Difference between revisions of "Apache .htaccess"
m |
m (→Reference) |
||
Line 82: | Line 82: | ||
<references/> | <references/> | ||
+ | [[Category:Programming]] | ||
[[Category:Index]] | [[Category:Index]] |
Revision as of 16:23, 2 October 2018
The Apache Webserver file .htaccess
is a powerful tool for managing the access and navigation to your webserver.
Unfortunately, the working is not very intuitive and not very simple.
There are many websites that tell they do understand/know htaccess, but little is true.
I do not pretend to know/understand htaccess, but I have some useful tips tricks.
Please review them carefully and let me know what you think.
This website uses several references, such as
Examples
SEO Friendly 301
SEO content is any content created with the goal of attracting search engine traffic. [3]
- SEO refers to search engine optimization, or the process of optimizing a website so that people can easily find it via search engines like Google.
- By content, we mean any information that lives on the web and can be consumed on the web.
Nowadays, some modern search engine has the capability to detect 301 Permanent Redirects and update its existing record. <syntaxhighlight lang="bash" line start="1"> Redirect 301 https://www.harmfrielink.nl/home https://www.harmfrielink.nl </syntaxhighlight>
Block Access to htaccess
Do not let everybody have access to all your files, protect them! <syntaxhighlight lang="bash" line start="1">
- Secures htaccess file
<Files .htaccess> order allow,deny deny from all </Files>
- Prevents viewing of a specific file
<Files secretfile.jpg>
order allow,deny deny from all
</Files>
- Prevents multiple file types
<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order Allow,Deny Deny from all
</FilesMatch> </syntaxhighlight>
Prevent PHP-Directory Access
The usage of a special PHP-include directory is a common implementation paradigm.
But you don't want anyone to have access to that directory except the program/application.
This snippet prevents the access to the directory file with extension php.
<syntaxhighlight lang="bash" line>
- Enable Mod Rewrite, this is only required once in each .htaccess file
RewriteEngine On RewriteBase /
- Test for access to the include directory
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /phpinclude/.*$ [NC]
- Test that file requested has php extension
RewriteCond %{REQUEST_FILENAME} ^.+\.php$
- Forbid Access
RewriteRule .* - [F,NS,L] </syntaxhighlight>
- Line 01-03: Needs to be set once and enables the RewriteCond and RewriteRule.
- Line 05-06: Tests case insensitive ([NC]=No Case) if the directory is ../phpinclude at the end ($).
- Line 08-09: Tests if the file name has the extension .php at the end ($).
- Line 11-12: Forbids access to the found file.
- F: Returns a 403 FORBIDDEN response to the client browser.
- NS: Causes a rule to be skipped if the current request is an internal sub-request.
- L: Stop the rewriting process immediately and don't apply any more rules.
Source: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [2].
See also
- htaccess tester, Website with tester for the htaccess rules. Does not test server constant like THE_REQUEST etc.
- htaccess syntax check, Syntax checker for your htaccess scripts.
Reference
- ↑ Queness htaccess, Queness.com htaccess post Tips and Tricks.
- ↑ 2.0 2.1 Apache Docs, Description mod_rewrite module: Rewrite(s) condition and rules.
- ↑ WordStream, SEO Content Beginners Guide.