The .htaccess file allows you to set configurations for a website without having to change server configuration files. A dot at the top of the file name means that the file is being saved.

The .htaccess file can be created in a text editor, and then uploaded to the site using an FTP client

Note: The name of the .htaccess file does not change the extension or extension.

In addition, updating such a file is also of great importance. The configurations of this file are applied to the entire directory in which the file itself is located, as well as to all its subdirectories.

Features of files.htaccess

Although the .htaccess page is very colorful and can be used to significantly decorate the site, you will need to remember two points.

First of all, this is fluidity. Side.htaccess can slightly reduce server speed; It’s incomprehensible that it’s too bad. This is done through the retouching of the pages: as already mentioned, the .htaccess file is merged onto the pages and subdirectories in its directory. Now, when a page is accessed, the server checks its directory and sets the directory to the same directory that reaches the next directory of the .htaccess file. This process continues until the AllowOverride parameter allows .htaccess files to be corrupted, regardless of whether such files exist on the system.

In other words, it's safe. It is much easier to revoke access to the .htaccess file, just to the basic Apache configuration file, and the changes you make will be activated immediately, without the need to restart the server. Therefore, hackers who have lost the rights to make changes to the .htaccess file can seriously interfere with the server. Any directive entered into htaccess has the same effect as a directive entered directly into the Apache configuration.

How to seal a file.htaccess?

With access to server parameters, you can edit Apache configurations to allow .htaccess files to override standard site configurations. Open the apache2 host configuration file for instructions.

Note: sudo privileges are required at this stage

sudo nano /etc/apache2/sites-available/default

After opening the file, find the next section and change the values ​​of the AllowOverride directive from None to All. The section may look like this:

Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all

Save and close the file, and then restart Apache.

sudo service apache2 restart

gatewayfile.htaccess

As mentioned, the .htaccess file can be created using a text editor, and then uploaded to the site via an FTP client (in which case the .htaccess file does not have to remove additional words or extensions).

Or you can create such a file using an additional terminal; For this purpose, use the next command, replacing the site example.com with the name.

sudo nano /var/www/example.com/.htaccess

Zagalni vypadki vikoristannya.

1. Mod_Rewrite

One of the most valuable aspects of the file. You can edit the .htaccess file to change/change the way the URL and web pages are displayed on the site. Detailed information about how to do this can be found in this post.

2. Authentication

Although the .htaccess file does not have the same rights as the standard apache2.conf configuration file, it can still be modified to make effective changes to protect the site. On the right is that .htaccess allows you to enter a password to access other sections of the web page. Passwords.htaccess are saved in a file at name.htpasswd.

Note: For safety reasons, it is strictly not recommended to save such a file from the catalog site.

In the .htpasswd file you need to specify the names and passwords of all users who are allowed access to the stolen part of the site.

Names and passwords are entered into the file in the form of password_name:encryption_password. For example, if a user named best_user has an awesome password, then this pair can look like “best_user: VtweQU73iyETM”.

Note: skin steam is added to one row File.htpasswd You can mix as many rows as needed.

Having created .htpasswd, enter the appropriate code into .htaccess to activate the authentication function:

AuthUserFile /usr/local/username/safedirectory/.htpasswd
AuthGroupFile /dev/null
AuthName Please Enter Password
AuthType Basic
Require valid-user

Row AuthUserFile This means the path to the .htpasswd file.

Row AuthGroupFile indicates roztashuvannya. htgroup. Currently there is no such file, so delete the /dev/null value.

Row AuthName Enter the text that will appear in the password prompt (you can enter any text).

AuthType Refer to the type of authentication that victors have to verify passwords. Passwords are verified via HTTP; the Basic keyword cannot be changed.

Row Requirevalid-user tell the .htaccess file that the stolen password was shared with a number of people on the site at fault. If you need to indicate a person who has access to restricted parts of the site, instead of the Require valid-user row, the Require user row is selected I'm a koristuvach.

3. Stories of the Koristuvach of Amends

The .htaccess file allows you to create a page of favors for the site. Actions from the most extensive pardons:

• 400 Bad Request
• 401 Authorization Required
• 403 Forbidden Page
• 404 File not Found
• 500 Internal Error

Corruption pages are created in order to make the website pages more friendly and provide more detailed information to the site, below the server's compensation pages for promotions.

For the butt, you can create the side 404 (try creating the same side as the choice).

Once you have created and selected the permissions page, enter its location in the .htaccess file:

ErrorDocument 404 /new404.html

Remember: Apache searches for a 404 page in the root directory of the site. After placing a new 404 page in any subcatalog, do not forget to add this subdirectory to the row, for example:

ErrorDocument 404 /error_pages/new404.html

4. MIME tipi

In cases where the site hosts several files and programs, to display any server without having to configure it, you can add MIME types for the Apache server to the .htaccess file using additional attack code:

AddType audio/mp4a-latm .m4a

Don't forget to replace the file extension program with the MIME type you need to support.

