Một Số Cấu Hình Trên File .Htaccess
25
Một số cấu hình trên file .htaccess 1. .htaccess là gì? 1.1. .htaccess là gì .htaccess là một file cấu hình sử dụng cho các web server chạy Apache. .htaccess dùng để thiết lập các tùy chọn: thực thi hay loại bỏ các chức năng, tính năng của Apache 1.2. Ý nghĩa ký hiệu định nghĩa trong .htaccess # : cho phép server bỏ qua dòng này [F] : Forbidden, hướng dẫn server trả về lỗi 403 cho client [L] : Last rule, hướng dẫn server ngừng ghi lại sau khi một chỉ thị đã được xử lý [N] : Next, chỉ dẫn cho Apache trả về luật rewrite cho tới khi tất cả các chỉ thị rewrite được hoàn tất. [G]: Gone, chỉ dẫn server chuyển thông điệp Gone [P]: Proxy, chỉ dẫn server sử dụng các request cung cấp bởi mod_proxy [C]: Chain, chỉ dẫn server gắn luật trước với luật sau nó [R]: Redirect, hướng dẫn Apache đưa ra một chuyển hướng [NC]: No case, xác định bất cứ trường hợp nào liên quan tới nó là vô lý (Không thể xảy ra) [PT]: Pas Through: chỉ dẫn mod_rewrite để vượt qua cơ chế ghi lại URL cho các xử lý xa hơn [OR]: Or, là cú pháp logic bình thường (biểu thức kết hợp đúng khi một trong hai biểu thức con của nó đúng) [NE]: No Escape: hướng dẫn server lọc đầu ra [NS]: No Subresquest: hướng dẫn server giữ chỉ thị nếu là một request con từ bên trong [QSA]: gắn thêm chuỗi truy vấn vào cuối URL [S=x]: Skip: chỉ dẫn server dừng lại x luật [E=variable:value ]: Environment Variale: chỉ dẫn server thiết lập giá trị tài nguyên [T=MIME-type]: Mime Type: mô tả loại mime của tài nguyên đích []: xác định một tập các ký tự trong đó bất cứ ký tự nào có trong ngoặc xuất hiện sẽ được match []+: tập các ký tự trong đó bất cứ kết hợp nào với nó cũng được match [a-z] : match với tất cả các ký tự từ a-z, theo bảng chữ cái. Có thể có thêm: [a-zA-Z]
description
Hướng Dẫn Cấu hình apache
Transcript of Một Số Cấu Hình Trên File .Htaccess
Mt s cu hnh trn file .htaccess1. .htaccess l g?
1.1. .htaccess l g
.htaccess l mt file cu hnh s dng cho cc web server chy Apache. .htaccess dng thit lp cc ty chn: thc thi hay loi b cc chc nng, tnh nng ca Apache
1.2. ngha k hiu nh ngha trong .htaccess
# : cho php server b qua dng ny[F] : Forbidden, hng dn server tr v li 403 cho client[L] : Last rule, hng dn server ngng ghi li sau khi mt ch th c x l[N] : Next, ch dn cho Apache tr v lut rewrite cho ti khi tt c cc ch th rewrite c hon tt.[G]: Gone, ch dn server chuyn thng ip Gone[P]: Proxy, ch dn server s dng cc request cung cp bi mod_proxy[C]: Chain, ch dn server gn lut trc vi lut sau n[R]: Redirect, hng dn Apache a ra mt chuyn hng[NC]: No case, xc nh bt c trng hp no lin quan ti n l v l (Khng th xy ra)[PT]: Pas Through: ch dn mod_rewrite vt qua c ch ghi li URL cho cc x l xa hn[OR]: Or, l c php logic bnh thng (biu thc kt hp ng khi mt trong hai biu thc con ca n ng)[NE]: No Escape: hng dn server lc u ra[NS]: No Subresquest: hng dn server gi ch th nu l mt request con t bn trong[QSA]: gn thm chui truy vn vo cui URL[S=x]: Skip: ch dn server dng li x lut[E=variable:value]: Environment Variale: ch dn server thit lp gi tr ti nguyn[T=MIME-type]: Mime Type: m t loi mime ca ti nguyn ch[]: xc nh mt tp cc k t trong bt c k t no c trong ngoc xut hin s c match[]+: tp cc k t trong bt c kt hp no vi n cng c match[a-z] : match vi tt c cc k t t a-z, theo bng ch ci. C th c thm: [a-zA-Z]a{n}: xc nh s k t s m rng cng vi k t u, tc l khi match c k t u s ly thm bao nhiu k t tip theo. V d: x{3} s ly: xs, xad, a{n,} : nh a{n} nhng c th ly 3 hoc nhiu hna{n,m}: nh a{n} nhng s ly trong khong t n ti m(): nhm cc k t li vi nhau, xem chng nh 1 n v n l^: ghi ch bt u chui regex$: ghi ch kt thc chui regex? : cho php chn la k t.V d: monzas? s match vi monza hocmonzas! : m t mt ph nh, s match vi tt c th g khc vi cc k t sau !. : th hin cho bt c k t n no+: match vi mt hoc nhiu k t*: match vi 0 hoc nhiu k t|: php hoc logic\: thm vo trc cc k t c bit c th s dng chng nh cc k t bnh thng.