less amount of space. This is just because for a heavy site it takes time to load the huge script files and images before displaying them on the clients web browser.
This is a common mechanism that when a browser requests a web page, server provides the browser with that webpage and now to locally display that web page, the browser has to download that page and then run the script inside that page.
What GZip compression does here is saving the time required to serve a single customer thus increasing the bandwidth. The source files of the website on the server are kept in compressed form and when the request comes from a user then these files are transferred in compressed form which are then uncompressed and executed on the server. This improves the bandwidth constrain.
Following lines can allow you to compress the source files of your website but this requires mod_deflate.c module to be installed on your server.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/html
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
#### 10. Playing with the File types. ####
There are certain conditions that the server assumes by default. Like: .php files are run on the server, similarly .txt files say for example are meant to be displayed. Like this we can make some executable cgi-scripts or files to be simply displayed as the source code on our website instead of being executed.
To do this observe the following lines from a .htaccess file.
RemoveHandler cgi-script .php .pl .py
AddType text/plain .php .pl .py
These lines tell the server that .pl (perl script), .php (PHP file) and .py (Python file) are meant to just be displayed and not executed as cgi-scripts.
#### 11. Setting the Time Zone for Apache server ####
The power and importance of .htaccess files can be seen by the fact that this can be used to set the Time Zone of the server accordingly. This can be done by setting a global Environment variable TZ of the list of global environment variables that are provided by the server to each of the hosted website for modification.
Due to this reason only, we can see time on the websites (that display it) according to our time zone. May be some other person hosting his website on the server would have the timezone set according to the location where he lives.
Following lines set the Time Zone of the Server.
SetEnv TZ India/Kolkata
#### 12. How to enable Cache Control on Website ####
A very interesting feature of browser, most have observed is that on opening one website simultaneously more than one time, the latter one opens fast as compared to the first time. But how is this possible? Well in this case, the browser stores some frequently visited pages in its cache for faster access later on.
But for how long? Well this answer depends on you i.e. on the time you set in your .htaccess file for Cache control. The .htaccess file can specify the amount of time for which the pages of website can stay in the browsers cache and after expiration of time, it must revalidate i.e. pages would be deleted from the Cache and recreated the next time user visits the site.
Following lines implement Cache Control for your website.
<FilesMatch "\.(ico|png|jpeg|svg|ttf)$">
Header Set Cache-Control "max-age=3600, public"
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header Set Cache-Control "public"
Header Set Expires "Sat, 24 Jan 2015 16:00:00 GMT"
</FilesMatch>
The above lines allow caching of the pages which are inside the directory in which .htaccess files are placed for 1 hour.
#### 13. Configuring a single file, the <files> option. ####
Usually the content in .htaccess files apply to all the files and folders inside the directory in which the file is placed, but you can also provide some special permissions to a special file, like denying access to that file only or so on.
For this you need to add <File> tag to your file in a way like this:
<files conf.html="">
Order allow, deny
Deny from 188.100.100.0
</files>
This is a simple case of denying a file conf.html from access by IP 188.100.100.0, but you can add any or every feature described for .htaccess file till now including the features yet to be described to the file like: Cache-control, GZip compression.
This feature is used by most of the servers to secure .htaccess files which is the reason why we are not able to see the .htaccess files on the browsers. How the files are authenticated is demonstrated in subsequent heading.
#### 14. Enabling CGI scripts to run outside of cgi-bin folder. ####
Usually servers run CGI scripts that are located inside the cgi-bin folder but, you can enable running of CGI scripts located in your desired folder but just adding following lines to .htaccess file located in the desired folder and if not, then creating one, appending following lines:
AddHandler cgi-script .cgi
Options +ExecCGI
#### 15. How to enable SSI on Website with .htaccess ####
Server side includes as the name suggests would be related to something included at the server side. But what? Generally when we have many pages in our website and we have a navigation menu on our home page that displays links to other pages then, we can enable SSI (Server Size Includes) option that allows all the pages displayed in the navigation menu to be included with the home page completely.