5.SSI

Server Side Includes technology can miraculously save an hour on a website. One of the most extensive ways to use SSI is to update a large number of pages to replace the old block of data, without having to change the skin side of the page (for example, to change the quote at the bottom of the page).

To disable SSI, enter the following code into .htaccess:

AddType text/html .shtml
AddHandler server-parsed.shtml

These rows inform .htaccess that .shtml files are valid, and the other row tells the server to check all files that end in .shtml for the presence of SSI commands.

If there are a lot of .html pages on the server, remember the extensions of .shtml pages, you can use other tactics of checking for SSI commands. For which the XBitHack parameter is used.

Adding this row to the .htaccess file forces Apache to check all html files with special rights for Server Side Includes.

To allow the XBitHack victor site, enter:

chmod +x Story_name.html

Pouches

This user deprives the main functions of the .htaccess page, which, not least, hinders the work with the site. If you have any questions about the capabilities of the .htaccess file, please delete your comment.

Tags: ,

.
The more you develop, the more you begin to learn. I myself, having become a little accustomed to the customized htaccess file, am sharing with you the extensions of such customizations. Tim more, it is not necessary for the skin, who, having created his own resource, learns how to create a site on his own.

This extension will show you how to properly set up htaccess in WordPress, as well as in others, from scratch; How to protect your site from harm and a lot of different problems that can help you adjust your resource. In other words, from start to finish, although not everything is settled yet, it’s really impersonal, but I’ll tell you about what’s most necessary.

For those who have already experienced these adjustments before, you can go directly to the 2nd or 3rd section.

How to create htaccess for a website?

To get started, you need to use a text editor called Notepad++, on the site notepad-plus-plus.org. This editor has improved features: it supports code, supports more file formats. You will need it and in the future, once you get the hang of it, you will have to edit the code, and this editor itself will become your little and special assistant.

Once installed, launch it and click on the menu FILE and select from the menu that appears NEW

Then you need to select the word from the menu Vipravlenya and select from the menu that appears End of row conversion and let's select Convert to UNIX format.

Well, that's all. I forgot to save the entire file. For whom select the menu file, then Save the yak And when a window opens, go to the bottom of the window and enter in the field File name:.htaccess, and in the field File type: select the All types(*.*) row and press the button Save.

The savings file must be backed up together for safety. Because, of course, your wine is completely empty. It is simply necessary to do this so that your site is not hacked. To correctly fill out this file, you can read the following sections of this article.

HOW TO SECURE YOUR SITE FROM Evil With Additional htaccess FILE?

Safety is a central attitude and a guarantee of success.
Having started wonderfully? ... it was not for nothing that I began to describe this word. Bagato і Bagato site is on the evil of the evil of the hacker attacks, the result of the venes (), the prazdnosti site (non -Timchasov) is also the result of stakes about struggle - all the mere, with a rusty, to know the revenue of the resource.

Zalyak? yeah, but there’s no time for heat here.

The htaccess file is an additional file for setting up and configuring your resource. As a rule, it is in the main directory of your resource.

If you do not have such a file, you can create it following the instructions in section 1().

And after creating the htaccess file, it won’t become easier, since you don’t have anything to do with yourself, and it’s not possible, and since you haven’t yet put pressure on the drive of your new device, then I ask you to clarify everything in terms and give an hour to set up Nya.

There can be many such files on your website. You have the right to act on the directory in which you are located, as well as on all subfolders of that directory.

What are the consequences of not customizing the htaccess file? Moreover, through this you can destroy your site and expose it to an uninformed hacker. And in order to get rid of someone, you need to thoroughly fix him.

What are the minimum parameters for the htaccess file?

After creating the site, you may already have such a file and information may be available in the new one. As a rule, you can boot on sites with the WordPress engine().

order allow, deny deny from all satisfy all

The wp-config.php file is stolen

This file contains important parameters for the site, including login and password for the database. By depriving this loophole, you 100% deprive the doors of authority for the evil one.

Allow from 00.00.00.00

Instead of 00.00.00.00 you need to enter your static address.

The wp-content directory is stolen

This catalog contains a lot of necessary information, which should not be squandered, but should be closed. For this you need to create the same .htaccess file or copy it from the main directory of your site and paste this code there (erasing everything from it first). The next file is placed in the wp-content directory of your site.

Which code needs to be protected, since some of them do not open xml or css, then you need to delete the data from the code.

1 2 3 4 5

Order deny,allow Deny from all Allow from all

Order deny,allow Deny from all Allow from all

Protected from malicious scanners and bots

We have proprietary bot programs that automatically surf the Internet and collect information about weak points or introduce malicious code on unprotected sites. To protect yourself from this type of threat, you need to enter this code.