* : khng c k t no hoc nhiu k t bt k^$: nh ngha mt chui rng^.*$: s dng match mi th[^/.]: nh ngha 1 k t l / hoc .[^/.]+: nh ngha bt c s lng k t no cha / hoc .http://: l mt chui bnh thng^domain.*: nh ngha mt chui bt u vi domain^domain\.com$: xc nh s m rng ca chui domain.com-d: kim tra nu chui l mt directory-f: kim tra nu mt chui l mt file-s: kim tra nu file trong chui kim tra c 1 gi tr khc 0
1.3. M redirect
301 Move permanently302 Move temporarily403 Forbidden404 Not found410 Gone
1.4. Cch s dng .htaccess
To file .htaccess (ch y l tn y , khng phi l phn m rng), tin hnh cc thit lp cu hnh trong file v t trong th mc mong mun thc hin cc cu hnh .
V d:
AuthName "Member's Area Name"AuthUserFile /path/to/password/file/.htpasswdAuthType Basicrequire valid-userErrorDocument 401 /error_pages/401.htmlAddHandler server-parsed .htmlV d trn cu hnh s dng password bo v th mc v chuyn hng ti trang 401.html khi gp li 401.
Ch :
- Upload file .htaccess ch ASCII thay v ch BINARY hay cc ch khc do c ch chuyn d liu cc ch l khc nhau.- Vic cp quyn truy cp, s dng v thc thi file .htaccess c th gy ra li, ci t quyn 755 hoc quyn thc thi vi file- Comment li cc thng tin cu hnh quan trng d dng cho ngi tip qun sau ny hoc cho chnh bn than khi phi cu hnh li hoc khc phc s c no
2. Nhng cu hnh cn thit
2.1. Enable basic rewriting
Server c th khng bt ch mod_rewite mc nh, m bo ch ny c bt, thm vo file .htaccess ti th mc root:# enable basic rewritingRewriteEngine on2.2. Enable Symbolic links
Xem v Symbolic links ti: http://en.wikipedia.org/wiki/Symbolic_link. ch ny hoc ng, tnh nng: AllowOverride Options cn c enable.# enable symbolic linksOptions +FollowSymLinks2.3. Enable AllowOverride
i vi cc ch th cn tnh nng AllowOverride thc thi nh: FollowSymlinks, Khi cn enable tnh nng ny ti mt th mc no , ta thm vo .htaccess (C th cu hnh ti file server p dng ton b):# enable allowoverride privileges
AllowOverride Options
2.4. t tn li file .htaccess
Khng phi mi h thng u thch nh dng .htaccess, c th thay i tn ny (thc hin trn file cu hnh ca server):# rename htaccess filesAccessFileName ht.accessKhi thay i tn file .htaccess, cn cp nht tt c cc cu hnh lin quan. V d: nu bn bo v .htaccess vi FilesMatch, nh dng li file ny (vi .htaccess i thnh: ht.access):# protect renamed htaccess files
Order deny,allowDeny from all
2.5. Gi li cc lut c nh ngha trong httpd.conf
Tit kim thi gian v n lc nh ngha li cc lut lp li cho nhiu host o vi ch 1 file httpd.conf, n gin hn ta cu hnh .htaccess k tha tp lut t httpd.confRewriteOptions Inherit3. Hiu nng3.1. Tng hiu nng thng qua AllowOverride
Vic cu hnh AllowOverride th mc gc, server s phi tm kim tt c cc th mc xem ni no .htaccess tn ti, iu ny lm chm tc x l. hn ch iu ny, disable ch AllowOverride ti th mc gc v bt ln nhng ni cn dng, disable:# increase performance by disabling allowoverrideAllowOverride None3.2. Tng hiu nng bng cch truyn tp cc k t# pass the default character setAddDefaultCharset utf-83.3. Tng hiu nng bi vic bo v bandwidth# preserve bandwidth for PHP enabled servers
