htaccess

En lightning talk av Morten Bergset

Hva er .htaccess

• det er en fil en kan overstyre det som Apache i httpd.conf tillater

• endringen gjelder i den mappen .htaccess filen er lagret, og underliggende mapper

• med veldig lite kode kan man gjøre store endringer!

Error dokumenter

ErrorDocument 400 /errors/badrequest.html

ErrorDocument 401 /errors/authreqd.html

ErrorDocument 403 /errors/forbid.html

ErrorDocument 404 /errors/notfound.html

ErrorDocument 500 /errors/serverr.html

Passord beskytte fil/mappe

AuthUserFile /usr/local/you/safedir/.htpasswd

AuthGroupFile /dev/null

AuthName EnterPassword

AuthType Basic

require user valid-user

Blokkere besøk på IP

order allow,deny

deny from 123.45.6.7

allow from all

.html som .php

AddHandler application/x-httpd-php .html

Security through obscurity…

Redirect vs RewriteRule

• Redirect er nesten samme som RewriteRule

• Redirect er enkel

• RewriteRule er kraftig (regex)

Redirects

# Ny url på en mappe: Redirect /old /new

# Redirecte hele website til ny url (301=permanent) Redirect 301 / http://test.com/

# Ny url på fil:Redirect /dir/oldfile.php /newfile.php

RewriteRules

Example:RewriteRule ^dir/([0-9]+)/?$ /index.php?id=$1 [L]

Pattern: ^dir/([0-9]+) /?$Rewrite: /index.php?id=$1 Command Flag: [L]

Betingelser# Turn on the rewrite engine RewriteEngine on

# If the request doesn't end in .php, continue processing rules RewriteCond %{REQUEST_URI} !\.php$ [NC]

# If the request doesn't end in a slash continue processing the rulesRewriteCond %{REQUEST_URI} [^/]$

# Rewrite the request with a .php extension. L means this is the 'Last' ruleRewriteRule ^(.*)$ $1.php [L]

Redirect http til https

RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://sub.profundo.no/$1 [R,L]

Få den siste delen av url som parameter

RewriteEngine On RewriteRule ^(\w+)$ ./index.php?id=$1

————————————————————————————————————————————-

I PHP kode:

<?= $_GET["id"] ?>

Slippe å ha .php i url

Options MultiViews

Vise innhold i annen folder uten å gå til annen URL

Options +FollowSymLinks -MultiViews

RewriteEngine On

RewriteBase /

RewriteRule ^kunde$ /kunde/ [QSA,L,R=301,NC]

RewriteRule ^kunde?(.*)$ /app/$1 [QSA,L,NC]

Fjerne www i URL

RewriteEngine On

RewriteCond %{HTTP_HOST} !^your-site.com$ [NC]

RewriteRule ^(.*)$ https://your-site.com/$1 [L,R=301]

Dette bruker jeg i mitt MVC prosjekt hjemme

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f

RewriteRule ^(.*)$ index.php?route=$1 [L,NC,QSA]

Alle requester går via index.php, unntatt filer som er tilgjengelig i public folder

AddDefaultCharset utf-8 AddCharset utf-8 .html .css .php .txt .js RewriteEngine On RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php

Flagg

• QSA = preserve existing query parameters (query string append)

• L = last rule

• R = force redirect

• NC = no case, case-insensitive

Tvinge download av filterer

<Files *.xls>

ForceType application/octet-stream

Header set Content-Disposition attachment

</Files>

Hindre tilgang i en mappe

deny from all

eller

order deny,allowdeny from allallow from xxx.xxx.xxx.xxx

Hindre tilgang til filer

<FilesMatch ".(htaccess|htpasswd|ini|fla|psd|log|sh)$"> Order Allow,DenyDeny from all </FilesMatch>

Legg til/endre MIME types

# audioAddType audio/ogg oga ogg

# videoAddType video/ogg ogv

Directory listing

# liste opp filerOptions +Indexes

# liste opp alle unntatt gif og jpg IndexIgnore *.gif *.jpg

# IKKE liste opp filer Options -Indexes

Optimalisere statiske filer

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript

BrowserMatch ^Mozilla/4 gzip-only-text/html

BrowserMatch ^Mozilla/4.0[678] no-gzip

BrowserMatch bMSIE !no-gzip !gzip-only-text/html

Browser caching <IfModule mod_expires.c> ExpiresActive On ExpiresByType image/jpg "access 1 year" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType text/css "access 1 month" ExpiresByType application/pdf "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" ExpiresDefault "access 2 days" </IfModule>

Automatisk UTF-8 charset på filer

<FilesMatch "\.(htm|html|css|js)$">

AddDefaultCharset UTF-8

</FilesMatch>

Hindre robot indeksering

Header set X-Robots-Tag "noindex, noarchive, nosnippet"

Sette caching av filer: optimalisering

<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$">

Header set Cache-Control "max-age=28800"

</FilesMatch>

Maintenance page

RewriteCond %{REMOTE_ADDR} !your_ip_address

RewriteCond %{REMOTE_ADDR} !127.0.0.1

RewriteRule !offline.php$ http://www.example.com/back_soon.html [L,R=307]

Logge PHP errors

# display no errs to user php_flag display_startup_errors offphp_flag display_errors off php_flag html_errors off

# log to filephp_flag log_errors onphp_value error_log /location/to/php_error.log

Compress output: GZIP<IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include handler ^cgi-script$ mod_gzip_item_include mime ^text/.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image/.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*</IfModule>

Shorter URLs

Options +FollowSymlinks

RewriteEngine on

RewriteRule ^files/(.+)/(.+).zip download.php?type=$1&file=$2 [nc]

Laravel sin .htaccess

Joomla og htaccess