1 2 3 4 5

# BEGIN Bad Bot Blocker #SetEnvIfNoCase User-Agent "Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough| | Crescent | discobot | DittoSpyder | DOC | DotBot | Download Ninja | EasouSpider | EmailCollector | EmailSiphon | EmailWolf | EroCrawler | Exabot | iRobot| IstellaBot|Java/1\.|JennyBot|k2spider|Kenjin Spider|Keyword Density/0\.9|larbin|LexiBot|libWeb|trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin |Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO| \.com|PHP/5\.\(|ProPowerBot/2\.14|ProWebWalker|Python-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot | |Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz/1\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot| VCI|WBSearchBot|Web Downloader/6\.9|Web Image Collector|WebAuto| WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger| Collector\-E|Xenu|yandex|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files" bad_bot Tough |Bullseye|BunnySlippers |Ca\-Crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|Cosmos|Crescent|Discobot| | ExtractorPro | Fasterfox |FeedBooster|Foobot|Genieo|grub\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java/1\.|JennyBot|k2spider|Kenjin Spider|Keyword Density/0 LexiBot|libWeb| libwww|LinkextractorPro|linko|LinkScan/8\.1a Unix|LinkWalker|LNSpiderguy|lwp\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex| |MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\.com|PHP/5\. urllib | QueryN Metasearch | RepoMonkey | RMA | SemrushBot | SeznamBot | SISTRIX | Internetseer\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz/1\.4| |UbiCrawler|UnisterBot|URL Warning|VCI|WBSearchBot|Web Downloader/6\.9|Web Image Collector|WebAuto| wsr\-agent|WWW\-Collector\-E|Xenu|yandex|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files" bad_bot #Deny from env=bad_bot # END Bot Blocker

# BEGIN Bad Bot Blocker #SetEnvIfNoCase User-Agent "Abonti|aggregator|AhrefsBot|asterias|BDCbot|BLEXBot|BuiltBotTough| | Crescent | discobot | DittoSpyder | DOC | DotBot | Download Ninja | EasouSpider | EmailCollector | EmailSiphon | EmailWolf | EroCrawler | Exabot | iRobot| IstellaBot|Java/1\.|JennyBot|k2spider|Kenjin Spider|Keyword Density/0\.9|larbin|LexiBot|libWeb|trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex|Microsoft URL Control|MIIxpc|Mippin |Missigua Locator|Mister PiX|MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO| \.com|PHP/5\.\(|ProPowerBot/2\.14|ProWebWalker|Python-urllib|QueryN Metasearch|RepoMonkey|RMA|SemrushBot | |Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz/1\.4|Teleport|Telesoft|The Intraformant|TheNomad|TightTwatBot| VCI|WBSearchBot|Web Downloader/6\.9|Web Image Collector|WebAuto| WebBandit|WebCopier|WebEnhancer|WebmasterWorldForumBot|WebReaper|WebSauger| Collector\-E|Xenu|yandex|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files" bad_bot Tough |Bullseye|BunnySlippers |Ca\-Crawler|CCBot|Cegbfeieh|CheeseBot|CherryPicker|CopyRightCheck|Cosmos|Crescent|Discobot| | ExtractorPro | Fasterfox |FeedBooster|Foobot|Genieo|grub\-client|Harvest|hloader|httplib|HTTrack|humanlinks|ieautodiscovery|InfoNaviRobot|IstellaBot|Java/1\.|JennyBot|k2spider|Kenjin Spider|Keyword Density/0 LexiBot|libWeb| libwww|LinkextractorPro|linko|LinkScan/8\.1a Unix|LinkWalker|LNSpiderguy|lwp\-trivial|magpie|Mata Hari|MaxPointCrawler|MegaIndex| |MJ12bot|moget|MSIECrawler|NetAnts|NICErsPRO|Niki-Bot|NPBot|Nutch|Offline Explorer|Openfind|panscient\.com|PHP/5\. urllib | QueryN Metasearch | RepoMonkey | RMA | SemrushBot | SeznamBot | SISTRIX | Internetseer\.com|SiteSnagger|SnapPreviewBot|Sogou|SpankBot|spanner|spbot|Spinn3r|suzuran|Szukacz/1\.4| |UbiCrawler|UnisterBot|URL Warning|VCI|WBSearchBot|Web Downloader/6\.9|Web Image Collector|WebAuto| wsr\-agent|WWW\-Collector\-E|Xenu|yandex|Zao|Zeus|ZyBORG|coccoc|Incutio|lmspider|memoryBot|SemrushBot|serf|Unknown|uptime files" bad_bot #Deny from env=bad_bot # END Bot Blocker

We defend the review of the directorate

It is clear that there is no need to review the directory, since you have already taken care of the directory, then you can separate the directory review. Everyone knows the names of directories in WordPress, otherwise you create your own, otherwise you don’t want them to be visible to everyone. This code can be modified for any purpose.

