zoukankan      html  css  js  c++  java

  • 设置装备陈列.htaccess的一些问题结果总结

      滥觞:网海拾贝



    Apache的设置装备陈列文件.htaccess是个难点,也是个重点。一贯都没安下心来好好学学,以致一贯觉得Redirect方式是属于mod_rewrite,用到的时间也都是糊里懵懂的。本日找到了一个很好的教程,一边学,一边写点心得。

    updated: 络续修改一些小问题结果

    Source: Comprehensive guide to .htaccess

    Officical reference: Directive Quick Reference

    1 Introduction 介绍
    文件名 .htaccess 属性 644 (RW-R–R–)
    htaccess会影响它地点目次下的通盘子目次
    注意大大都内容都要求对峙在一行之内,不要换行,否则会惹起错误

    2 Error Documents 错误文档
    Official document: ErrorDocument Directive

    ErrorDocument code document
    例子
    ErrorDocument 400 /errors/badrequest.html
    ErrorDocument 404 http://yoursite/errors/notfound.html
    ErrorDocument 401 “Authorization Required”
    (注意之后内容假如呈现的双引号需求转义为 ”)

    罕有HTTP情况码

    Successful Client Requests

    200 OK
    201 Created
    202 Accepted
    203 Non-Authorative Information
    204 No Content
    205 Reset Content
    206 Partial Content

    Client Request Redirected

    300 Multiple Choices
    301 Moved Permanently
    302 Moved Temporarily
    303 See Other
    304 Not Modified
    305 Use Proxy

    Client Request Errors

    400 Bad Request
    401 Authorization Required
    402 Payment Required (not used yet)
    403 Forbidden
    404 Not Found
    405 Method Not Allowed
    406 Not Acceptable (encoding)
    407 Proxy Authentication Required
    408 Request Timed Out
    409 Conflicting Request
    410 Gone
    411 Content Length Required
    412 Precondition Failed
    413 Request Entity Too Long
    414 Request URI Too Long
    415 Unsupported Media Type

    Server Errors

    500 Internal Server Error
    501 Not Implemented
    502 Bad Gateway
    503 Service Unavailable
    504 Gateway Timeout
    505 HTTP Version Not Supported

    3 Password Protection 密码维护
    Official document: Authentication, Authorization and Access Control

    假定密码文件为.htpasswd

    AuthUserFile /usr/local/safedir/.htpasswd (这里必须运用全途径名)
    AuthName EnterPassword
    AuthType Basic

    两种罕有验证体式魔术:
    Require user windix
    (仅允许用户windix登陆)
    Require valid-user
    (一符合理用户都可登陆)

    Tip: 怎样天生密码文件
    运用htpasswd号令(apache自带)

    第一次天生需求建立密码文件
    htpasswd -c .htpasswd user1

    之后增加新用户
    htpasswd .htpasswd user2

    4 Enabling SSI Via htaccess 颠末进程htaccess允许SSI(Server Side Including)结果
    AddType text/html .shtml
    AddHandler server-parsed .shtml
    Options Indexes FollowSymLinks Includes

    DirectoryIndex index.shtml index.html

    5 Blocking users by IP 依据IP截止用户访问
    order allow,deny
    deny from 123.45.6.7
    deny from 12.34.5. (整个C类地址)
    allow from all

    6 Blocking users/sites by referrer 依据referrer截止用户/站点访问
    需求mod_rewrite模块

    例1. 截止单一referrer: badsite.com
    RewriteEngine on
    # Options FollowSymlinks
    RewriteCond %{HTTP_REFERER} badsite.com [NC]
    RewriteRule .* - [F]

    例2. 截止多个referrer: badsite1.com, badsite2.com
    RewriteEngine on
    # Options FollowSymlinks
    RewriteCond %{HTTP_REFERER} badsite1.com [NC,OR]
    RewriteCond %{HTTP_REFERER} badsite2.com
    RewriteRule .* - [F]

    [NC] - 大小写不敏感(Case-insensite)
    [F] - 403 Forbidden

    注意以上代码注释丢失了”Options FollowSymlinks”这个语句。假如效能器未在 httpd.conf 的 段落设置 FollowSymLinks, 则需求加上这句,否则会取得”500 Internal Server error”错误。

