Mt s cu hnh trn file .htaccess1. .htaccess l g?
1.1. .htaccess l g
.htaccess l mt file cu hnh s dng cho cc web server chy Apache.
.htaccess dng thit lp cc ty chn: thc thi hay loi b cc chc nng, tnh
nng ca Apache
1.2. ngha k hiu nh ngha trong .htaccess
# : cho php server b qua dng ny[F] : Forbidden, hng dn server tr
v li 403 cho client[L] : Last rule, hng dn server ngng ghi li sau
khi mt ch th c x l[N] : Next, ch dn cho Apache tr v lut rewrite cho
ti khi tt c cc ch th rewrite c hon tt.[G]: Gone, ch dn server chuyn
thng ip Gone[P]: Proxy, ch dn server s dng cc request cung cp bi
mod_proxy[C]: Chain, ch dn server gn lut trc vi lut sau n[R]:
Redirect, hng dn Apache a ra mt chuyn hng[NC]: No case, xc nh bt c
trng hp no lin quan ti n l v l (Khng th xy ra)[PT]: Pas Through: ch
dn mod_rewrite vt qua c ch ghi li URL cho cc x l xa hn[OR]: Or, l c
php logic bnh thng (biu thc kt hp ng khi mt trong hai biu thc con
ca n ng)[NE]: No Escape: hng dn server lc u ra[NS]: No Subresquest:
hng dn server gi ch th nu l mt request con t bn trong[QSA]: gn thm
chui truy vn vo cui URL[S=x]: Skip: ch dn server dng li x
lut[E=variable:value]: Environment Variale: ch dn server thit lp gi
tr ti nguyn[T=MIME-type]: Mime Type: m t loi mime ca ti nguyn ch[]:
xc nh mt tp cc k t trong bt c k t no c trong ngoc xut hin s c
match[]+: tp cc k t trong bt c kt hp no vi n cng c match[a-z] :
match vi tt c cc k t t a-z, theo bng ch ci. C th c thm:
[a-zA-Z]a{n}: xc nh s k t s m rng cng vi k t u, tc l khi match c k
t u s ly thm bao nhiu k t tip theo. V d: x{3} s ly: xs, xad, a{n,}
: nh a{n} nhng c th ly 3 hoc nhiu hna{n,m}: nh a{n} nhng s ly trong
khong t n ti m(): nhm cc k t li vi nhau, xem chng nh 1 n v n l^:
ghi ch bt u chui regex$: ghi ch kt thc chui regex? : cho php chn la
k t.V d: monzas? s match vi monza hocmonzas! : m t mt ph nh, s
match vi tt c th g khc vi cc k t sau !. : th hin cho bt c k t n
no+: match vi mt hoc nhiu k t*: match vi 0 hoc nhiu k t|: php hoc
logic\: thm vo trc cc k t c bit c th s dng chng nh cc k t bnh
thng.* : khng c k t no hoc nhiu k t bt k^$: nh ngha mt chui
rng^.*$: s dng match mi th[^/.]: nh ngha 1 k t l / hoc .[^/.]+: nh
ngha bt c s lng k t no cha / hoc .http://: l mt chui bnh
thng^domain.*: nh ngha mt chui bt u vi domain^domain\.com$: xc nh s
m rng ca chui domain.com-d: kim tra nu chui l mt directory-f: kim
tra nu mt chui l mt file-s: kim tra nu file trong chui kim tra c 1
gi tr khc 0
1.3. M redirect
301 Move permanently302 Move temporarily403 Forbidden404 Not
found410 Gone
1.4. Cch s dng .htaccess
To file .htaccess (ch y l tn y , khng phi l phn m rng), tin hnh
cc thit lp cu hnh trong file v t trong th mc mong mun thc hin cc cu
hnh .
V d:
AuthName "Member's Area Name"AuthUserFile
/path/to/password/file/.htpasswdAuthType Basicrequire
valid-userErrorDocument 401 /error_pages/401.htmlAddHandler
server-parsed .htmlV d trn cu hnh s dng password bo v th mc v chuyn
hng ti trang 401.html khi gp li 401.