1 2	# directory browsing Options All –Indexes

# directory browsing Options All –Indexes

WordPress Administrator

If you need to create yard access to log in to the WordPress admin panel, you will need to perform the following manipulation steps:
Go to the website htaccesstools.com/htpasswd-generator, a window will open in which you need to enter the username of the account manager, and enter a password (only foldable) in the other row. Do not enter simple passwords like 12345, there is no value to them. Then press the button Create .htpasswd and save the file on your computer.

We place this file at the root of our website. Of course, this is not the best place, the fragments of this place are more open. And I’m thinking, for training purposes, delete it, and then move it to some other directory (don’t forget to enter the correct path to the .htpasswd file).

Then save the current code in the root htaccess file.

Place this file at the root of your site, then go to the new one.

Once you have completed everything required, then when you log into the admin area you will be asked to enter a username and password.

If you enter your name and password, you will be prompted to enter your WordPress admin password, and in order to enter the admin panel, you will need to enter another admin password. Now you should realize that names and passwords need to be easy and there is no need to avoid avoiding these steps of entering data.

This is necessary because the directives in htaccess can be blocked by your hoster and when you test the final option, it will fail, you can roll them back and look at the reason. Well, if you immediately put the file all together, then when the cancellation is issued, you will have to remove everything, or one at a time, to explain the reason. And the copying option has not yet been turned off.

ENHANCING THE htaccess FILE WIDTH

And in this section I will give more extensive training, as you can work inefficiently, so you can drink beer, depending on the reader’s choice.

Redirection of pardon pages.

I will print out the paper by replacing the side of the package. This happens when you open the milking side and it is transferred to the milking side, but who knows the milking 404, and there are also 400, 401, 403, 500, which means There is a massacre of mercy. So, if you transfer the message to such a page, then such pages may not exist, but your provider’s page will simply open, after some client closes the page and you spend that dvіduvacha.

Moreover, if you haven’t specifically created your own side, in which you can put the exit routes in, then you will end up with cheaters. Of course, this will not happen often, otherwise this situation is not very good. Behind the scenes, you can name the pages accordingly, or write down the directions to your pages.

1 2 3 4 5 6

ErrorDocument 400 /errors/br.html ErrorDocument 401 /errors/aureq.html ErrorDocument 403 /errors/fb.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/serv.html #Replace /errors/*.html to the side s pardons

ErrorDocument 400 /errors/br.html ErrorDocument 401 /errors/aureq.html ErrorDocument 403 /errors/fb.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/serv.html #Replace /errors/*.html to the side s pardons

Redirection to 301, 302 pardons.

Or in other words, a redirect with 301 and 302 replies. I remember the following evidence in myself: having changed a number of already indexed pages, and having checked the search engine a couple of days later and seeing all the pages for good measure, then it’s bad. Therefore, it became necessary to create a 301 redirect in htaccess, from the old addresses to the new one, so as not to anger search engines. Well, until then, there will be massacres, it’s up to you to decide. As a result, if the browser goes through the old address, it is redirected to the new one and does not mark the redirect to the site.

Options +FollowSymLinks RewriteEngine on RewriteRule (.*)

Blocking images from your site

It also happens that some sly people take the links of your photos and post them on their website. Then you place the text on your site, and the pictures are on yours, and if the publisher opens their side, they will be drawn to your resource. You, of course, are right, but you can’t stand it, so it’s blocked.

RewriteEngine On RewriteCond %(HTTP_REFERER) !^http://(.+\.)?your-url\.com/ RewriteCond %(HTTP_REFERER) !^$ #You need to change the path to your picture. RewriteRule .*\.(jpe?g|gif|bmp|png)$ /images/noHL.jpg [L]

We glue website mirrors

Search engines want to know exactly what duplicates are on your main site because you don’t want problems, but rather get it done right away. Here the main mirror will be the address www. Adjust the code to the correct version.

RewriteCond %(THE_REQUEST) ^(3,9)\ /index\.html\ HTTP/ RewriteRule ^index\.html$ http://yoursite.ru RewriteCond %(THE_REQUEST) ^(3,9)\ /index\. php\ HTTP/ RewriteRule ^index\.php$ http://yoursite.ru

The client's browser is cached

Based on the name, it is already clear that when visiting the site, the data is saved in the browser, and when visiting the site again, the browser will see the information from the client’s cache, and not retrieve it again from the site. In which case it’s handy, the one who is less interested in the site.

1 2 3 4 5 6 7 8 9 10 11 12

ExpiresByType image/bmp access plus 1 rik ExpiresByType image/png “access plus 1 years”

ExpiresByType image/bmp access plus 1 rik ExpiresByType image/png “access plus 1 years”

Vkazivka koduvannya

Well, WordPress displays normally, that’s how it is, if you don’t know how or what to open your site with, so that it’s useful, then set it.

Allowed PHP to run in the middle of Javascript.

There are times when the code in the middle of the script runs a function.