php_value zlib.output_compression 16386
3.4. Disable ch k server# disable the server signatureServerSignature Off3.5. Ci t server timezone# set the server timezoneSetEnv TZ America/Washington3.6. t a ch email cho qun tr server
# set the server administrator emailSetEnv SERVER_ADMIN [email protected]
3.7. Tng tc duyt site bng vic enable file caching# cache images and flash content for one month
Header set Cache-Control "max-age=2592000"
# cache text, css, and javascript files for one week
Header set Cache-Control "max-age=604800"
# cache html and htm files for one day
Header set Cache-Control "max-age=43200"
# implement minimal caching during site development
Header set Cache-Control "max-age=5"
# explicitly disable caching for scripts and other dynamic files
Header unset Cache-Control
# alternate method for file cachingExpiresActive OnExpiresDefault A604800 # 1 weekExpiresByType image/x-icon A2419200 # 1 monthExpiresByType application/x-javascript A2419200 # 1 monthExpiresByType text/css A2419200 # 1 monthExpiresByType text/html A300 # 5 minutes# disable caching for scripts and other dynamic files
ExpiresActive Off
* Convert common time intervals into seconds: 300 = 5 minutes 2700 = 45 minutes 3600 = 1 hour 54000 = 15 hours 86400 = 1 day 518400 = 6 days 604800 = 1 week 1814400 = 3 weeks 2419200 = 1 month 26611200 = 11 months 29030400 = 1 year = never expires
3.8. Ci t ngn ng v kiu m ha mc nh
# set the default languageDefaultLanguage en-US# set the default character setAddDefaultCharset UTF-8
3.9. M t MIME
MIME types l tp cc phn m rng ca file, server cn bit tham s ny bit n ang thao tc vi loi file no. S dng AddType thm mt MIME, tham s tip theo l loi MIME v cui cng l phn m rng ca file. V d vi file MP3 hoc SWF:AddType application/x-shockwave-flash swfAddType application/x-shockwave-flash .swfAddType video/x-flv .flvAddType image/x-icon .icoMt s loi file khng cho chy trc tip trn trnh duyt m yu cu download v my, loi MIME cn thit lp l: application/octec-stream
Danh sch cc MIME v loi file tng ng:AddType text/html .html .htmAddType text/plain .txtAddType text/richtext .rtxAddType text/tab-separated-values .tsvAddType text/x-setext .etxAddType text/x-server-parsed-html .shtml .shtAddType application/macbinhex-40 .hqxAddType application/netalivelink .nelAddType application/netalive .netAddType application/news-message-idAddType application/news-transmissionAddType application/octet-stream .bin .exeAddType application/oda .odaAddType application/pdf .pdfAddType application/postscript .ai .eps .psAddType application/remote-printingAddType application/rtf .rtfAddType application/slateAddType application/zip .zipAddType application/x-mif .mifAddType application/witaAddType application/wordperfect5.1AddType application/x-csh .cshAddType application/x-dvi .dviAddType application/x-hdf .hdfAddType application/x-latex .latexAddType application/x-netcdf .nc .cdfAddType application/x-sh .shAddType application/x-tcl .tclAddType application/x-tex .texAddType application/x-texinfo .texinfo .texiAddType application/x-troff .t .tr .roffAddType application/x-troff-man .manAddType application/x-troff-me .meAddType application/x-troff-ms .msAddType application/x-wais-source .srcAddType application/x-bcpio .bcpioAddType application/x-cpio .cpioAddType application/x-gtar .gtarAddType application/x-shar .sharAddType application/x-sv4cpio .sv4cpioAddType