‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[理论探讨] .htaccess 学习笔记

sogood

版主

Rank: 7Rank: 7Rank: 7
1# 发表于 2007-2-28 23:10  只看该作者

.htaccess 学习笔记

.htaccess可以做大量范围的事情,包括:文件夹密码保护、用户自动重新指向、自定义错误页面、变更你的文件扩展名、屏蔽特定的用户IP地址、只允许特定的IP地址、停止目录表以及使用其他文件作为index文件,等等...... # Z% x6 S9 n2 a0 h7 a

, ?( H3 c  H* i( _" k1. Introduction 介绍 . N/ V$ t- Y; j  f8 F( p. a$ N! h- T
文件名 .htaccess 属性 644 (RW-R–R–) 3 T/ z0 j& t% p: h; L! K
htaccess会影响它所在目录下的所有子目录
  S* t3 u. V. a/ U/ x3 g$ t注意大多数内容都要求保持在一行之内,不要换行,否则会引起错误 ' v7 {% O% O" Y8 x* @
) y5 N1 a! Y& v3 a7 u
2. Error Documents 错误文档
9 I# P( N6 E6 {4 W  IOfficial document: ErrorDocument Directive
( y2 z( V, v! |) ?1 g7 E7 @ErrorDocument code document
" y% m, A" F6 @! i7 ]) u& I! h例子
3 K* R& I' T" ?- `& f8 j/ z" Z! AErrorDocument 400 /errors/badrequest.html
. I! Z- \. t% V. h8 t5 z9 \& }ErrorDocument 404 http://yoursite/errors/not... ) d3 |8 u3 r- @: a9 k6 S
ErrorDocument 401 “Authorization Required”
/ J% A' O/ W1 J- u8 V6 J& a5 d(注意之后内容如果出现的双引号需要转义为 ”)
; x# ]2 k) N' ]  @7 N- V7 T常见HTTP状态码
9 d, J) S+ c# d, e* H# {Successful Client Requests + c$ p  V4 `+ ]
200 OK
7 C/ L$ G5 U& g; H% N! N201 Created + E* X1 g% C0 b, G
202 Accepted
; `# ~6 @% Q: R; M8 G& e1 B- T( Q203 Non-Authorative Information + b# K1 J: J; R$ N
204 No Content
2 B- D) q" u8 y) E* p4 X* h& m5 h' w. U205 Reset Content / o4 ^3 \7 U3 @- |1 _/ _7 l! D
206 Partial Content
* A* b2 m( T9 W- H, F' p% zClient Request Redirected " B4 Z- ?+ J; V6 ]5 D
300 Multiple Choices
8 z* Q4 p" T+ E& S, u# J301 Moved Permanently ) X5 _& v& M4 T1 z
302 Moved Temporarily
/ D9 W; m/ k8 [; |, d: @+ F& Y# U  D303 See Other
, D" G3 Z' O6 q! t$ N" D' V& `304 Not Modified , K. T% {+ v! J( k. H# r" a1 J
305 Use Proxy
" g. K5 h2 {5 f7 n9 IClient Request Errors
+ i: l$ J5 k6 c+ H$ B( `8 a400 Bad Request 4 y+ D2 h9 a" n: V
401 Authorization Required 0 N! z! j1 D2 u: J0 I) M  n. j
402 Payment Required (not used yet)
" t- ^- v/ @/ Y9 J403 Forbidden $ A6 h1 h, b8 N2 [
404 Not Found
4 C# s8 g. E; D405 Method Not Allowed
' c6 r7 w" Y, s* [0 p! w: h. S406 Not Acceptable (encoding)
! Z8 v; a- O: ~. R1 [! `407 Proxy Authentication Required : s2 F% y: A! {/ K, ~( \9 ?0 f& a
408 Request Timed Out
+ k6 n! y% p. _% }7 `409 Conflicting Request % K9 Z( C1 ^, n2 K6 O3 ]# U  {: J
410 Gone
1 s6 n" `0 T" Q( Z- v) {3 h5 F! a5 x% b411 Content Length Required 8 M; e3 K- F& l9 [" t
412 Precondition Failed
6 J" H% C8 {6 j. Y( F/ l413 Request Entity Too Long
9 i# w# r, v3 t4 N. r; H  x, J; s0 _  c414 Request URI Too Long # M$ D- ^. h6 w0 P( r. f
415 Unsupported Media Type
5 J! U% C' _9 o7 \0 s& CServer Errors
" c" ]9 Z5 }' @1 F, F" u' s9 D500 Internal Server Error   r$ Y% I6 m5 U: a+ y9 A1 y
501 Not Implemented ' d3 f  x& h1 S( E  m
502 Bad Gateway % a/ k9 {3 C, ]: T
503 Service Unavailable ! X! @& c5 ]! Z2 W/ q. F! R0 s1 d
504 Gateway Timeout
5 m$ V9 Y2 m' f* `505 HTTP Version Not Supported 4 a+ T+ t* {1 C# K+ T