1 2 3 4 5

AddType application/x-httpd-php .js AddHandler x-httpd-php5 .js SetHandler application/x-httpd-php

AddType application/x-httpd-php .js AddHandler x-httpd-php5 .js SetHandler application/x-httpd-php

It is clear that I have brought up only a tiny part of this article, but the term is unnecessary, and for this reason it is possible to ask for additional input. I hope you got something for yourself here that you want to use. How can you vikorize plugins, but, in my opinion, if you have the choice not to vikorist them, then rather not to vandalize your resource.

If you have food, then write in the comments of someone who does and does not work.

May you set up htaccess correctly!

Similar posts

Good morning to the lovers of Vivcha, welcome to the new girl! Today’s article will definitely hit you hard. I'll show you how to create the .htaccess file. For those who want to know a little about this file, understand how important it is to know its operating principles and be aware of its use in clear web supplements.

Therefore, in the publication you will find theoretical material, you will find out where and why to become a vikorist. Now let's get to work!

Why is .htaccess so special?

Professional web developers use the same file to configure the basic parameters of web services. Why? Moreover, it is a useful tool for installing additional configuration on different servers (Denwer, Apache and others).

This will help you process all sorts of requests, organize redirects (redirecting to others for specified messages), steal copyright data, speed up the time of page acquisition, protect the content of various scripts, designate start pages for The html site has a lot of other things.

. htaccess It's easy to make adjustments to the server locally. In such cases, you may be warned that you do not have administrator rights for the selected server. All prescribed rules for the file will apply only to the directories and subdirectories of the project. With such documents there may be a decal.

Never mind this is trivial, but still, for the sake of saving possible nutrition, I want to add that .htaccess functions perfectly in any operating system. You can create a configuration file via any computer. For example, Windows has “Notepad”, Mac OS has “TextEdit”, Ubuntu has “Gedit”, etc.

How can you create a miracle configuration file?

It's true. htaccess is easy to create. I changed the order of the steps and lowered them. Do not rush to operate the commands on your own, but first of all, carefully complete your actions in order. Please note from the editor, the name may vary somewhat.

Important commands

We have come to the end! By the Pershochergovy rule, yak varto prescribe, ce coded. For whom is there such a series:

AddDefaultCharset UTF-8

If you need to specify another encoding option, insert the name instead of UTF-8.

Another super-command is this redirect. Zavdyaki.htaccess can be easily and quickly installed redirect 301, which allows you to redirect users to other messages, merge domain names regardless of whether it is www or not.

So the next step is to send the code to send customers to the site coolWeb.com regardless of whether it is www or not, as well as whether the start page (coolWeb.com/index.html) or not is included in the submitted address.

RewriteEngine on RewriteCond %( HTTP_REFERER)! ^$ RewriteCond %( HTTP_REFERER)! ^http://(www\.)? coolWeb.com /.*$RewriteRule\. (gif|jpg|js|css)$ - [F]

After the end of these rules, you will not be able to display notices about the cancellation on other sites (403).

Suitability of pouches

As you may have noticed, writing commands in .htaccess files is subject to the same rules as regular viruses. Past publications have revealed the basics of this approach. However, it takes a few hours to complete complex commands.

To make life easier for developers, an online code generator for such configuration documents has been created. Like a butt, you can familiarize yourself with the site http://htaccess.ru/generator/. The generated rules can be used to customize sites written on engines. This way they can be used for WordPress, OpenCard, Joomla! and others.

I trust that you were honored with the material I contributed. I am waiting for your requests for advance payment. Be sure to share your messages on my blog with your friends. Boo!

With respect, Roman Chueshov

• Tutorial

Google ranks sites that are more likely to attract more attention. - If on eBay or Amazone you increase the time of browsing sites by 9%, they spend 1% of the profit. - Build your website faster to save on client traffic and reduce the cost to the server.

.htaccess is our hero

Fahivtsi know what htaccess is.
Tim who is going to join people.ru for php hosting will only have to find out what it is.
Those who have installed their first jooml or wordpress are responsible for learning about our hero - htaccess

What about us.htaccess?

Find out that you have bought your own hosting and hope that happiness has arrived. All of a sudden (or maybe two or three times) your site stops responding to requests. They begin to become quite pretentious and behave strangely. And virtual hosting is such a tricky thing that besides your site, there are two dozen other sites on your server. All the differences are due to effort, organization and traffic. And if your partner, by chance, or perhaps intentionally, launches complex and complex script algorithms on their hosting, this affects you.

Or a different butt. Let’s say your resource is starting to gain popularity, but it’s too early to move to a new server, and VPS demand is no longer available. You can use htaccess.

And htaccess can also provide nutritional security to your site.

I want the perfect .htaccess!

There is a lot of different super-sensitive information available on the Internet using wiki.htaccess. I had the opportunity to experiment for a long time and tediously in order to understand what is true and what is evil. In most cases, the authors of their blogs forget to remember that the work of great minds requires one or another Apache module.
Meanwhile, drain the drain, an hour before serving. Let's try to create something as perfect as possible.