application/x-sv4crc .sv4crcAddType application/x-tar .tarAddType application/x-ustar .ustarAddType application/x-director .dcrAddType application/x-director .dirAddType application/x-director .dxrAddType application/x-onlive .sdsAddType application/x-httpd-cgi .cgiAddType image/gif .gif .GIFAddType image/ief .iefAddType image/jpeg .jpeg .jpg .jpe .JPGAddType image/tiff .tiff .tifAddType image/x-cmu-raster .rasAddType image/x-portable-anymap .pnmAddType image/x-portable-bitmap .pbmAddType image/x-portable-graymap .pgmAddType image/x-portable-pixmap .ppmAddType image/x-rgb .rgbAddType image/x-xbitmap .xbmAddType image/x-xpixmap .xpmAddType image/x-xwindowdump .xwdAddType audio/basic .au .sndAddType audio/x-aiff .aif .aiff .aifcAddType audio/x-wav .wavAddType audio/x-pn-realaudio .ramAddType audio/x-midi .midAddType video/mpeg .mpeg .mpg .mpeAddType video/quicktime .qt .movAddType video/x-msvideo .aviAddType video/x-sgi-movie .movieAddType message/external-bodyAddType message/newsAddType message/partialAddType message/rfc822AddType multipart/alternativeAddType multipart/appledoubleAddType multipart/digestAddType multipart/mixedAddType multipart/parallelAddType x-world/x-vrml .wrl3.10. Gi kiu m ha v header khng cn th meta# send the language tag and default character set# AddType 'text/html; charset=UTF-8' htmlAddDefaultCharset UTF-8DefaultLanguage en-US3.11. Gii hn cc request GET v PUT# limit server request methods to GET and PUTOptions -ExecCGI -Indexes -AllRewriteEngine onRewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD) RewriteRule .* - [F]3.12. La chn file x l theo phng thc request ti server# process files according to server request methodScript PUT /cgi-bin/upload.cgiScript GET /cgi-bin/download.cgi3.13. Thc thi mt nh dng file bng 1 cgi script
# execute all png files via png-script.cgiAction image/png /cgi-bin/png-script.cgi
4. Cc cu hnh bo mt
4.1. Ngn cn truy cp file .htaccess
Khi ngi dng c tnh truy nhp file .htaccess s tr v li 403, c nhiu cch cu hnh, c th cu hnh file vi CHMOD l 644 hoc thm on m sau:# secure htaccess file
order allow,denydeny from all
4.2. Ngn cn truy cp ti mt file c bit
chn truy nhp vo mt file c bit no , thm on m sau vo file .htaccess, gi s l file secretfile.jpg# prevent viewing of a specific file
order allow,denydeny from all
4.3. Chn truy cp ti nhiu file
Order Allow,DenyDeny from all
4.4. Chng browse th mc tri php
m bo ngi dng khng c quyn khng th xem ton b trang web di dng Directory listing.# disable directory browsingOptions All IndexesNgc li cho php ngi dng c th xem di dng ny, s dng:# enable directory browsingOptions All +IndexesNgn cn server listing directory:# prevent folder listingIndexIgnore *Ngn cn truy nhp vo cc file c nh dng no , s dng IndexIgnore# prevent display of select file typesIndexIgnore *.wmv *.mp4 *.avi *.etc4.5. Thay i trang index mc nh
C th thay v s dng trang index mt cch mc nh, ta cu hnh cho server nhn mt file khc c chc nng tng t nh file index ( yl business.html)# serve alternate default index pageDirectoryIndex business.htmlHoc cho mt lot file u c th l file index, server s tm kim v a ra file u tin tm c l file index# serve first available alternate default index page from seriesDirectoryIndex filename.html index.cgi index.pl default.htm4.6. Ngy trang cho nh dng script
tng cng tnh bo mt, vic ngy trang cho ngn ng kch bn bng vic thay i phn m rng cng l mt yu t cn xt n:# serve foo files as php filesAddType application/x-httpd-php .foo