Ch :
- Upload file .htaccess ch ASCII thay v ch BINARY hay cc ch khc
do c ch chuyn d liu cc ch l khc nhau.- Vic cp quyn truy cp, s dng v
thc thi file .htaccess c th gy ra li, ci t quyn 755 hoc quyn thc
thi vi file- Comment li cc thng tin cu hnh quan trng d dng cho ngi
tip qun sau ny hoc cho chnh bn than khi phi cu hnh li hoc khc phc s
c no
2. Nhng cu hnh cn thit
2.1. Enable basic rewriting
Server c th khng bt ch mod_rewite mc nh, m bo ch ny c bt, thm vo
file .htaccess ti th mc root:# enable basic rewritingRewriteEngine
on2.2. Enable Symbolic links
Xem v Symbolic links ti:
http://en.wikipedia.org/wiki/Symbolic_link. ch ny hoc ng, tnh nng:
AllowOverride Options cn c enable.# enable symbolic linksOptions
+FollowSymLinks2.3. Enable AllowOverride
i vi cc ch th cn tnh nng AllowOverride thc thi nh:
FollowSymlinks, Khi cn enable tnh nng ny ti mt th mc no , ta thm vo
.htaccess (C th cu hnh ti file server p dng ton b):# enable
allowoverride privileges
AllowOverride Options
2.4. t tn li file .htaccess
Khng phi mi h thng u thch nh dng .htaccess, c th thay i tn ny
(thc hin trn file cu hnh ca server):# rename htaccess
filesAccessFileName ht.accessKhi thay i tn file .htaccess, cn cp
nht tt c cc cu hnh lin quan. V d: nu bn bo v .htaccess vi
FilesMatch, nh dng li file ny (vi .htaccess i thnh: ht.access):#
protect renamed htaccess files
Order deny,allowDeny from all
2.5. Gi li cc lut c nh ngha trong httpd.conf
Tit kim thi gian v n lc nh ngha li cc lut lp li cho nhiu host o
vi ch 1 file httpd.conf, n gin hn ta cu hnh .htaccess k tha tp lut
t httpd.confRewriteOptions Inherit3. Hiu nng3.1. Tng hiu nng thng
qua AllowOverride
Vic cu hnh AllowOverride th mc gc, server s phi tm kim tt c cc
th mc xem ni no .htaccess tn ti, iu ny lm chm tc x l. hn ch iu ny,
disable ch AllowOverride ti th mc gc v bt ln nhng ni cn dng,
disable:# increase performance by disabling
allowoverrideAllowOverride None3.2. Tng hiu nng bng cch truyn tp cc
k t# pass the default character setAddDefaultCharset utf-83.3. Tng
hiu nng bi vic bo v bandwidth# preserve bandwidth for PHP enabled
servers
php_value zlib.output_compression 16386
3.4. Disable ch k server# disable the server
signatureServerSignature Off3.5. Ci t server timezone# set the
server timezoneSetEnv TZ America/Washington3.6. t a ch email cho
qun tr server
# set the server administrator emailSetEnv SERVER_ADMIN
[email protected]
3.7. Tng tc duyt site bng vic enable file caching# cache images
and flash content for one month
Header set Cache-Control "max-age=2592000"
# cache text, css, and javascript files for one week
Header set Cache-Control "max-age=604800"
# cache html and htm files for one day
Header set Cache-Control "max-age=43200"
# implement minimal caching during site development
Header set Cache-Control "max-age=5"
# explicitly disable caching for scripts and other dynamic
files
Header unset Cache-Control
# alternate method for file cachingExpiresActive
OnExpiresDefault A604800 # 1 weekExpiresByType image/x-icon
A2419200 # 1 monthExpiresByType application/x-javascript A2419200 #
1 monthExpiresByType text/css A2419200 # 1 monthExpiresByType
text/html A300 # 5 minutes# disable caching for scripts and other
dynamic files
ExpiresActive Off
* Convert common time intervals into seconds: 300 = 5 minutes
2700 = 45 minutes 3600 = 1 hour 54000 = 15 hours 86400 = 1 day