The SSI allows inclusion of multiple pages as if content they contain is a part of a single page so that any editing needed to be done is done in one file only which saves a lot of disk space. This option is by default enabled on servers but for .shtml files.
In case you want to enable it for .html files you need to add following lines:
AddHandler server-parsed .html
After this following in the html file would lead to SSI.
<!--#inlcude virtual= “gk/document.html”-->
#### 16. How to Prevent website Directory Listing ####
To prevent any client being able to list the directories of the website on the server at his local machine add following lines to the file inside the directory you dont want to get listed.
Options -Indexes
#### 17. Changing Default charset and language headers. ####
.htaccess files allow you to modify the character set used i.e. ASCII or UNICODE, UTF-8 etc. for your website along with the default language used for the display of content.
Following servers global environment variables allow you to achieve above feature.
AddDefaultCharset UTF-8
DefaultLanguage en-US
**Re-writing URLs: Redirection Rules**
Re-writing feature simply means replacing the long and un-rememberable URLs with short and easy to remember ones. But, before going into this topic there are some rules and some conventions for special symbols used later on in this article.
**Special Symbols:**
Symbol Meaning
^ - Start of the string
$ - End of the String
| - Or [a|b] a or b
[a-z] - Any of the letter between a to z
+ - One or more occurrence of previous letter
* - Zero or more occurrence of previous letter
? - Zero or one occurrence of previous letter
**Constants and their meaning:**
Constant Meaning
NC - No-case or case sensitive
L - Last rule stop processing further rules
R - Temporary redirect to new URL
R=301 - Permanent redirect to new URL
F - Forbidden, send 403 header to the user
P - Proxy grab remote content in substitution section and return it
G - Gone, no longer exists
S=x - Skip next x rules
T=mime-type - Force specified MIME type
E=var:value - Set environment variable var to value
H=handler - Set handler
PT - Pass through in case of URLs with additional headers.
QSA - Append query string from requested to substituted URL
#### 18. Redirecting a non-www URL to a www URL. ####
Before starting with the explanation, lets first see the lines that are needed to be added to .htaccess file to enable this feature.
RewriteEngine ON
RewriteCond %{HTTP_HOST} ^abc\.net$
RewriteRule (.*) http://www.abc.net/$1 [R=301,L]
The above lines enable the Rewrite Engine and then in second line check all those URLs that pertain to host abc.net or have the HTTP_HOST environment variable set to “abc.net”.
For all such URLs the code permanently redirects them (as R=301 rule is enabled) to the new URL http://www.abc.net/$1 where $1 is the non-www URL having host as abc.net. The non-www URL is the one in bracket and is referred by $1.
#### 19. Redirecting entire website to https. ####
Following lines will help you transfer entire website to https:
RewriteEngine ON
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
The above lines enable the re-write engine and then check the value of HTTPS environment variable. If it is on then re-write the entire pages of the website to https.
#### 20. A custom redirection example ####
For example, redirect url http://www.abc.net?p=100&q=20 to http://www.abc.net/10020pq.
RewriteEngine ON
RewriteRule ^http://www.abc.net/([0-9]+)([0-9]+)pq$ ^http://www.abc.net?p=$1&q=$2
In above lines, $1 represents the first bracket and $2 represents the second bracket.
#### 21. Renaming the htaccess file ####
For preventing the .htaccess file from the intruders and other people from viewing those files you can rename that file so that it is not accessed by clients browser. The line that does this is:
AccessFileName htac.cess
#### 22. How to Prevent Image Hotlinking for your Website ####
Another problem that is major factor of large bandwidth consumption by the websites is the problem of hot links which are links to your websites by other websites for display of images mostly of your website which consumes your bandwidth. This problem is also called as bandwidth theft.
A common observation is when a site displays the image contained in some other site due to this hot-linking your site needs to be loaded and at the stake of your sites bandwidth, the other sites images are displayed. To prevent this for like: images such as: .gif, .jpeg etc. following lines of code would help:
RewriteEngine ON
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpeg|png)$ - [F].