1. The first row sets the main options:

It is very easy to change the options manually if you do not have access to configure Apache or configure Apache for different sites on the same server.

-ExecCGI blocks the launch of CGI scripts. It is better to allow this for specific folders. Improve safety.
The -Indexes option disables displaying instead of directories if they do not contain an index file. On virtual hosting, it’s included for payment. By changing the minus to plus +Indexes, you can also allow browsing instead of the directory (or directories).
The -Includes option disables SSI. If you don’t know what it is, block it (You can Yandex(!) to ask Server Side Include if you want to know more about it). You can use the IncludesNOEXEC option to allow SSI to be used without running scripts.
The +FollowSymLinks option allows you to add symbolic links to files or directories that are not located within the root of your site.

Note

You can configure htaccess with different parameters for different directories. At the root of the site you can add -Indexes, and in selected directories, create another .htaccess file and add +Indexes in the new one. Keep in mind that the htaccess option will crawl down the directory tree to the largest entry, the documents will not be touched by another htaccess.

It is necessary to completely override all options of child.htaccess as they do not change. It is enough to indicate (re-recognize) those options and directives that change. Other options are also subject to change.

butt

Let's say you have the following path /site/folder_one/subfolder/other/
In the /site/.htaccess file you specify:
Options -Indexes Allow from all
In the /site/folder_one/.htaccess file you specify:
Deny from all
In the file /site/folder_one/subfolder/.htaccess you specify:
Options +Indexes Allow from all
Enter axis:
The site will display files of any kind, as only people can quickly access them. Or an index file, which is not explicitly subdivided into one of the files. 403 strikes were removed from the index file.
Access to the folder_one folder is denied. You need to know the name of the file and type it in the address bar on your server and turn it back to 403.
The subfolder folder is allowed for storage behind a direct address, or if there is an index file, show it instead of a directory. These rights are extended to other folders.
If you take the htaccess file from the folder_one folder, you will lose rights to Father's site.

2. A little bit of SEO (no matter what)

Obov'yazkovo don't forget about intelligence . If you don’t show up with the hoster of this module, your site will see the 500th mileage. Denmark specific module must be included in the Apache folding process. Well, let’s start... Hosters and their administrators are intensified.

This part has more value for SEO. The rewrite module, as its name suggests, deals with redirections (hello to Kep).

For this part of the file, we have specified two gluings: we have glued your site and www.your_site. If you are a correspondent, type your site without WWW and transfer it with a 301 redirect to www.your_site.
And we also asked /index.php in a row. Yakshcho koristuvach type www.your_site/index.php, yogo perekine (znov 301 rederiktom) on www.your_site.
Now search engines will not get confused between www and will not duplicate the head page in the indexing results of your site. We google SEO domain gluing because you don’t understand why this is necessary.

3. Who is dad's boss?

Since you have files index.html and index.php (I don’t know why and who needs this, but I’ve done this more than once), then how can you tell the server which of them has the greater index?

DirectoryIndex index.php
You can also enter there, say, roosso.php, and then type in the address of site.blah/blah/blah/ and you will get not index, but roosso

4. More tweaking...

SetEnv TZ Europe/Moscow ServerSignature Off AddDefaultCharset UTF-8
The first row sets the time zone. For example, in Apache 2.22.22 there was a bug associated with this option. The clock functions in php did not work, the docks did not set the time zone.

The other row is the server signature. They have been downloaded more than once on any system sites such as the 500th payment or the 403rd. Call there for technical information and webmaster mail. I wish to collect data from such friends about the software on the server. Colleagues who are paranoid do not support me.

Guess what to do with the third row?

5. If there is no access to php.ini

For additional help .htaccess we can also set up PHP next. On shared hosting, as a rule, there is no possibility to change the settings of php.ini. Most of the time nothing more is needed. However, there are still a number of control options that we can use. For example, increase the file import limit or the transfer limit using this POST method.

The first row allows you to encrypt files up to 32 megabytes in size. For promotional purposes, php has a value of 8 or 16 megabytes.
In another row, posting up to 10 megabytes is allowed. For promotional items, the price is 2 Megabytes.
The third row places the coding behind your scripts. In essence, this duplicates the row: “AddDefaultCharset UTF-8”. But I often go as far as installing the code myself via PHP.
In the fourth row, you can change the time limit for seeing the script. When you’re done washing, call for 30 seconds. However, it takes more than an hour to finish any folding pieces.