' ~6 f( B/ N$ {9 N  P9 P( `4 C; P2 ~3. Password Protection 密码保护
+ v) l5 h7 ]0 c% JOfficial document: Authentication, Authorization and Access Control 1 I, V2 q7 l& T4 o3 g5 q
假设密码文件为.htpasswd 1 L. T* v9 |$ c% y0 h
AuthUserFile /usr/local/safedir/.htpasswd (这里必须使用全路径名) 8 z) ^8 k; V$ n; B, Q) O1 b
AuthName EnterPassword 1 n6 m- ^: r& w% B
AuthType Basic
  L" V0 y7 ]" \两种常见验证方式: ' P* _2 y; q1 h$ X0 T3 C: H$ g! N
Require user windix
5 L6 p& }: v1 g' H, ^' Z" K( X(仅允许用户windix登陆) 1 ~; a7 x! w) W# ?; i
Require valid-user ; G& S8 L8 z" B
(所有合法用户都可登陆)
! Q, g! a$ _) k1 U) q: ZTip: 如何生成密码文件
' H8 \1 j9 \. M% i1 O9 Y9 [7 C使用htpasswd命令(apache自带) % J! c: q1 v# T! d& K3 ^& z' Q
第一次生成需要创建密码文件
$ N, |9 ~+ E' ?- yhtpasswd -c .htpasswd user1
$ |+ w/ ]9 ]. x0 b8 S5 D& u; A  B- |之后增加新用户
0 s. B# ?$ W  phtpasswd .htpasswd user2
3 H/ P) M: W) C9 _. j- ^6 e5 w6 f5 \' _6 X. g  D/ B
4. Enabling SSI Via htaccess 通过htaccess允许SSI(Server Side Including)功能
  ~& U& C. k! \% o7 ^3 AAddType text/html .shtml ' b: g; r) g; L0 X
AddHandler server-parsed .shtml
+ O, k- k. h. A: @7 n9 u% s% E9 _Options Indexes FollowSymLinks Includes   _4 }6 o: Q8 f& S9 N- S
DirectoryIndex index.shtml index.html
) v. h" c" I& j$ }& X6 \* ~% @( K( h2 b" K
5. Blocking users by IP 根据IP阻止用户访问 ) R+ u6 f2 C& x! q
order allow,deny # v1 y2 s  Y1 n- Z$ B- h7 U
deny from 123.45.6.7 & T% n4 U( @' N; z' @
deny from 12.34.5. (整个C类地址) 1 u4 ^  W4 n. K' a6 y' |
allow from all 1 j( f) R  n9 R! Y