The above lines check if the HTTP_REFERER is not set to blank or not set to any of the links in your websites. If this is happening then all the images in your page are replaced by 403 forbidden.
#### 23. How to Redirect Users to Maintenance Page. ####
In case your website is down for maintenance and you want to notify all your clients that need to access your websites about this then for such cases you can add following lines to your .htaccess websites that allow only admin access and replace the site pages having links to any .jpg, .css, .gif, .js etc.
RewriteCond %{REQUEST_URI} !^/admin/ [NC]
RewriteCond %{REQUEST_URI} !^((.*).css|(.*).js|(.*).png|(.*).jpg) [NC]
RewriteRule ^(.*)$ /ErrorDocs/Maintainence_Page.html
[NC,L,U,QSA]
These lines check if the Requested URL contains any request for any admin page i.e. one starting with /admin/ or any request to .png, .jpg, .js, .css pages and for any such requests it replaces that page to ErrorDocs/Maintainence_Page.html.
#### 24. Mapping IP Address to Domain Name ####
Name servers are the servers that convert a specific IP Address to a domain name. This mapping can also be specified in the .htaccess files in the following manner.
For Mapping L.M.N.O address to a domain name www.hellovisit.com
RewriteCond %{HTTP_HOST} ^L\.M\.N\.O$ [NC]
RewriteRule ^(.*)$ http://www.hellovisit.com/$1 [L,R=301]
The above lines check if the host for any page is having the IP Address as: L.M.N.O and if so the page is mapped to the domain name http://www.hellovisit.com by the third line by permanent redirection.
#### 25. FilesMatch Tag ####
Like <files> tag that is used to apply conditions to a single file, <FilesMatch> can be used to match to a group of files and apply some conditions to the group of files as below:
<FilesMatch \.(png|jpg)$”>
Order Allow, Deny
Deny from All
</FilesMatch>
### Conclusion ###
The list of tricks that can be done with .htaccess files is much more. Thus, this gives us an idea how powerful this file is and how much security and dynamicity and other features it can give to your website.
Weve tried our best to cover as much as htaccess tricks in this article, but incase if weve missed any important trick, or you most welcome to post your htaccess ideas and tricks that you know via comments section below we will include those in our article too…