6. File types. The closeness of hands and the thirsty shahrai.

In my practice, it happened a number of times that after some update by the software provider, file types were deleted. I want this rarely. For 10 rocks, or two attacks. Otherwise, I would need to convert HTML into PHP. Sometimes you need to learn how to separate file types that are unknown to you. (How Apache appeared is little known from rare file types.) In such a situation, we believe the attack code:

AddHandler application/x-httpd-php .html AddHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi AddType application/x-javascript .js AddType text/css .css AddType text/xml .xml AddType application/octet-stream .doc .mov .avi .pdf .xls # ForceType application/x-httpd-php

The first row is to allow our php files to expand to html, but not to use php. Korisno is in a lot of troubles. And in the good old days, when jokers indexed CNC more beautifully, such a series always came to the rescue.
We can re-identify, add and replace whatever file types we are manually allowed to do.

Great trick

Before speaking, you can easily write the following line:

AddHandler application/x-httpd-php .i
Then rename all your files, changing the extension to .i (without forgetting about the message) and the addresses of the files on your site will be site.my/index.php?uri and site.my/index.i?uri

For example, I'm writing
AddHandler application/x-httpd-php .roosso
And I create a file alex.roosso in the root of my site and the basic php code in the middle. Here's a little story about me. І in the address row you will see something like www.black-web.ru/alex.roosso (the effort was made more robotically, you may wonder why this is so).

Another row indicates how file extensions can be configured like CGI scripts.

The third, fourth and fifth rows, in each case, specify the mm-type of files with separate content css, js, xml. Do not confuse the header assignments for the server's input to the request, as described in the first two rows.

The sixth row of the series is required if your site has content that is downloaded for clients. If you add this series, then when you download these files, you will want to download them to your computer, and not just like in today's browsers, a bunch of plug-ins that run in the browser.

I commented out seven rows. In a primus-friendly order, run all files from your server as php. It’s better to vikorista in other folders, for consumption.

7. Older children know that archives are less important...

It’s great if your stories get more attention. That's why people wanted to archive files. And then they thought and realized that it was possible to archive both pages on websites and pictures. Moreover, it is not worthwhile for the customer to work, but it is essential to reduce traffic and speed up the attraction of pages. The charming words lulled, now let’s discuss how to earn money.

Apache has two compression modules. The problem is not with standard modules, which may not necessarily be available from your provider. Well, as practice has shown, 99% of providers have one of them. The biggest expansion is mod_deflate. To help compress all the content on your site, add the following lines to .htaccess:

As you know, we are responsible for changing the mime type of files, as this could lead to compression. Here you can add videos and pictures, but it won’t be enough. Because jpeg and gif are themselves simple formats. Same as avi chi flv. You practically gain nothing by entering them.

Another less popular module is mod_gzip; to enable compression, add the following rows:

This module can be used with masks, which is definitely a great plus. The syntax of the new one is much greater than that of the previous one. Ale vikoristovuyut yogo rіdshe. But I don’t dare judge by the squeeze which module is the best. I didn’t notice any significant difference during the testing period.

8. Can I also have shvidsha?

It is possible, perhaps. How to cache pages. Keshuvannaya has both pros and cons, so you can prepare for the nutrition you require. For a dynamically updated site of 2-3 hvilini, for example a popular forum, it is necessary to ensure that the correspondent is responsible for providing up-to-date information. However, any website has content that is less static. For example, the same pictures, or style files. Therefore, we need to cache different things together on the site in a different way. In HTML markup we can change meta tags from time to time. І through php we can set server output headers. You will be deprived of food, because of css, js, image etc. etc.

Two modules can help us: mod_headers and mod_expires, which can set headers in the server output and tell your browser what and how to cache. One of the modules will need to be installed by the provider, but if you have a module that is not included in the standard version of Apache, no one will give you a 100% guarantee. So again, in order to complete the 500th meal, I order a wash for the skin modules.

#Vimknuti keshuvannya
The axis is the syntax of mod_headers. I think it’s clear from the comments what’s up.
In this section I have enabled caching of php files. Although, in my opinion, the short one-hour cache interval will not harm them. 5-30 seconds, over an hour interval, during which little changes. And a lot of people love to use the back key (turn back). In order not to encroach on their side and get them from the cache, a reasonable cache interval is still reasonable.

In the other section, where mod_expires are processed, I do it the same way - for php I set a small cache interval.

9. Rules for an attentive tone...

In the process of modernizing our website, we often lose track of messages that lead to pages that we have deleted. Sometimes such messages come from other sites or search engines. In order not to waste your money in a polite tone, you should use mother’s hand for different types of treats. Inclusive with server allowances. For example, the standard information about the 500th death is even more boring and frowning, and it’s unlikely that the correspondent needs to show your page again. There are also some tricks in htaccess that you can use to make this page seem welcoming.