518400 = 6 days 604800 = 1 week 1814400 = 3 weeks 2419200 = 1 month
26611200 = 11 months 29030400 = 1 year = never expires
3.8. Ci t ngn ng v kiu m ha mc nh
# set the default languageDefaultLanguage en-US# set the default
character setAddDefaultCharset UTF-8
3.9. M t MIME
MIME types l tp cc phn m rng ca file, server cn bit tham s ny
bit n ang thao tc vi loi file no. S dng AddType thm mt MIME, tham s
tip theo l loi MIME v cui cng l phn m rng ca file. V d vi file MP3
hoc SWF:AddType application/x-shockwave-flash swfAddType
application/x-shockwave-flash .swfAddType video/x-flv .flvAddType
image/x-icon .icoMt s loi file khng cho chy trc tip trn trnh duyt m
yu cu download v my, loi MIME cn thit lp l:
application/octec-stream
Danh sch cc MIME v loi file tng ng:AddType text/html .html
.htmAddType text/plain .txtAddType text/richtext .rtxAddType
text/tab-separated-values .tsvAddType text/x-setext .etxAddType
text/x-server-parsed-html .shtml .shtAddType
application/macbinhex-40 .hqxAddType application/netalivelink
.nelAddType application/netalive .netAddType
application/news-message-idAddType
application/news-transmissionAddType application/octet-stream .bin
.exeAddType application/oda .odaAddType application/pdf .pdfAddType
application/postscript .ai .eps .psAddType
application/remote-printingAddType application/rtf .rtfAddType
application/slateAddType application/zip .zipAddType
application/x-mif .mifAddType application/witaAddType
application/wordperfect5.1AddType application/x-csh .cshAddType
application/x-dvi .dviAddType application/x-hdf .hdfAddType
application/x-latex .latexAddType application/x-netcdf .nc
.cdfAddType application/x-sh .shAddType application/x-tcl
.tclAddType application/x-tex .texAddType application/x-texinfo
.texinfo .texiAddType application/x-troff .t .tr .roffAddType
application/x-troff-man .manAddType application/x-troff-me
.meAddType application/x-troff-ms .msAddType
application/x-wais-source .srcAddType application/x-bcpio
.bcpioAddType application/x-cpio .cpioAddType application/x-gtar
.gtarAddType application/x-shar .sharAddType application/x-sv4cpio
.sv4cpioAddType application/x-sv4crc .sv4crcAddType
application/x-tar .tarAddType application/x-ustar .ustarAddType
application/x-director .dcrAddType application/x-director
.dirAddType application/x-director .dxrAddType application/x-onlive
.sdsAddType application/x-httpd-cgi .cgiAddType image/gif .gif
.GIFAddType image/ief .iefAddType image/jpeg .jpeg .jpg .jpe
.JPGAddType image/tiff .tiff .tifAddType image/x-cmu-raster
.rasAddType image/x-portable-anymap .pnmAddType
image/x-portable-bitmap .pbmAddType image/x-portable-graymap
.pgmAddType image/x-portable-pixmap .ppmAddType image/x-rgb
.rgbAddType image/x-xbitmap .xbmAddType image/x-xpixmap .xpmAddType
image/x-xwindowdump .xwdAddType audio/basic .au .sndAddType
audio/x-aiff .aif .aiff .aifcAddType audio/x-wav .wavAddType
audio/x-pn-realaudio .ramAddType audio/x-midi .midAddType
video/mpeg .mpeg .mpg .mpeAddType video/quicktime .qt .movAddType
video/x-msvideo .aviAddType video/x-sgi-movie .movieAddType
message/external-bodyAddType message/newsAddType
message/partialAddType message/rfc822AddType
multipart/alternativeAddType multipart/appledoubleAddType
multipart/digestAddType multipart/mixedAddType