--------------------------------------------------------------------------------
via: http://www.tecmint.com/apache-htaccess-tricks/
作者:[Gunjit Khera][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gunjitk94/

422
translated/tech/20150127 25 Useful Apache '.htaccess' Tricks to Secure and Customize Websites.md Normal file
View File

@ -0,0 +1,422 @@
用于提高网站安全性和自定义网站的 25 个有用 Apache .htaccess 小技巧
================================================================================
网站是我们生活中重要的一部分。它们是实现扩大业务、分享知识以及其它更多功能的方式。之前受制于只能提供静态内容,随着动态客户端和服务器端脚本语言的引入和现有静态语言的持续改进,例如从 html 到 html5动态网站成为可能剩下的也许在不久的将来也会实现。
有了网站随之而来的是对能向全球大规模用户显示站点的单元的需求。这个需求通过托管网站的服务器实现。这包括一系列的服务器例如Apache HTTP Server、Joomla 以及 允许个人拥有自己网站的 WordPress。
![Apache htaccess 小技巧](http://www.tecmint.com/wp-content/uploads/2015/01/htaccess-tricks.jpg)
25 个 htaccess 小技巧
想要拥有一个网站,可以创建一个自己的本地服务器,或者联系任何上面提到的或其它服务器管理员来托管他的网站。但实际问题也从这点开始。网站的性能主要取决于以下因素:
- 网站消耗的带宽。
- 针对黑客网站有多安全。
- 对数据库进行数据检索时的优化。
- 显示导航菜单和提供更多 UI 功能时的用户友好性。
除此之外,保证托管网站服务器成功的多种因素还包括:
- 对于一个流行站点的数据压缩量。
- 同时为多个请求同一或不同站点的用户服务的能力。
- 保证网站上输入的机密数据安全例如Email、信用卡信息等等。
- 允许更多的选项用于增强站点的动态性。
这篇文章讨论一个服务器提供的用于增强网站性能和提高针对坏机器人、热链接等的安全性的功能。例如 .htaccess 文件。
### .htaccess 是什么? ###
htaccess (hypertext access超文本访问) 是为网站所有者提供用于控制服务器环境变量以及其它参数的选项,从而增强他们网站的功能的文件。这些文件可以在网站目录树的任何一个目录中,并向该目录以及目录中的文件和子目录提供功能。
这些功能是什么呢?其实这些是服务器的指令,例如命令服务器执行特定任务的行,这些命令只对该文件所在目录中的文件和子目录有效。这些文件默认是隐藏的,因为所有操作系统和网站服务器默认配置为忽略。但让隐藏文件可见可以让你看到这些特殊文件。后续章节的话题将讨论能控制什么类型的参数。
注意:如果 .htaccess 文件保存在 /apache/home/www/Gunjit/ 目录,那么它会向该目录中的所有文件和子目录提供命令,但如果该目录包含一个名为 /Gunjit/images/ 子目录,且该子目录中也有一个 .htaccess 文件,那么这个子目录中的命令会覆盖父目录中 .htaccess 文件(或者层次结构中更上层文件)提供的命令。
### Apache Server 和 .htaccess 文件 ###
Apache HTTP Server 俗称为 Apache是为了表示对一个有卓越战争策略技能的美洲土著部落的尊敬而命名。它是用 C/C++ 和 XML 建立的基于 [NCSA HTTPd 服务器][1] 的跨平台 Web 服务器,它在万维网的成长和发展中起到了关键作用。
最常用于 UNIXApache 也能用于多种平台,包括 FreeBSD、Linux、Windows、Mac OS、Novel Netware 等。在 2009 年Apache 成为第一个为超过一亿站点提供服务的服务器。
Apache 服务器对于 www/ 目录中的每个用户有一个单独的 .htaccess 文件。尽管这些文件是隐藏的,但如果需要的话可以使它们可见。在 www/ 目录中有很多子目录,每个子目录通过用户名或所有者名称命名,包含了一个站点。除此之外你可以在每个子目录中有一个 .htaccess 文件,像之前所述用于配置子目录中的文件。
下面介绍如果配置 Apache 服务器上的 htaccess 文件。
### Apache 服务器上的配置 ###
这里有两种情况:
#### 在自己的服务器上托管网站 ####
在这种情况下,如果没有启用 .htaccess 文件,你可以通过在 http.conf(Apache HTTP 守护进程的默认配置文件) 中找到 <Directories> 部分启用。
