实用.htaccess用法大全

  这里收集的是各种实用的 .htaccess 代码片段,你能想到的用法几乎全在这里。

  免责声明: 虽然将这些代码片段直接拷贝到你的 .htaccess 文件里,绝大多数情况下都是好用的,但也有极个别情况需要你修改某些地方才行。风险自负。

  重要提示: Apache 2.4 有不兼容的修改,特别是在访问配置控制方面。详细信息请参考这篇更新文档以及这篇文章

 重新和重定向

  注意:首先需要服务器安装和启用mod_rewrite模块。

  强制 www

RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]

  强制 www通用方法

RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  这种方法可以使用在任何网站中。 Source

  强制 non-www

  究竟是WWW好,还是non-www好,没有定论,如果你喜欢不带www的,可以使用下面的脚本:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]

  强制 non-www通用方法

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteCond %{HTTPS}s ^on(s)|off
RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www\.)?(.+)$
RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]

  强制 HTTPS

RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Note: It's also recommended to enable HTTP Strict Transport Security (HSTS) 
# on your HTTPS website to help prevent man-in-the-middle attacks.
# See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security max-age=31536000; includeSubDomains
</IfModule>

  强制 HTTPS 通过代理

  如果你使用了代理,这种方法对你很有用。

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

  强制添加末尾斜杠

RewriteCond %{REQUEST_URI} /+[^\.]+$
RewriteRule ^(.+[^/])$ %{REQUEST_URI}/ [R=301,L]

  取掉末尾斜杠

RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [R=301,L]

  重定向到一个页面

Redirect 301 /oldpage.html http://www.example.com/newpage.html
Redirect 301 /oldpage2.html http://www.example.com/folder/

  Source

  目录别名

RewriteEngine On
RewriteRule ^source-directory/(.*) target-directory/$1

  脚本别名

FallbackResource /index.fcgi

  This example has an index.fcgi file in some directory,and any requests within that directory that fail to resolve a filename/directory will be sent to the index.fcgi script. It’s good if you want baz.foo/some/cool/path to be handled by baz.foo/index.fcgi (which also supports requests to baz.foo) while maintaining baz.foo/css/style.css and the like. Get access to the original path from the PATH_INFO environment variable,as exposed to your scripting environment.

RewriteEngine On
RewriteRule ^$ index.fcgi/ [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.fcgi/$1 [QSA,L]

  This is a less efficient version of the FallbackResource directive (because using mod_rewrite is more complex than just handling the FallbackResource directive),but it’s also more flexible.

  重定向整个网站

Redirect 301 / http://newsite.com/

  This way does it with links intact. That is www.oldsite.com/some/crazy/link.html will become www.newsite.com/some/crazy/link.html. This is extremely helpful when you are just “moving” a site to a new domain. Source

  干净的URL

  This snippet lets you use “clean” URLs — those without a PHP extension,e.g. example.com/users instead of example.com/users.php.

RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^([^.]+)$ $1.php [NC,L]

  Source

 安全

  拒绝所有访问

## Apache 2.2
Deny from all

## Apache 2.4
# Require all denied

  But wait,this will lock you out from your content as well! Thus introducing…

  拒绝所有访问(排除部分)

## Apache 2.2
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx

## Apache 2.4
# Require all denied
# Require ip xxx.xxx.xxx.xxx

  xxx.xxx.xxx.xxx is your IP. If you replace the last three digits with 0/12 for example,this will specify a range of IPs within the same network,thus saving you the trouble to list all allowed IPs separately. Source

  Now of course there’s a reversed version:

  屏蔽爬虫/恶意访问

## Apache 2.2
Order deny,allow
Allow from all
Deny from xxx.xxx.xxx.xxx
Deny from xxx.xxx.xxx.xxy

## Apache 2.4
# Require all granted
# Require not ip xxx.xxx.xxx.xxx
# Require not ip xxx.xxx.xxx.xxy

  保护隐藏文件和目录

  Hidden files and directories (those whose names start with a dot .) should most,if not all,of the time be secured. For example: .htaccess,.htpasswd,.git,.hg…

RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule (^|/)\. - [F]

  Alternatively,you can just raise a Not Found error,giving the attacker dude no clue:

RedirectMatch 404 /\..*$

  保护备份文件和源代码文件

  These files may be left by some text/html editors (like Vi/Vim) and pose a great security danger if exposed to public.