& X) a( H  V7 F7 L6. Blocking users/sites by referrer 根据referrer阻止用户/站点访问 2 B" e4 P0 b; I
需要mod_rewrite模块
+ \* U& i8 V9 \- }例1. 阻止单一referrer: badsite.com   u& Q' {6 F5 D" _( F
RewriteEngine on
3 S7 ]3 ^6 A5 l( e; V; _' E5 Z  k# Options +FollowSymlinks
6 M/ Q3 A5 z! ^6 ]2 m  }, V3 e3 PRewriteCond %{HTTP_REFERER} badsite.com [NC]
) P) I$ `) ?+ D4 P8 ~RewriteRule .* - [F] 9 {$ w% k4 ~; Z% `- Z! W
例2. 阻止多个referrer: badsite1.com, badsite2.com
: ]/ n6 g/ O8 `+ _RewriteEngine on
* C  a4 P1 J( a2 m# Options +FollowSymlinks ' f- L3 ]9 U% h. \# m
RewriteCond %{HTTP_REFERER} badsite1.com [NC,OR]
, K; B) P. Y8 hRewriteCond %{HTTP_REFERER} badsite2.com ) A- s4 v3 j9 v) N7 b( K' J
RewriteRule .* - [F]
7 S) ?4 F1 [( l) c! m& Z[NC] - 大小写不敏感(Case-insensite)
2 Q8 _+ z" [5 I[F] - 403 Forbidden
3 ]# M& H( V( _4 B注意以上代码注释掉了”Options +FollowSymlinks”这个语句。如果服务器未在 httpd.conf 的 段落设置 FollowSymLinks, 则需要加上这句,否则会得到”500 Internal Server error”错误。
' O$ I1 H  W: ^2 j5 ]3 i  @& k9 W
7 |4 [; _4 a' w' y6 z' h7. Blocking bad bots and site rippers (aka offline browsers) 阻止坏爬虫和离线浏览器 % g* M- t+ x  H5 u; M/ m1 V1 S
需要mod_rewrite模块
& u( }: @& |" g( K: P9 ]; b# M坏爬虫? 比如一些抓垃圾email地址的爬虫和不遵守robots.txt的爬虫(如baidu?)
* [, o8 H" e4 f/ D  E+ A) g可以根据 HTTP_USER_AGENT 来判断它们
  M! `; B, _1 u( t/ n( K5 k4 w(但是还有更无耻的如”中搜 zhongsou.com”之流把自己的agent设置为 “Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)” 太流氓了,就无能为力了)   G( g- Y9 D- w; J' e* U5 B
RewriteEngine On
6 Y$ M( R( u$ O' x; B4 U5 h$ MRewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 7 \5 ^$ k- ^2 p8 o
RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:craftbot@yahoo.com [OR] 0 ~8 L+ f6 k, L  h
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 1 V5 ~  g) ~- X$ h3 t! B! P/ m
RewriteCond %{HTTP_USER_AGENT} ^Custo [OR] 2 E8 S- k: j" S
RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR] # x! d/ {$ ^4 v3 c7 @9 i
RewriteCond %{HTTP_USER_AGENT} ^Download Demon [OR]
( s0 u# M+ w4 fRewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
. e9 N- @2 v2 f: B( pRewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR] 5 G0 U) D. a8 X9 r
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR] 7 E( {! i. ?0 B4 k
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR] . Z" e2 {) r+ {+ H7 n! C. y
RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [OR]
4 f! F- e2 i. e# y; u4 N8 mRewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
/ U. E5 ?1 z8 F2 Q; SRewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]   U" f. P' q, c% X2 A/ Q
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
/ U4 \* a2 E+ F  ?4 K2 D+ o$ Y  I! cRewriteCond %{HTTP_USER_AGENT} ^GetRight [OR] 8 y0 N0 B- Y0 M* f
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR] , p' P+ ^$ [8 ?- m4 b* h& \
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
9 B1 y7 c9 s4 M& hRewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
" n  {+ m2 F( R- P+ v- z+ a' ], ARewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR] ( G+ c6 X: T" v$ Q9 b/ w
RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
" t* n1 [' {" R. t  f. ^RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
, q; A0 `- r" c# G0 GRewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR] & ^7 T7 F& \) {4 y, r+ x
RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [OR]
4 y. v* m9 l, o) `; x' r/ gRewriteCond %{HTTP_USER_AGENT} ^Image Sucker [OR]
* i+ }* ]0 K9 f! k9 b# hRewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