# serve foo files as cgi filesAddType application/x-httpd-cgi .foo4.7. Gii hn truy cp ti mng LAN# limit access to local area network
order deny,allowdeny from allallow from 192.168.0.0/33
4.8. Bo v th mc bng a ch IP v/hoc domain
Cu hnh cho php cc truy cp ngoi tr truy cp t a ch: x.y.z.v v t domain.com# allow all except those indicated here
order allow,denyallow from alldeny from x.y.z.vdeny from .*domain\.com.*
Ngc li vi cu hnh bn trn, t chi tt c IP truy cp ngoi tr x.y.z.v v domain.com# deny all except those indicated here
order deny,allowdeny from allallow from x.y.z.vallow from .*domain\.com.*
Ngoi ra, cng c th tit kim bng thng bng cch block mt s nh dng file c bit nh: .jpg, .zip, ,mp3, t cc server ngoi ( y l abc v xyz)# block visitors referred from indicated domains
RewriteEngine onRewriteCond %{HTTP_REFERER} abc\.com [NC,OR]RewriteCond %{HTTP_REFERER} xyz\.com [NC,OR]RewriteRule .* - [F]
4.9. Ngn cn hoc cho php truy cp domain theo di a ch IP
C nhiu phng php block mt di a ch IP bng cch cu hnh .htaccess. Cch thc u tin c th s dng s CIDR (Classess Inter-Domain Routing) ca di IP, cch ny hiu qu block cc mega-spammer nh RIPE, Optinet, # block IP range by CIDR number
order allow,denyallow from alldeny from 10.1.0.0/16deny from 80.0.0/8
cho php bi CIDR:# allow IP range by CIDR number
order deny,allowdeny from allallow from 10.1.0.0/16allow from 80.0.0/8
Mt bin php khc chng ta c th block di IP u vo lin quan ti s truncating cho ti khi di mong mun xut hin# block IP range by address truncation
order allow,denyallow from alldeny from 99.88.77.66deny from 99.88.77.*deny from 99.88.*.*deny from 99.*.*.*
Cho php a ch IP theo cch ny:# allow IP range by address truncation
order deny,allowdeny from allallow from 99.88.77.66allow from 99.88.77.*allow from 99.88.*.*allow from 99.*.*.*
4.10. Chn hoc cho php nhiu a ch trong cng 1 dng
Block:# block two unique IP addressesdeny from 99.88.77.66 11.22.33.44# block three ranges of IP addressesdeny from 99.88 99.88.77 11.22.33Allow:# allow two unique IP addressesallow from 99.88.77.66 11.22.33.44# allow three ranges of IP addressesallow from 99.88 99.88.77 11.22.334.11. Cc lut khc s dng block hay allow a ch IP
C mt s lut khc c th s dng:# block a partial domain via network/netmask valuesdeny from 99.1.0.0/255.255.0.0
# block a single domaindeny from 99.88.77.66
# block domain.com but allow sub.domain.comorder deny,allowdeny from domain.comallow from sub.domain.com4.12. Ngng cc hotlinking, lun chuyn ni dung server
Mc tiu nhm gip cc qun tr vin ngn cn cc website bn ngoi s dng trc tip cc hnh nh, ni dung, link, t website ca mnh. V dng ny lm tn bng thng.S dng ch ny khi kch hot mod_rewrite.# stop hotlinking and serve alternate content
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond %{HTTP_REFERER} !^http://(www\.)?domain\.com/.*$ [NC]RewriteRule .*\.(gif|jpg)$ http://www.domain.com/eatme.jpg [R,NC,L]
chuyn giao mt page li thay v mt s hnh nh nh eatme.jpg nh bn trn, thay dng RewriteRule bng dng:# serve a standard 403 forbidden error pageRewriteRule .*\.(gif|jpg)$ - [F,L] cho php mt domain ngoi c th s dng hotlinking (goodsite chng hn), thm dng cu hnh:# allow linking from the following siteRewriteCond %{HTTP_REFERER} !^http://(www\.)?goodsite\.com/.*$ [NC]4.13. Chn Evil Robots, Site Rippers, v Offline BrowsersRewriteEngine OnRewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:[email protected] [OR]RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]RewriteCond %{HTTP_USER_AGENT} ^ZeusRewriteRule ^.* - [F,L]