<FilesMatch (\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$>
    ## Apache 2.2
    Order allow,deny
    Deny from all
    Satisfy All

    ## Apache 2.4
    # Require all denied
</FilesMatch>

  Source

  禁止目录浏览

Options All -Indexes

  禁止图片盗链

RewriteEngine on
# Remove the following line if you want to block blank referrer too
RewriteCond %{HTTP_REFERER} !^$

RewriteCond %{HTTP_REFERER} !^http(s)?://(.+\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]

# If you want to display a blocked banner in place of the hotlinked image,# replace the above rule with:
# RewriteRule \.(jpg|jpeg|png|gif|bmp) http://example.com/blocked.png [R,L]

  禁止图片盗链(指定域名)

  Sometimes you want to 禁止图片盗链 from some bad guys only.

RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http(s)?://(.+\.)?badsite\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http(s)?://(.+\.)?badsite2\.com [NC,OR]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,L]

  密码保护目录

  First you need to create a .htpasswd file somewhere in the system:

htpasswd -c /home/fellowship/.htpasswd boromir

  Then you can use it for authentication:

AuthType Basic
AuthName One does not simply
AuthUserFile /home/fellowship/.htpasswd
Require valid-user

  密码保护文件

AuthName One still does not simply
AuthType Basic
AuthUserFile /home/fellowship/.htpasswd

<Files one-ring.o>
Require valid-user
</Files>

<FilesMatch ^((one|two|three)-rings?\.o)$>
Require valid-user
</FilesMatch>

  通过Referrer过滤访客

  This denies access for all users who are coming from (referred by) a specific domain.
Source

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} somedomain\.com [NC,OR]
RewriteCond %{HTTP_REFERER} anotherdomain\.com
RewriteRule .* - [F]

  防止被别的网页嵌套

  This prevents the website to be framed (i.e. put into an iframe tag),when still allows framing for a specific URI.

SetEnvIf Request_URI /starry-night allow_framing=true
Header set X-Frame-Options SAMEORIGIN env=!allow_framing

 性能

  压缩文件

<IfModule mod_deflate.c>

    # 强制 compression for mangled headers.
    # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
    <IfModule mod_setenvif.c>
        <IfModule mod_headers.c>
            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
            RequestHeader append Accept-Encoding gzip,deflate env=HAVE_Accept-Encoding
        </IfModule>
    </IfModule>

    # Compress all output labeled with one of the following MIME-types
    # (for Apache versions below 2.3.7,you don't need to enable `mod_filter`
    #  and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
    #  as `AddOutputFilterByType` is still in the core directives).
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE application/atom+xml \
                                      application/javascript \
                                      application/json \
                                      application/rss+xml \
                                      application/vnd.ms-fontobject \
                                      application/x-font-ttf \
                                      application/x-web-app-manifest+json \
                                      application/xhtml+xml \
                                      application/xml \
                                      font/opentype \
                                      image/svg+xml \
                                      image/x-icon \
                                      text/css \
                                      text/html \
                                      text/plain \
                                      text/x-component \
                                      text/xml
    </IfModule>

</IfModule>

  Source

  设置过期头信息

  Expires headers tell the browser whether they should request a specific file from the server or just grab it from the cache. It is advisable to set static content’s expires headers to something far in the future.

  If you don’t control versioning with filename-based cache busting,consider lowering the cache time for resources like CSS and JS to something like 1 week. Source

<IfModule mod_expires.c>
    ExpiresActive on
    ExpiresDefault                                      access plus 1 month

  # CSS
    ExpiresByType text/css                              access plus 1 year

  # Data interchange
    ExpiresByType application/json                      access plus 0 seconds
    ExpiresByType application/xml                       access plus 0 seconds
    ExpiresByType text/xml                              access plus 0 seconds

  # Favicon (cannot be renamed!)
    ExpiresByType image/x-icon                          access plus 1 week

  # HTML components (HTCs)
    ExpiresByType text/x-component                      access plus 1 month

  # HTML
    ExpiresByType text/html                             access plus 0 seconds

  # JavaScript
    ExpiresByType application/javascript                access plus 1 year

  # Manifest files
    ExpiresByType application/x-web-app-manifest+json   access plus 0 seconds
    ExpiresByType text/cache-manifest                   access plus 0 seconds

  # Media
    ExpiresByType audio/ogg                             access plus 1 month
    ExpiresByType image/gif                             access plus 1 month
    ExpiresByType image/jpeg                            access plus 1 month
    ExpiresByType image/png                             access plus 1 month
    ExpiresByType video/mp4                             access plus 1 month
    ExpiresByType video/ogg                             access plus 1 month
    ExpiresByType video/webm                            access plus 1 month