<Directory "/var/www/htdocs">
定位如下行
AllowOverride None
更改为
AllowOverride All
现在,重启 Apache 后就启用了 .htaccess。
#### 在不同的托管服务提供商的服务器上托管网站 ####
在这种情况下最好咨询托管管理员,如果他们允许访问 .htaccess 文件的话。
### 用于站点的 25 个 Apache Web 服务器 .htaccess 小技巧 ###
#### 1. 如何在 .htaccess 文件中启用 mod_rewrite ####
mod_rewrite 选项允许你使用重定向并通过重定向到其它 URL 隐藏你真实的 URL。这个选项非常有用允许你用短的容易记忆的 URL 替换长 URL。
要允许 mod_rewrite只需要在你的 .htaccess 文件的第一行添加如下一行。
Options +FollowSymLinks
该选项允许你跟踪符号链接从而在站点中启用 mod_rewrite。后面会介绍用短 URL 替换。
#### 2. 如果允许或禁止对站点的访问 ####
通过使用 order、allow 和 deny 关键字htaccess 文件可以允许或者禁止对站点或目录中子目录或文件的访问。
**只允许 IP 192.168.3.1 的访问**
Order Allow, Deny
Deny from All
Allow from 192.168.3.1
Order Allow, Deny
Allow from 192.168.3.1
这里的 Order 关键字指定处理 allow 和 deny 访问的顺序。对于上面的 Order 语句,首先会处理 Allow 语句,然后是 deny 语句。
**只禁止某个 IP 的访问**
下面一行的意思是除了 IP 地址 192.168.3.1,允许所有用户访问网站。
Order Allow, Deny
Deny from 192.168.3.1
Allow from All
Order Deny, Allow
Deny from 192.168.3.1
#### 3. 为不同错误码生成 Apache 错误文档 ####
用一些简单行,我们可以解决当用户/客户端请求一个站点上不可用的网页时服务器产生的错误码的错误文档,例如我们大部分人见过的浏览器中显示的 404 Page not found.htaccess 文件指定了发生这些错误情况时采取何种操作。
要做到这点,需要添加下面的行到 .htaccess 文件:
ErrorDocument <error-code> <path-of-document/string-representing-html-file-content>
ErrorDocument 是一个关键字error-code 可以是 401、403、404、500 或任何有效的表示错误的代码,最后 path-of-document 表示本地机器上的路径(如果你使用的是你自己的本地服务器) 或 服务器上的路径(如果你使用任何其它服务器来托管网站)。
**例子:**
ErrorDocument 404 /error-docs/error-404.html
上面一行设置客户请求任何无效页面,服务器报告 404 错误时显示 error-docs 目录下的 error-404.html 文档。
ErrorDocument 404 "<html><head><title>404 Page not found</title></head><body><p>The page you request is not present. Check the URL you have typed</p></body></html>"
上面的表示也正确,其中字符串表示一个普通的 html 文件。
#### 4. 设置/取消 Apache 服务器环境变量 ####
在 .htaccess 文件中你可以设置或者取消站点所有者用来更改服务器设置的全局环境变量。要设置或取消环境变量,你需要在你的 .htaccess 文件中添加下面的行。
**设置环境变量**
SetEnv OWNER “Gunjit Khera”
**取消环境变量**
UnsetEnv OWNER
#### 5. 为文件定义不同 MIME 类型 ####
MIME(Multipurpose Internet Multimedia Extensions,,多用途 Internet 多媒体扩展) 是浏览器运行任何页面默认能识别的类型。你可以在 .htaccess 文件中为你的站点定义 MIME 类型,然后服务器就可以识别你定义的类型的文件并运行。
<IfModule mod_mime.c>
AddType application/javascript js
AddType application/x-font-ttf ttf ttc
</IfModule>
这里mod_mime.c 是用于控制定义不同 MIME 类型的模块,如果在你的系统中已经安装了这个模块,那么你就可以用该模块去为你站点中不同的扩展定义不同的 MIME 类型,从而服务器可以理解这些文件。