    7 Blocking bad bots and site rippers (aka offline browsers) 截止坏爬虫和离线赏识器
    需求mod_rewrite模块

    坏爬虫? 譬喻一些抓渣滓email地址的爬虫和不听命robots.txt的爬虫(如baidu?)
    可以依据 HTTP_USER_AGENT 来鉴定它们
    (但是另有更无耻的如”中搜 zhongsou.com”之流把自己的agent设置为 “Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)” 太流氓了,就刺眼为力了)

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:craftbot@yahoo.com [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Download Demon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
    RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
    RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
    RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
    RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
    RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [OR]
    RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [OR]
    RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [OR]
    RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
    RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
    RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
    RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [OR]
    RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Website Quester [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
    RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [OR]
    RewriteCond %{HTTP_USER_AGENT} ^Zeus
    RewriteRule ^.* - [F,L]

    [F] - 403 Forbidden
    [L] - ?

    8 Change your default directory page 窜改缺省目次页面
    DirectoryIndex index.html index.php index.cgi index.pl

    9 Redirects 转向
    单个文件
    Redirect /old_dir/old_file.html http://yoursite.com/new_dir/new_file.html

    整个目次
    Redirect /old_dir http://yoursite.com/new_dir

    结果: 犹如将目次移动地位一样
    http://yoursite.com/old_dir -> http://yoursite.com/new_dir
    http://yoursite.com/old_dir/dir1/test.html -> http://yoursite.com/new_dir/dir1/test.html

    Tip: 运用用户目次时Redirect不能转向的处理方式

    当你运用Apache默许的用户目次,如 http://mysite.com/~windix,当你想转向 http://mysite.com/~windix/jump时,你会发明下面这个Redirect不任务:
    Redirect /jump http://www.google.com

    正确的方式是改成
    Redirect /~windix/jump http://www.google.com

    (source: .htaccess Redirect in “Sites” not redirecting: why?)

    10 Prevent viewing of .htaccess file 抗御.htaccess文件被检察

    order allow,deny
    deny from all

    11 Adding MIME Types 添加 MIME 类型
    AddType application/x-shockwave-flash swf

    Tips: 设置类型为 application/octet-stream 将提醒下载

    12 Preventing hot linking of images and other file types 防盗链
    需求mod_rewrite模块

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^ $
    RewriteCond %{HTTP_REFERER} !^http://(www/.)?mydomain.com/.* $ [NC]
    RewriteRule .(gif|jpg|js|css) $ - [F]

    解析:
    若 HTTP_REFERER 非空 (滥觞为其他站点,非直接衔接) 而且
    若 HTTP_REFERER 非(www.)mydomain.com收尾(忽略大小写[NC]) (滥觞非本站)
    凑合通盘含有 .gif/.jpg/.js/.css 开首的文件给出 403 Forbidden 错误[F]

    也可指定呼应,如下例体现互换图片

    RewriteRule .(gif|jpg) $ http://www.mydomain.com/angry.gif [R,L]

    [R] - 转向(Redirect)
    [L] - 衔接(Link)

    13 Preventing Directory Listing 灌输目次列表时体现
    IndexIgnore *

    IndexIgnore *.jpg *.gif

    Tips:
    允许目次列表体现: Options Indexes
    压迫牧师列表体现: Options -Indexes
    体现提醒信息: 页首 文件HEADER, 页尾 文件README




    版权声明: 原创作品,允许转载,转载时请务必以超链接方式标明文章 原始出处 、作者信息和本声明。否则将清查法律责任。

  • 相关阅读:
    jmeter-测试webservice接口
    Python
    Mysql:PDBC(Python操作数据库-mysql)
    Mysql: JDBC(Java 操作数据库-mysql)
    Mysql:事务、索引(了解)
    Mysql:DQL(Data Query Language
    Mysql:DML(Data Manipulation Language- 数据操作语言)
    Mysql:列类型,表类型,常用字段属性
    Mysql:DDL(Data Definition Language-数据定义语言)
    Mysql:Centos7安装Mysql5.6
  • 原文地址:https://www.cnblogs.com/zgqjymx/p/1976236.html
Copyright © 2011-2022 走看看