Thay v gi mt thng bo thn thin, c th gi li m website:# send em to a hellish website of your choiceRewriteRule ^.*$ http://www.hellish-website.com [R,L]Hoc gi mt blackhold fake email:# send em to a virtual blackhole of fake email addressesRewriteRule ^.*$ http://english-61925045732.spampoison.com [R,L]C th chn theo referrer, y ta chn iaea.org:RewriteCond %{HTTP_REFERER} ^http://www.iaea.org$RewriteRule !^http://[^/.]\.yourdomain\.com.* - [F,L]Mt s cch chn khc:# redirect any request for anything from spamsite to differentspamsiteRewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]RewriteRule .* http://www.differentspamsite.com [R]
# redirect all requests from spamsite to an image of something at differentspamsiteRewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$ [NC]RewriteRule .* http://www.differentspamsite/something.jpg [R]
# redirect traffic from a certain address or range of addresses to another siteRewriteCond %{REMOTE_ADDR} 192.168.10.*RewriteRule .* http://www.differentspamsite.com/index.html [R]4.14. Pass bo v
t password bo v l mt bin php bo v ni dung website v ch cho php ngi dng ni b c th truy nhp ni dung.c h tr bi Apache. Gip gii hn ngi dng trong nhng khu vc khc nhau ca mt website.Khi mt th mc c t password th ton b th mc con v file trong th mc s c t password nh vy.Ni dung file .htaccess th mc cha n c bo v bi mt khu:
username:encryptedpasswordfred_smithCF9Pam/MXJg2
Tham kho trang sau (to password bo v th mc):
http://www.thejackol.com/scripts/htpasswdgen.php# password-protect single file
AuthType BasicAuthName "Prompt"AuthUserFile /home/path/.htpasswdRequire valid-user
# password-protect multiple files
AuthType basicAuthName "Development"AuthUserFile /home/path/.htpasswdRequire valid-user
# password-protect the directory in which this htaccess rule residesAuthType basicAuthName "This directory is protected"AuthUserFile /home/path/.htpasswdAuthGroupFile /dev/nullRequire valid-user
# password-protect directory for every IP except the one specified# place in htaccess file of a directory to protect that entire directoryAuthType BasicAuthName "Personal"AuthUserFile /home/path/.htpasswdRequire valid-userAllow from 99.88.77.66Satisfy Any4.15. T ng t CHMOD cho cc loi file
Cch thc ny m bo t CHMOD cho cc loi file xc nh.# ensure CHMOD settings for specified file types# remember to never set CHMOD 777 unless you know what you are doing# files requiring write access should use CHMOD 766 rather than 777# keep specific file types private by setting their CHMOD to 400chmod .htpasswd files 640chmod .htaccess files 644chmod php files 6004.16. Ngy trang tt c cc nh dng m rng
Ngy trang tt c cc file v coi nh file .php# diguise all file extensions as phpForceType application/x-httpd-phpHoc nh cc nh dng khc. Ngoi ra, c th che giu file php di cc nh dng khc:
SetHandler application/x-httpd-php
4.17. Chng tn cng t chi dch v bng cch gii hn kch thc file upload# protect against DOS attacks by limiting file upload sizeLimitRequestBody 102400004.18. Bo v th mc bng cch disable vic thc thi cc script# secure directory by disabling script executionAddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgiOptions ExecCGI4.19. Yu cu SSL# require SSLSSLOptions +StrictRequireSSLRequireSSLSSLRequire %{HTTP_HOST} eq "domain.tld"ErrorDocument 403 https://domain.tld