#### 6. 如何在 Apache 中限制上传和下载的大小 ####
.htaccess 文件允许你拥有控制一个特定用户从你的站点上传或下载数据量大小的功能。要做到这点你只需要添加下面的行到你的 .htaccess 文件:
php_value upload_max_filesize 20M
php_value post_max_size 20M
php_value max_execution_time 200
php_value max_input_time 200
上面的行设置最大上传大小、最大推送数据大小、最大执行时间,例如允许用户在本地机器运行站点的最大时间、限制的最大输入时间。
#### 7. 让用户在站点上播放 .mp3 和其它文件之前预先下载 ####
大部分情况下,人们在下载检查音乐质量之前会在网站上播放等等。作为一个聪明的销售者,你可以添加一个简单的功能,不允许任何用户在线播放音乐或视频,而是必须下载后才能播放。这非常有用,因为在线播放音乐和视频会消耗很多带宽。
要添加下面的行到你的 .htaccess 文件:
AddType application/octet-stream .mp3 .zip
#### 8. 为站点设置目录索引 ####
大部分网站开发者都知道第一个显示的页面,例如一个站点的主页面,被命名为 index.html。我们大部分也见过这个。但是如何设置呢
.htaccess 文件提供了一种方式用于列出一个客户端请求访问网站的主页面时会顺序扫描的一些网页集,相应地如果找到了列出的页面中的任何一个就会作为站点的主页面并显示给用户。
需要添加下面的行产生所需的效果。
DirectoryIndex index.html index.php yourpage.php
上面一行指定如果有任何访问主页面的请求到来,首先会在目录中顺序搜索上面列出的网页:如果发现了 index.html 则显示为主页面,否则会处理下一个页面,例如 index.php如此直到你在列表中输入的最后一个页面。
#### 9. 如何为文件启用 GZip 压缩以节省网站带宽 ####
繁重站点通常比只占少量空间的轻量级站点运行更慢是常见的现象。这是因为对于繁重站点需要时间加载大量的脚本文件和图片用于在客户端的 Web 浏览器上显示。
当浏览器请求一个 web 页面时,服务器提供给浏览器该页面并局部显示该 web 页面,浏览器需要下载该页面然后在页面内部运行脚本,这是一种常见机制。
这里 GZip 压缩所做的就是节省单个用户的服务时间从而提高带宽。服务器上站点的源文件以压缩形式保存,当用户请求到来的时候,这些文件以压缩形式传送,然后在服务器上解压并执行。这改进了带宽限制。
下面的行允许你压缩站点的源文件,但要求在你的服务器上安装 mod_deflate.c 模块。
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE application/html
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
</IfModule>
#### 10. 处理文件类型 ####
服务器默认的有一些特定情况。例如:在服务器上运行 .php 文件,显示 .txt 文件。像这些我们可以以源代码形式只显示一些可执行 cgi 脚本或文件而不是执行它们。
要做到这点在 .htaccess 文件中有如下行。
RemoveHandler cgi-script .php .pl .py
AddType text/plain .php .pl .py
这些行告诉服务器只显示而不执行 .pl (perl 脚本)、.php (PHP 文件) 和 .py (Python 文件) 。
#### 11. 为 Apache 服务器设置时区 ####
.htaccess 文件可用于为服务器设置时区可以看出它的能力和重要性。这可以通过设置一个服务器为每个托管站点提供的一系列全局环境变量中的 TZ 完成。
由于这个原因,我们可以在网站上看到根据我们的时区显示的时间。也许服务器上其他拥有网站的人会根据他居住地点的位置设置时区。
下面的一行为服务器设置时区。
SetEnv TZ India/Kolkata
#### 12. 如果在站点上启用缓存控制 ####
浏览器很有趣的一个功能是,已经观察到多次同时打开一个网站,和第一次打开相比之后会更快。但为什么会这样呢?事实上,浏览器在它的缓存中保存了一些通常访问的页面用于加快后面的访问。
但保存多长时间呢?这取决于你自己。例如,你的 .htaccess 文件中设置的缓存控制时间。.htaccess 文件指定了站点的网页可以在浏览器缓存中保存的时间,时间到期后需要重新验证,例如页面会从缓存中删除然后在下次用户访问站点的时候重建。
下面的行为你的站点实现缓存控制。
<FilesMatch "\.(ico|png|jpeg|svg|ttf)$">
Header Set Cache-Control "max-age=3600, public"
</FilesMatch>
<FilesMatch "\.(js|css)$">
Header Set Cache-Control "public"
Header Set Expires "Sat, 24 Jan 2015 16:00:00 GMT"
</FilesMatch>