multipart/parallelAddType x-world/x-vrml .wrl3.10. Gi kiu m ha v
header khng cn th meta# send the language tag and default character
set# AddType 'text/html; charset=UTF-8' htmlAddDefaultCharset
UTF-8DefaultLanguage en-US3.11. Gii hn cc request GET v PUT# limit
server request methods to GET and PUTOptions -ExecCGI -Indexes
-AllRewriteEngine onRewriteCond %{REQUEST_METHOD}
^(TRACE|TRACK|OPTIONS|HEAD) RewriteRule .* - [F]3.12. La chn file x
l theo phng thc request ti server# process files according to
server request methodScript PUT /cgi-bin/upload.cgiScript GET
/cgi-bin/download.cgi3.13. Thc thi mt nh dng file bng 1 cgi
script
# execute all png files via png-script.cgiAction image/png
/cgi-bin/png-script.cgi
4. Cc cu hnh bo mt
4.1. Ngn cn truy cp file .htaccess
Khi ngi dng c tnh truy nhp file .htaccess s tr v li 403, c nhiu
cch cu hnh, c th cu hnh file vi CHMOD l 644 hoc thm on m sau:#
secure htaccess file
order allow,denydeny from all
4.2. Ngn cn truy cp ti mt file c bit
chn truy nhp vo mt file c bit no , thm on m sau vo file
.htaccess, gi s l file secretfile.jpg# prevent viewing of a
specific file
order allow,denydeny from all
4.3. Chn truy cp ti nhiu file
Order Allow,DenyDeny from all
4.4. Chng browse th mc tri php
m bo ngi dng khng c quyn khng th xem ton b trang web di dng
Directory listing.# disable directory browsingOptions All
IndexesNgc li cho php ngi dng c th xem di dng ny, s dng:# enable
directory browsingOptions All +IndexesNgn cn server listing
directory:# prevent folder listingIndexIgnore *Ngn cn truy nhp vo
cc file c nh dng no , s dng IndexIgnore# prevent display of select
file typesIndexIgnore *.wmv *.mp4 *.avi *.etc4.5. Thay i trang
index mc nh
C th thay v s dng trang index mt cch mc nh, ta cu hnh cho server
nhn mt file khc c chc nng tng t nh file index ( yl business.html)#
serve alternate default index pageDirectoryIndex business.htmlHoc
cho mt lot file u c th l file index, server s tm kim v a ra file u
tin tm c l file index# serve first available alternate default
index page from seriesDirectoryIndex filename.html index.cgi
index.pl default.htm4.6. Ngy trang cho nh dng script
tng cng tnh bo mt, vic ngy trang cho ngn ng kch bn bng vic thay
i phn m rng cng l mt yu t cn xt n:# serve foo files as php
filesAddType application/x-httpd-php .foo
# serve foo files as cgi filesAddType application/x-httpd-cgi
.foo4.7. Gii hn truy cp ti mng LAN# limit access to local area
network
order deny,allowdeny from allallow from 192.168.0.0/33
4.8. Bo v th mc bng a ch IP v/hoc domain
Cu hnh cho php cc truy cp ngoi tr truy cp t a ch: x.y.z.v v t
domain.com# allow all except those indicated here
order allow,denyallow from alldeny from x.y.z.vdeny from
.*domain\.com.*
Ngc li vi cu hnh bn trn, t chi tt c IP truy cp ngoi tr x.y.z.v v
domain.com# deny all except those indicated here
order deny,allowdeny from allallow from x.y.z.vallow from
.*domain\.com.*
Ngoi ra, cng c th tit kim bng thng bng cch block mt s nh dng
file c bit nh: .jpg, .zip, ,mp3, t cc server ngoi ( y l abc v xyz)#
block visitors referred from indicated domains
RewriteEngine onRewriteCond %{HTTP_REFERER} abc\.com
[NC,OR]RewriteCond %{HTTP_REFERER} xyz\.com [NC,OR]RewriteRule .* -
[F]
4.9. Ngn cn hoc cho php truy cp domain theo di a ch IP
C nhiu phng php block mt di a ch IP bng cch cu hnh .htaccess.