# require SSL without mod_sslRewriteCond %{HTTPS} !=on [NC]RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]5. Mt s cu hnh hu ch khc
5.1. Kim tra URL# automatically corect simple speling erors
CheckSpelling On
5.2. Sp xp li trang thng bo li
Cu hnh ny rt hu ch v n a ra li cho ngi truy cp website mt cch thn thin, gip cho ch website hin th cc thng bo li theo cch ring.# serve custom error pagesErrorDocument 400 /errors/400.htmlErrorDocument 401 /errors/401.htmlErrorDocument 403 /errors/403.htmlErrorDocument 404 /errors/404.htmlErrorDocument 500 /errors/500.html5.3. Ch dn cho browser download v my thay v chy trc tip
iu ny hu ch i vi cc file multi media# instruct browser to download multimedia filesAddType application/octet-stream .aviAddType application/octet-stream .mpgAddType application/octet-stream .wmvAddType application/octet-stream .mp3C th p dng vi cc nh dng khc (Xem thm phn: 3.9)5.4. Ch th server hin th m ngun vi mt s file thc thi
Mt s trng hp cn hin th m ngun ca mt file thay v thc thi chng, s dng:RemoveHandler cgi-script .pl .py .cgi
5.5. Redirect ngi dng ti mt site tm thi khi pht trin hoc sa li
Trong qu trnh pht trin, bo tr hay sa cha website, bn khng mun khch hng ving thm, cu hnh di s gip chuyn hng ngi dng ti mt site khc trong khi qun tr vin vn c kh nng truy nhp y (x.x.x.x l IP ca qun tr):# redirect all visitors to alternate site but retain full access for youErrorDocument 403 http://www.alternate-site.comOrder deny,allowDeny from allAllow from x.x.x.x5.6. Chn truy cp ti file hay th mc theo thi gian# prevent access during the midnight hourRewriteCond %{TIME_HOUR} ^12$RewriteRule ^.*$ - [F,L]
# prevent access throughout the afternoonRewriteCond %{TIME_HOUR} ^(12|13|14|15)$RewriteRule ^.*$ - [F,L]
6. Th thut redirect
i vi tt c cc loi redirect s dng mode_rewrite cn enable ch : RewriteEngine.# initialize and enable rewrite engineRewriteEngine on6.1. Redirect t http://www.domain.com sang http://domain.com# permanently redirect from www domain to non-www domainRewriteEngine onOptions +FollowSymLinksRewriteCond %{HTTP_HOST} ^www\.domain\.tld$ [NC]RewriteRule ^(.*)$ http://domain.tld/$1 [R=301,L]6.2. Redirect t mt domain c sang domain mi# redirect from old domain to new domainRewriteEngine OnRewriteRule ^(.*)$ http://www.new-domain.com/$1 [R=301,L]6.3. Redirect String Variations sang mt a ch
Gi s mt request c cha string: some-string, ta s chuyn request ny ti trang: http://some-string.com# redirect any variations of a specific character string to a specific addressRewriteRule ^some-string http://www.some-string.com [R]Mt s phng php khc:# map URL variations to the same directory on the same serverAliasMatch ^/director(y|ies) /www/docs/target
# map URL variations to the same directory on a different serverRedirectMatch ^/[dD]irector(y|ies) http://domain.com6.4. Mt s redirect khc
Redirect mt site u vo vi trng thi 301:# redirect an entire site via 301redirect 301 / http://www.domain.com/Redirect mt file vi trng thi 301:# redirect a specific file via 301redirect 301 /current/currentfile.html http://www.newdomain.com/new/newfile.htmlRedirect mt site qua mt redirect lin tc:# redirect an entire site via permanent redirectRedirect permanent / http://www.domain.com/Redirect mt trang hoc mt th mc vi redirect lin tc:# redirect a page or directoryRedirect permanent old_file.html http://www.new-domain.com/new_file.htmlRedirect permanent /old_directory/ http://www.new-domain.com/new_directory/Redirect mt file s dng RedirectMatch:# redirect a file using RedirectMatchRedirectMatch 301 ^.