一、.htaccess的基本作用 .htaccess是一个纯文本文件,它里面存放着Apache服务器配置相关的指令。
<Directory /> Options FollowSymLinks AllowOverride None </Directory> 改为: <Directory /> Options FollowSymLinks AllowOverride All </Directory>
AccessFileName .config
三、.htaccess访问控制 1、访问控制基础:Order命令 为了限制用户访问一些关键目录,通常加入.htaccess文件,常见的写法如下: <Files ~ "^.*\.([Ll][Oo][Gg])|([eE][xX][eE])"> Order allow,deny Deny from all </Files>
说明: (1)Files后的波浪线表示启用“正则表达式”,简单的写法有:<Files *>。 (2)Order命令:通过Allow,Deny参数,Apache首先找到并应用Allow命令,然后应用Deny命令,以阻止所有访问,也可以使用Deny,Allow。 四、URL重写 下面是一段简单的URL重写规则示例: # 将 RewriteEngine 模式打开 RewriteEngine On # Rewrite 系统规则请勿修改 RewriteRule ^p/([0-9]+)\.html$ index.php?post_id=$1 RewriteRule ^u-(username|uid)-(.+)\.html$ space.php?$1=$2
五、配置错误页面 基本语法如下: # custom error documents ErrorDocument 401 /err/401.php ErrorDocument 403 /err/403.php ErrorDocument 404 /err/404.php ErrorDocument 500 /err/500.php
六、htaccess常用命令和配置技巧 Options -Indexes
deny from 000.000.000.000
allow from 000.000.000.000
deny from all
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm
Redirect /location/from/root/file.ext http:///new/file/location.xyz
/oldfile.html
/old/oldfile.html
Redirect /olddirectory http: ///newdirectory
http: ///olddirecotry/oldfiles/images/image.gif
http: ///newdirectory/oldfiles/images/image.gif
七、安全配置 RewriteBase /
RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www.)?/.*$ [NC] RewriteRule .(gif|jpg|swf|flv|png)$ /feed/ [R=302,L]
RewriteEngine On
# proc/self/environ? 没门! RewriteCond %{QUERY_STRING} proc/self/environ [OR] # 阻止脚本企图通过URL修改mosConfig值 RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [OR] # 阻止脚本通过URL传递的base64_encode垃圾信息 RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR] # 阻止在URL含有<script>标记的脚本 RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR] # 阻止企图通过URL设置PHP的GLOBALS变量的脚本 RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR] # 阻止企图通过URL设置PHP的_REQUEST变量的脚本 RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2}) # 把所有被阻止的请求转向到403禁止提示页面! RewriteRule ^(.*)$ index.php [F,L]
# 禁止某些目录里的脚本执行权限
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi Options -ExecCGI
Redirect 301 http://www./home http://www./
AddType application/octet-stream .pdf
AddType application/octet-stream .zip AddType application/octet-stream .mov
RewriteEngine On
RewriteBase / RewriteCond %{HTTP_HOST} ^www. [NC] RewriteRule ^(.*)$ http:///$1 [L,R=301]
ErrorDocument 401 /error/401.php
ErrorDocument 403 /error/403.php ErrorDocument 404 /error/404.php ErrorDocument 500 /error/500.php
# 压缩 text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript .AddOutputFilterByType DEFLATE application/x-javascript
<FilesMatch “.(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$”>
Header set Cache-Control “max-age=2592000″ </FilesMatch>
# 显式的规定对脚本和其它动态文件禁止使用缓存
<FilesMatch “.(pl|php|cgi|spl|scgi|fcgi)$”> Header unset Cache-Control </FilesMatch>
|
|