  # Web feeds
    ExpiresByType application/atom+xml                  access plus 1 hour
    ExpiresByType application/rss+xml                   access plus 1 hour

  # Web fonts
    ExpiresByType application/font-woff2                access plus 1 month
    ExpiresByType application/font-woff                 access plus 1 month
    ExpiresByType application/vnd.ms-fontobject         access plus 1 month
    ExpiresByType application/x-font-ttf                access plus 1 month
    ExpiresByType font/opentype                         access plus 1 month
    ExpiresByType image/svg+xml                         access plus 1 month
</IfModule>

  关闭eTags标志

  By removing the ETag header,you disable caches and browsers from being able to validate files,so they are forced to rely on your Cache-Control and Expires header. Source

<IfModule mod_headers.c>
    Header unset ETag
</IfModule>
FileETag None

 其它

  设置PHP变量

php_value <key> <val>

# For example:
php_value upload_max_filesize 50M
php_value max_execution_time 240

  Custom Error Pages

ErrorDocument 500 Houston,we have a problem.
ErrorDocument 401 http://error.example.com/mordor.html
ErrorDocument 404 /errors/halflife3.html

  强制下载

  Sometimes you want to 强制 the browser to download some content instead of displaying it.

<Files *.md>
    ForceType application/octet-stream
    Header set Content-Disposition attachment
</Files>

  Now there is a yang to this yin:

  阻止下载

  Sometimes you want to 强制 the browser to display some content instead of downloading it.

<FilesMatch \.(tex|log|aux)$>
    Header set Content-Type text/plain
</FilesMatch>

  运行跨域字体引用

  CDN-served webfonts might not work in Firefox or IE due to CORS. This snippet solves the problem.

<IfModule mod_headers.c>
    <FilesMatch \.(eot|otf|ttc|ttf|woff|woff2)$>
        Header set Access-Control-Allow-Origin *
    </FilesMatch>
</IfModule>

  Source

  Auto UTF-8 Encode

  Your text content should always be UTF-8 encoded,no?

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# 强制 UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

  Source

  切换PHP版本

  If you’re on a shared host,chances are there are more than one version of PHP installed,and sometimes you want a specific version for your website. For example,Laravel requires PHP >= 5.4. The following snippet should switch the PHP version for you.

AddHandler application/x-httpd-php55 .php

# Alternatively,you can use AddType
AddType application/x-httpd-php55 .php

  禁止IE兼容视图

  Compatibility View in IE may affect how some websites are displayed. The following snippet should 强制 IE to use the Edge Rendering Engine and disable the Compatibility View.

<IfModule mod_headers.c>
    BrowserMatch MSIE is-msie
    Header set X-UA-Compatible IE=edge env=is-msie
</IfModule>

  支持WebP图片格式

  If WebP images are supported and an image with a .webp extension and the same name is found at the same place as the jpg/png image that is going to be served,then the WebP image is served instead.

RewriteEngine On
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{DOCUMENT_ROOT}/$1.webp -f
RewriteRule (.+)\.(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]