*$ http://www.domain.com/index.htmlKhi redirect cc file, s dng lut Redirect vi cc file trong cng domain, s dng lut RewriteRule cho bt c domain no. Lut RewriteRule mnh hn lut Redirect.# redirect files directories and domains via RewriteRuleRewriteRule http://old-domain.com/old-file.htmlhttp://new-domain.com/new-file.htmlRewriteRule http://old-domain.com/old-dir/http://new-domain.com/new-dir/RewriteRule http://old-domain.com/http://new-domain.com/6.5. Chuyn khch hng ti mt domain con
Lut ny cho php tt c cc visitor xem page thng qua domain con.# send visitors to a subdomainRewriteCond %{HTTP_HOST} !^$RewriteCond %{HTTP_HOST} !^subdomain\.domain\.com$ [NC]RewriteRule ^/(.*)$ http://subdomain.domain.tld/$1 [L,R=301]6.6. Mt s redirect khc
# rewrite only if the file is not foundRewriteCond %{REQUEST_FILENAME} !-fRewriteRule ^(.+)special\.html?$ cgi-bin/special/special-html/$1
# rewrite only if an image is not foundRewriteCond %{REQUEST_FILENAME} !-fRewriteRule images/special/(.*).gif cgi-bin/special/mkgif?$1
# seo-friendly rewrite rules for various directoriesRewriteRule ^(.*)/aud/(.*)$ $1/audio-files/$2 [L,R=301]RewriteRule ^(.*)/img/(.*)$ $1/image-files/$2 [L,R=301]RewriteRule ^(.*)/fla/(.*)$ $1/flash-files/$2 [L,R=301]RewriteRule ^(.*)/vid/(.*)$ $1/video-files/$2 [L,R=301]
# broswer sniffing via htaccess environmental variablesRewriteCond %{HTTP_USER_AGENT} ^Mozilla.*RewriteRule ^/$ /index-for-mozilla.html [L]RewriteCond %{HTTP_USER_AGENT} ^Lynx.*RewriteRule ^/$ /index-for-lynx.html [L]RewriteRule ^/$ /index-for-all-others.html [L]
# redirect query to Google searchOptions +FollowSymlinksRewriteEngine OnRewriteCond %{REQUEST_URI} .google\.php*RewriteRule ^(.*)$ ^http://www.google.com/search?q=$1 [R,NC,L]
# deny request according to the request methodRewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)$ [NC]RewriteRule ^.*$ - [F]
# redirect uploads to a better placeRewriteCond %{REQUEST_METHOD} ^(PUT|POST)$ [NC]RewriteRule ^(.*)$ /cgi-bin/upload-processor.cgi?p=$1 [L,QSA]
# seo friendly redirect for a single fileRedirect 301 /old-dir/old-file.html http://domain.com/new-dir/new-file.html
# seo friendly redirect for multiple files
# redirects all files in dir directory with first letters xyzRedirectMatch 301 /dir/xyz(.*) http://domain.com/$1
# seo friendly redirect entire site to a different domainRedirect 301 / http://different-domain.com7. Mt s cu hnh khc
7.1. Kch hot SSI
Khi s dng ch SSI, phn m rng cc file trn server phi dng .shtml thay v .html. iu ny gy bt li cho cc website thit lp dng .html, trnh phi chuyn i li nh dng m rng file trn server, to file .htaccess vi ni dung:
AddHandler server-parsed .html
C th thm nhiu dng server chp nhn nhiu nh dng khc nhau.V d:AddHandler server-parsed .htmlAddHandler server-parsed .shtmlAddHandler server-parsed .htm
7.2. Chn truy cp ti cc file include trong file .php
trnh b truy cp ti th mc cha cc file .php, to file .htaccess vi ni dung:## Enable Mod Rewrite, this is only required once in each .htaccess fileRewriteEngine OnRewriteBase /## Test for access to includes directoryRewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /includes/ .*$ [NC]## Test that file requested has php extensionRewriteCond %{REQUEST_FILENAME} ^.+\.php$## Forbid AccessRewriteRule .* - [F,NS,L]
Trong , includes l th mc cha file .php