上面的行允许缓存 .htaccess 文件所在目录中的页面一小时。
#### 13. <files> 配置单个文件 ####
通常 .htaccess 文件中的内容会对该文件所在目录中的所有文件和子目录起作用,但是你也可以对特殊文件设置一些特殊权限,例如只禁止对某个文件的访问等等。
要做到这点,你需要在文件中以类似方式添加 <File> 标记:
<files conf.html="">
Order allow, deny
Deny from 188.100.100.0
</files>
这是一个禁止 IP 188.100.100.0 访问 conf.html 的简单例子,但是你也可以添加介绍过的 .htaccess 文件的任何功能包括将要介绍的功能例如缓存控制、GZip 压缩。
大部分服务器会用这个功能增强 .htaccess 文件的安全,这也是我们在浏览器上看不到 .htaccess 文件的原因。在后面的章节中会介绍如何给文件授权。
#### 14. 启用在 cgi-bin 目录以外运行 CGI 脚本 ####
通常服务器运行的 CGI 脚本都保存在 cgi-bin 目录中,但是你可以启用在你需要的目录运行 CGI 脚本,只需要在所需的目录中添加下面的行到 .htaccess 文件,如果没有改文件就创建一个,并添加下面的行:
AddHandler cgi-script .cgi
Options +ExecCGI
#### 15.如何用 .htaccess 在站点上启用 SSI ####
服务器端包括顾名思义的和服务器部分相关的东西。但是什么呢?通常当我们在站点上有很多页面的时候,我们在主页面上会有一个显示到其它页面链接的导航菜单,我们可以启用 SSI(Server Size Includes) 选项允许导航菜单中显示的所有页面完全包含在主页面中。
SSI 允许包含多个页面,好像他们包含的内容就是一个单一页面的一部分,因此任何需要的编辑都只有一个文件,从而可以节省很多磁盘空间。除了 .shtml 文件,服务器默认启用了该选项。
如果你想要对 .html 启用该选项,你需要添加下面的行:
AddHandler server-parsed .html
这之后 html 文件会导向 SSI。
<!--#inlcude virtual= “gk/document.html”-->
#### 16. 如何防止网站目录列表 ####
为防止任何客户端在本地机器罗列服务器上的网站目录列表,添加下面的行到你不想列出的目录的文件中。
Options -Indexes
#### 17. 更改默认字符集和语言头 ####
.htaccess 文件允许你更改网站使用的字符集,例如 ASCII 或 UNICODEUTF-8 等,以及用于显示内容的默认语言。
在服务器的全局环境变量之后添加下面语句可以实现上述功能。
AddDefaultCharset UTF-8
DefaultLanguage en-US
**重写 URL 的重定向规则**
重写功能仅意味着用短而易记的 URL 替换长而难以记忆的 URL。但是在开始这个话题之前这里有一些本文后面会使用的特殊字符的规则和约定。
**特殊符号:**
符号 含义
^ - 字符串开头
$ - 字符串结尾
| - 或 [a|b] a 或 b
[a-z] - a 到 z 的任意字母
+ - 之前字母的一次或多次出现
* - 之前字母的零次或多次出现
? - 之前字母的零次或一次出现
**常量和它们的含义:**
常量 含义
NC - 区分大小写
L - 最后的规则 停止处理更多规则
R - 临时重定向到新 URL
R=301 - 永久重定向到新 URL
F - 禁止发送 403 头给用户
P - 代理 获取远程内容代替部分并返回
G - Gone, 不再存在
S=x - 跳过后面的 x 条规则
T=mime-type - 强制指定 MIME 类型
E=var:value - 设置环境变量 var 的值为 value
H=handler - 设置处理器
PT - Pass through 如果 URL 有额外的头
QSA - 从到替换 URL 的请求追加查询字符串
#### 18. 重定向一个非 www URL 到 www URL ####
在开始解释之前,首先看看启用该功能需要添加到 .htaccess 文件的行。
RewriteEngine ON
RewriteCond %{HTTP_HOST} ^abc\.net$
RewriteRule (.*) http://www.abc.net/$1 [R=301,L]
上面的行启用 Rewrite Engine 然后在第二行检查所有涉及到主机 abc.net 或 环境变量 HTTP_HOST 为 “abc.net” 的 URL。
对于所有这样的 URL代码永久重定向它们(如果启用了 R=301 规则)到新 URL http://www.abc.net/$1其中 $1 是主机为 abc.net 的非 www URL。非 www URL 是大括号内的内容,并通过 $1 引用。
#### 19. 重定向整个站点到 https ####
下面的行会帮助你转换整个网站到 https
RewriteEngine ON
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