  Source

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

相关推荐


随着云计算和网络技术的发展,越来越多的数据需要在服务器之间进行传输和共享。云挂机宝作为一种常见的服务器设备,具有高效、稳定的特性,使得它成为了许多企业和个人用户传输数据的首选。本文将讨论云挂机宝服务器
阿里云服务器Tomcat无法从外部访问一、环境阿里云Ubuntu 12.04.5 LTStomcat和java都是阿里云默认的7的版本,如下图二、问题部署后./startup.sh启动tomcat 之后外部访问http://ip:8080/无法访问,之后去查看防火墙关闭了Ubuntu下面的防火墙123
购买一系列的东西其实就是花钱买块区域,服务器,域名,云解析,花了好多money。。。一、租服务器百度搜索阿里云进入官网首页,点击登录进入登录页面,可以使用邮箱登录或者注册进入注册页面,填写注册信息登录成功,进入主页,点击云服务ECS,点击购买推荐或者选购配置根据实际情况选择产品,可能没有货,那么就需要更改购买条件如果是新用户,购买
前言昨天买了域名,服务器,然后搭建了环境,然后想他通过默认的端口,不用端口就访问。设置WEB项目的欢迎页在WEB-INF文件夹下有个web.xml文件(最近新建的项目不包含此文件,可以手动新建),在welcome-file-list节点中设置,代码如下 <welcome-file-list> <welcome-file>test.html</welcome-file>
前言由于服务器centos6.8安装mysql一直出现不能连接问题,然后看到一个方法,一不小心就把yum给删除了,都还原不了,很是绝望,很难受。然后没有yum这个centos就感觉废了,然后找方法装上去。 python --version查看python 版本 whereis python 查看python文件 python: /usr/bin/python2.6 /usr/bin/python
前言用 SSH客户端登录上以后,自己想要在本地连接服务器上的mysql服务器。解决方法1、首先启动数据库[root@iZm5ec880z2rorZ ~]# service mysqld start可以输入一下加粗命令:[root@iZm5ec880z2rorZ ~]# mysql -u root -p Enter password: (输入你的数据库密码)Welcome to the My
前言乱码问题是很让人抓狂的问题,下面我将记录一下Linux下MySQL乱码问题的解决方法。 mysql在linux下乱码问题一、操作mysql默认字符集是latin1,但是我们大部分程序使用的字符集是utf8,我们就需要修改mysql的字符集了。1)查看默认编码show variables like 'character%';+--------------------------+--------
问题描述今天阿里云服务器安装mysql的收,遇到了一个很熟悉的问题 输入#mysql -u root -p ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) 解决方案一、方案1 1.#ps -A|grep mysql 显示类似:
今天在使用filezilla连接虚拟机中的ubuntu的时候出现上次出错,错误详情为:open for write: permission denied看完错误大概知道和权限有问题,再次查看虚拟机,我们使用以下命令给我们需要放入的目标文件权限:sudo chmod 777 /home再次尝试上传,上传成功! ...
直接上步骤,做一个简单的记录!配置阿里云oss找到对应的oss如果没有bucket,则新建一个新建之后,进入到对应的bucket,然后进行相关设置以上就是oss的基本设置,接下来是域名相关设置,这也是最重要的一些步骤。oss域名解析和cdn设置oss域名解析设置oss的域名设置是在传输管理下进行设置。如果没有域名,需要添加域名,没有注册域名自行注册。添加之后就会在上面列表上显示。以上就是域名的解析配置,期间还需要设置域名解析cname等。oss的cdn设置加速设置cdn
这个需要开放centos的端口和腾讯云服务器的端口。防火墙开放8080端口因为Centos7以上用firewalld代替了iptables,也就是说firewalld开通了8080端口应该就行了1.输入netstat -tunlp 查看8080是否放开。2.如果没有开放,输入firewall-cmd --state #查看防火墙状态。3.在running 状态下,向firewall 添加需要开放的端口firewall-cmd --permanent --zone=public --add-po
前言:博主资历尚浅,很多东西都还在刚起步学习的阶段,这几天开发任务比较轻,就在自己window系统下,模拟部署远程服务器,利用Jenkins + Ant + Tomcat 搭建了一个自动发布部署的环境
为了做集群测试,在每台机器上装了3个tomcat,每次发布项目的时候都要反复敲一些命令,重启 tomcat 之前先检查 tomcat 进程有没有停掉,没有还要手动 kill 该进程。 发布次数多了,操
Jenkins修改管理员密码,我看了网上所有的教程,竟然全都是拿着一串已经加密好的 111111 的密文去替代 config.xml 文件里面的密码,然后大家的密码都是 111111!我觉得这种做法实
一、四层与七层负载均衡在原理上的区别 1.图示 2.概述 四层负载均衡工作在 OSI 模型中的四层,即传输层。四层负载均衡只能根据报文中目标地址和源地址对请求进行转发,而无法修改或判断所请求资源的具体
和 window不同,在Linux压缩文件需要注意的是,压缩后的文件会把源文件给替代,无论是gzip、bzip2、xz 均不支持压缩目录,要达到压缩目录的目的,需要用到tar指令。 gzip 压缩 g
一、前言 随着每天业务的增长,Tomcat 的catalina.out日志 变得越来越大,占用磁盘空间不说。要查看某个时候的日志的时候,庞大的日志让你顿时无从下手,所以日志的切割的变得刻不容缓。而且,
一、安装 和 准备工作 我们选择了用 Tomcat 服务器下 war 包的安装方式。Jenkins 的下载地址:http://mirrors.jenkins-ci.org/,打开链接后,表格有war列
一、gcc gcc是Linux上面最标准的C语言的编译程序,用来源代码的编译链接。 gcc -c hello.c 编译产生目标文件hello.o gcc -O hello.c 编译产生目标文件,并进行
随着智能化互联时代的来临,家中的智能设备越来越多:电视机、平板、游戏主机、电脑、手机等遍及家中各个角落,同时设备之间共享数据的需求变的越来越强烈。比如同步、备份手机上的照片和视频,在电视机上观看电脑中