5 M' l* Z) B: V8 tRewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
6 A2 F" o9 o# n( k! H5 _RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [OR]
+ e2 C, q# Y5 z) g$ u, W! hRewriteCond %{HTTP_USER_AGENT} ^JetCar [OR] # X' j# u- u, E
RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [OR] . R  `3 I/ S0 }( a; w& G
RewriteCond %{HTTP_USER_AGENT} ^larbin [OR] * n: `2 A! X) h- V
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
& |7 |# ]0 [$ x0 g% C( DRewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [OR]
% M- {4 i& S8 I7 g7 B% t' W( g+ ERewriteCond %{HTTP_USER_AGENT} ^MIDown tool [OR] # q- ~9 p* o; b% h# W/ A
RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [OR] 6 u6 V" k* a" C9 o
RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR] 4 J& J. D* s" N, q. n
RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
0 K0 \- m: a" ^' rRewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR] , q3 R% k1 _% p! i
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR] 4 X/ o/ j2 ?( z  w3 x+ b
RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [OR]
5 W7 \! Q- i4 `+ o; x6 u# f4 |RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
4 |: K5 R. M2 G. c$ HRewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
2 y; l6 z, f5 K  _* b' V5 D7 PRewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [OR]
7 A# i3 {  U4 e# x2 x- [: TRewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [OR]
" u; q0 E, K( H$ @RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR] 1 ?+ j3 G- f4 `2 R3 @; U3 F
RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [OR] - @2 X+ k% q! |+ R, \8 N" Y7 {
RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR] . H$ o9 u8 {0 I
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
8 A$ h* ]" _0 e$ j- j$ kRewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
& E3 [  E# o, M7 l8 RRewriteCond %{HTTP_USER_AGENT} ^ReGet [OR] % P% B' D1 S6 I: ^- }4 r+ i7 G
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
" K. y5 [) w( U6 aRewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
+ d: o4 R) S2 c' j. ?7 @: l0 rRewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
" c0 w6 ]9 Q! G) X' o# L! gRewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
% w9 x7 z3 k5 m$ [8 O+ ~4 e( SRewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
1 [3 B. V# f5 e; k2 y& T7 NRewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR] , @: q0 V/ {; e. `
RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [OR]
! a2 B1 x+ s: \) Y( N7 ?RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR] 1 ?: X2 |2 V$ ]; K1 p( |" \
RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [OR] . T! E" _0 m% ^) y; H3 U
RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [OR] ( G: m- R7 W4 f9 {' o( ~4 l
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
/ [4 q, |: {" ~$ p4 }$ R8 ^RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR] 7 Z. G3 d, I+ V  y0 X' y
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR] 3 s$ c7 Y2 w8 e0 Y0 r: K
RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [OR] * e- n) q  V. I4 v2 u# q, R
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]   A  S& Z: N. o7 D& {0 o
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
) X; R  d+ d0 hRewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR] " `( [4 @1 t0 x+ C  a
RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [OR]
2 j* ?; ?) R1 u. c, h; x& i! p- IRewriteCond %{HTTP_USER_AGENT} ^Website Quester [OR] 3 w/ n6 A( a7 d0 f