上面的行启用 re-write engine 然后检查环境变量 HTTPS 的值。如果设置了那么重写所有网站页面到 https。
#### 20.一个自定义重写例子 ####
例如,重定向 url http://www.abc.net?p=100&q=20http://www.abc.net/10020pq
RewriteEngine ON
RewriteRule ^http://www.abc.net/([0-9]+)([0-9]+)pq$ ^http://www.abc.net?p=$1&q=$2
在上面的行中,$1 表示第一个括号,$2 表示第二个括号。
#### 21. 重命名 htaccess 文件 ####
为了防止入侵者和其他人查看 .htaccess 文件,你可以重命名该文件,这样就不能通过客户端浏览器访问。实现该目标的语句是:
AccessFileName htac.cess
#### 22. 如何为你的网站禁用图片链接 ####
网站大的带宽消耗的另外一个重要问题是热链接问题,这是其它站点用于显示你网站的图片而链接到你的网站的链接,这会消耗你的带宽。这问题也被成为 ‘带宽盗窃’。
一个常见现象是当一个网站要显示其它网站所包含的图片时,由于该链接你的网站需要被加载,消耗你站点的带宽而显示其它站点的图片。为了防止出现这种情况,例如 .gif、.jpeg 图片等,下面的代码行会有所帮助:
RewriteEngine ON
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERERER} !^http://(www\.)?mydomain.com/.*$ [NC]
RewriteRule \.(gif|jpeg|png)$ - [F].
上面的行检查 HTTP_REFERER 是否没有设为空或没有设为你站点上的任何链接。如果是这样的话,你网页上的所有图片会用 403 禁止访问代替。
#### 23. 如何将用户重定向到维护页面 ####
如果你的网站需要进行维护并且你想向所有需要访问该网站的你的所有客户通知这个消息,对于这种情况,你可以添加下面的行到你的 .htaccess 文件,从而只允许管理员访问并替换所有有 .jpg、.css、.gif、.js 等的页面。
RewriteCond %{REQUEST_URI} !^/admin/ [NC]
RewriteCond %{REQUEST_URI} !^((.*).css|(.*).js|(.*).png|(.*).jpg) [NC]
RewriteRule ^(.*)$ /ErrorDocs/Maintainence_Page.html
[NC,L,U,QSA]
这些行检查请求 URL 是否包含任何例如以 /admin/ 开头的管理页面的请求,或任何到 .png, .jpg, .js, .css 页面的请求,对于任何这样的请求,用 ErrorDocs/Maintainence_Page.html 替换那个页面。
#### 24. 映射 IP 地址到域名 ####
名称服务器是将特定 IP 地址转换为域名的服务器。该映射也可以在 .htaccess 文件中用以下形式指定。
为了将地址 L.M.N.O 映射到域名 www.hellovisit.com
RewriteCond %{HTTP_HOST} ^L\.M\.N\.O$ [NC]
RewriteRule ^(.*)$ http://www.hellovisit.com/$1 [L,R=301]
上面的行检查任何页面的主机是否包含类似 L.M.N.O 的 IP 地址,如果是的话第三行会通过永久重定向将页面映射到域名 http://www.hellovisit.com。
#### 25. FilesMatch 标签 ####
类似用于应用条件到单个文件的 <files> 标签,<FilesMatch> 能用于匹配一组文件并对该组文件应用一些条件,如下:
<FilesMatch \.(png|jpg)$”>
Order Allow, Deny
Deny from All
</FilesMatch>
### 结论 ###
.htaccess 文件能实现的小技巧还有很多。这告诉了我们这个文件有多么强大,通过该文件能给你的站点添加多少安全性、动态性以及其它功能。
我们已经在这篇文章中尽最大努力覆盖尽可能多的 htaccess 小技巧,但如果我们缺少了任何重要的技巧,或者你愿意告诉我们你的 htaccess 想法和技巧,你可以在下面的评论框中提交,我们也会在文章中进行介绍。
--------------------------------------------------------------------------------
via: http://www.tecmint.com/apache-htaccess-tricks/
作者:[Gunjit Khera][a]
译者:[ictlyh](https://github.com/ictlyh)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://www.tecmint.com/author/gunjitk94/
[1]:https://en.wikipedia.org/wiki/NCSA_HTTPd