# Bad Rquest ErrorDocument 400 /400.html # Authorization Required ErrorDocument 401 /401.html # Forbidden ErrorDocument 403 /403.html # Not found ErrorDocument 404 /404.html # Method Not Allowed ErrorDocument 408 /408.html # Request URI Too Long ErrorDocument 414 /414.html # Internal Server Error ErrorDocument 500 /500.html # Not Implemented ErrorDocument 501 /501.html # Bad Gateway ErrorDocument 502 /502.html 503.html # Gateway Timeout ErrorDocument 504 /504.html
For 400 requests, you can create vikorist and dynamic pages in php. And the axis for 500 is better than working on html and js. This part of the allowances is connected with the server allowances (in most cases) and php or cgi does not work in such a situation.

If you are too lazy to work on so many pages, install the side page on the head page of your site or on the site map.

Everything you do is for the people. The joke robots don’t give a damn about your favors. They will send out a server message with a pardon code and block your page from searches. So take it seriously, it’s not a panacea. It is more important to respect your audience and the image of your website.

10. Adding a pouch

Those in the know understand that not everything is described in this article. I'm barely scratching the surface of the iceberg here. Indeed, the possibilities of .htaccess are much wider, as described below in the article. Ale I’m not able to translate the manual using htaccess in Russian language. That's why I want to create a small skeleton of the .htaccess file for those who are just starting to use this food, in order to save their time searching for information at a time.

As a result of these manipulations, we are obliged to remove the offensive file:

Options All -ExecCGI -Indexes -Includes +FollowSymLinks RewriteEngine on RewriteBase / RewriteCond %(HTTP_HOST) ^black-web RewriteRule (.*) http://www.black-web.ru/$1 RewriteCond %(THE_REQUEST) ^(3,9)\ /index\.php\ HTTP / RewriteRule ^index\.php$ http://www.black-web.ru/ DirectoryIndex index.php SetEnv TZ Europe/Moscow ServerSignature Off #AddDefaultCharset UTF-8 php_value upload_max_filesize 32M php_value post_max_size 10M php_value default_charset utf-8 php_value max_execution_time 200 AddHandler application/x-httpd-php .html AddHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi AddType application/x-javascript .js AddType text/css .css AddType text/xml .xml AddType application/octet-stream .doc .mov .avi .pdf .xls # ForceType application/x-httpd-php AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include mime ^text\.* mod_gzip_item_include mime ^application/x-ja mod_gzip_item_exclude rspheader^ Content-Encoding:.*gzip. * #keshuvati html and htm files for one day Header set Cache-Control "max-age=43200"#cash css, javascript and text files for one week Header set Cache-Control "max-age=604800"#keshuvati flash images for the month Header set Cache-Control "max-age=2592000"#Vimknuti keshuvannya Header unset Cache-Control ExpiresActive On #cash cache in 5 seconds ExpiresDefault "access plus 5 seconds" #cash flash and images for a month ExpiresByType access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" ExpiresByType text/javascript "access plus 604800 seconds" ExpiresByType application/javascript "access plus 604800 seconds" ExpiresByType application/x-javascript "access plus 604800 seconds" #keshuvannya " #keshuvati xml files for ten hvilins ExpiresByType application/xhtml+ xml "access plus 600 seconds"# Bad Rquest ErrorDocument 400 /400.html # Authorization Required ErrorDocument 401 /401.html # Forbidden ErrorDocument 403 /403.html # Not found ErrorDocument 404 /404.html # Method Not Allowed ErrorDocument 408 /408.html # Request URI Too Long ErrorDocument 414 /414.html # Internal Server Error ErrorDocument 500 /500.html # Not Implemented ErrorDocument 501 /501.html # Bad Gateway ErrorDocument 502 /502.html 503.html # Gateway Timeout ErrorDocument 504 /504.html

11. Pislyamova.

I tried not to rush into the written article and did as much as possible. But still, here I could make some mistakes in spelling and punctuation. I ask you not to be strachuvati, but to be merciful. It would be better to write in a personal message, so that I can correct the amends.

And finally for those who like to experiment with a number of rows.htaccess. I judge from my own knowledge that practical knowledge is acquired better than theory.

Server Apache(Which contains the majority of sites) it may be useful to set server configuration songs for a specific directory (for example, for one site). This file is called .htaccess. However, create it in Windows systems It just doesn't work out that way. This statistic is helpful to newcomers, How to create .htaccess on Windows.

The peculiarity of a file is that it does not have a name and does not have an extension. This is the norm for Unix systems, ale in Windows This is completely normal. Otje, order of actions for the creation. offensive:

1. Open the text editor ( Notepad++ or else it’s urgent Notebook).
2. On the menu " File"vibrati" Save the yak".
3. Have the list File type"vibrati" All files".
4. Enter your name " .htaccess(Zumilo, without paws).
5. Press the button " Save".

I'll add more for beginners. This file requires specific coding for the site. Yakshcho tse UTF-8:

AddDefaultCharset UTF-8

Yakshcho tse windows-1251:

AddDefaultCharset CP1251

Next, this file needs to be placed in the root of the site where it is located index file(as a rule, this index.html or else index.php). Having written about this, a large number of newcomers are having problems with coding on the site for this very reason.