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR] : t: b0 U+ }0 F) {7 `$ }4 c
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR] & w# X3 O9 g* u' U  V3 g
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR] 8 b# B  A% v, _! k
RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
: S1 z3 v/ [( L" F% dRewriteCond %{HTTP_USER_AGENT} ^Widow [OR] 7 ^8 ]2 i6 P1 l" {- T8 g
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR] / w- C0 [  S/ z
RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [OR] ! s& {! h  i! J# N
RewriteCond %{HTTP_USER_AGENT} ^Zeus . z7 Q" n# S% Y; |
RewriteRule ^.* - [F,L] * h  Q6 |8 [$ m/ o" R0 l8 r
[F] - 403 Forbidden
0 n9 r  v7 P" Q9 L8 t. o* J" O. ~$ w- I[L] - ? ; W& c7 _6 [# [- M7 ?2 F
! i! _: e  n& X, `7 P
8. Change your default directory page 改变缺省目录页面 8 ~  Z! n/ E: z
DirectoryIndex index.html index.php index.cgi index.pl
  \+ g3 P# _; ~
% H1 K- j& g, N9 \9. Redirects 转向
# g, Z. F. ~! `' [9 l; {& Y单个文件 8 L3 M- t: I0 g: J5 ]6 i) Q
Redirect /old_dir/old_file.html http://yoursite.com/new_di...
3 T- t- L" q9 k: N! R3 \5 k整个目录
, e. Y- ^$ J; cRedirect /old_dir http://yoursite.com/new_di... 3 L2 M& u. V% g4 g; i" g
效果: 如同将目录移动位置一样
  N0 w' W) w# j  k+ v' mhttp://yoursite.com/old_di... -> http://yoursite.com/new_di... $ e3 `5 E" ]4 g3 A. W; u
http://yoursite.com/old_di... -> http://yoursite.com/new_di...
  Q6 E2 f6 A; @  t/ V" g" ?3 STip: 使用用户目录时Redirect不能转向的解决方法
# k) Q- _, i  Z( T4 [当你使用Apache默认的用户目录,如 http://mysite.com/~windix,当你想转向 http://mysite.com/~windix/...时,你会发现下面这个Redirect不工作: + I; Q( T1 L  }6 z& C& e
Redirect /jump http://www.google.com 4 b9 D4 N/ K( N5 _) [
正确的方法是改成
$ Y. ~" Q: d* T$ j2 k1 t7 ]Redirect /~windix/jump http://www.google.com   |+ k& H* K0 ]3 A, i
(source: .htaccess Redirect in “Sites” not redirecting: why?
* a$ @+ `7 W+ t8 @8 n)
2 g1 v4 p$ b/ j) c' y% N4 H, O; o
, y/ _4 ?- {9 \9 g10. Prevent viewing of .htaccess file 防止.htaccess文件被查看 ) C9 x/ p3 R& o9 s
order allow,deny 7 ]6 f7 U1 l6 M6 e1 _& l
deny from all
. W' D& D4 ]% \8 f4 S) ~$ H( O: _6 L" o
11. Adding MIME Types 添加 MIME 类型 % A6 ?* m: f: g
AddType application/x-shockwave-flash swf
3 ^* w& B( K% t1 ZTips: 设置类型为 application/octet-stream 将提示下载
' b! q/ C! l& I% }) u" l: F7 L' ?  w
- p; Q* h& X: F% ]0 G12. Preventing hot linking of images and other file types 防盗链
7 \3 t  B1 k+ O' {3 B& J需要mod_rewrite模块 $ g6 M- s# Z' V
RewriteEngine on % r( e: J6 a' l- G
RewriteCond %{HTTP_REFERER} !^$
/ H/ H6 {6 l- }RewriteCond %{HTTP_REFERER} !^http://(www/.)?mydoma...*$ [NC] 6 j; @5 [9 D9 i+ Y
RewriteRule .(gif|jpg|js|css)$ - [F] ; y+ Q$ H5 g. c8 j7 s
解析:
% `  P( ?. P! P若 HTTP_REFERER 非空 (来源为其他站点,非直接连接) 并且 ' ]5 O' c1 ?; P0 ^( c# d. X
若 HTTP_REFERER 非(www.)mydomain.com开头(忽略大小写[NC]) (来源非本站) , c3 t( N  m$ ?" e. z8 h4 p- T
对于所有含有 .gif/.jpg/.js/.css 结尾的文件给出 403 Forbidden 错误[F]
. F0 g6 C1 X$ O/ r. ?, }+ h也可指定响应,如下例显示替换图片
* I( r; K8 ?1 g  K+ IRewriteRule .(gif|jpg)$ 6 v! ~5 @7 ?0 O  B4 T
[R,L]
. a1 y1 ]8 \4 g# S4 k[R] - 转向(Redirect)
* m( s& b4 g. u  q[L] - 连接(Link)
$ @) ]' T* t. u' E- r- l% m% a# O7 }! w. x" J7 W% T' h( V
13. Preventing Directory Listing 防止目录列表时显示 5 Y8 S& A) Q) v
IndexIgnore * ; m1 d3 B3 F0 C3 @4 V* W
IndexIgnore *.jpg *.gif & n0 |% Z9 U1 l; p: p0 Y, q
Tips: ; Q* O5 `! |2 ~7 z5 p) p
允许目录列表显示: Options +Indexes * T) s- A- t1 D+ U
禁止目录列表显示: Options -Indexes
3 T5 [4 I6 c9 h3 t1 o9 w4 H显示提示信息: 页首 文件HEADER, 页尾 文件README

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题