Cch thc u tin c th s dng s CIDR (Classess Inter-Domain Routing) ca
di IP, cch ny hiu qu block cc mega-spammer nh RIPE, Optinet, #
block IP range by CIDR number
order allow,denyallow from alldeny from 10.1.0.0/16deny from
80.0.0/8
cho php bi CIDR:# allow IP range by CIDR number
order deny,allowdeny from allallow from 10.1.0.0/16allow from
80.0.0/8
Mt bin php khc chng ta c th block di IP u vo lin quan ti s
truncating cho ti khi di mong mun xut hin# block IP range by
address truncation
order allow,denyallow from alldeny from 99.88.77.66deny from
99.88.77.*deny from 99.88.*.*deny from 99.*.*.*
Cho php a ch IP theo cch ny:# allow IP range by address
truncation
order deny,allowdeny from allallow from 99.88.77.66allow from
99.88.77.*allow from 99.88.*.*allow from 99.*.*.*
4.10. Chn hoc cho php nhiu a ch trong cng 1 dng
Block:# block two unique IP addressesdeny from 99.88.77.66
11.22.33.44# block three ranges of IP addressesdeny from 99.88
99.88.77 11.22.33Allow:# allow two unique IP addressesallow from
99.88.77.66 11.22.33.44# allow three ranges of IP addressesallow
from 99.88 99.88.77 11.22.334.11. Cc lut khc s dng block hay allow
a ch IP
C mt s lut khc c th s dng:# block a partial domain via
network/netmask valuesdeny from 99.1.0.0/255.255.0.0
# block a single domaindeny from 99.88.77.66
# block domain.com but allow sub.domain.comorder deny,allowdeny
from domain.comallow from sub.domain.com4.12. Ngng cc hotlinking,
lun chuyn ni dung server
Mc tiu nhm gip cc qun tr vin ngn cn cc website bn ngoi s dng trc
tip cc hnh nh, ni dung, link, t website ca mnh. V dng ny lm tn bng
thng.S dng ch ny khi kch hot mod_rewrite.# stop hotlinking and
serve alternate content
RewriteEngine onRewriteCond %{HTTP_REFERER} !^$RewriteCond
%{HTTP_REFERER} !^http://(www\.)?domain\.com/.*$ [NC]RewriteRule
.*\.(gif|jpg)$ http://www.domain.com/eatme.jpg [R,NC,L]
chuyn giao mt page li thay v mt s hnh nh nh eatme.jpg nh bn trn,
thay dng RewriteRule bng dng:# serve a standard 403 forbidden error
pageRewriteRule .*\.(gif|jpg)$ - [F,L] cho php mt domain ngoi c th
s dng hotlinking (goodsite chng hn), thm dng cu hnh:# allow linking
from the following siteRewriteCond %{HTTP_REFERER}
!^http://(www\.)?goodsite\.com/.*$ [NC]4.13. Chn Evil Robots, Site
Rippers, v Offline BrowsersRewriteEngine OnRewriteCond
%{HTTP_USER_AGENT} ^BlackWidow [OR]RewriteCond %{HTTP_USER_AGENT}
^Bot\ mailto:[email protected] [OR]RewriteCond %{HTTP_USER_AGENT}
^ChinaClaw [OR]RewriteCond %{HTTP_USER_AGENT} ^Custo
[OR]RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]RewriteCond
%{HTTP_USER_AGENT} ^Download\ Demon [OR]RewriteCond
%{HTTP_USER_AGENT} ^eCatch [OR]RewriteCond %{HTTP_USER_AGENT}
^EirGrabber [OR]RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon
[OR]RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]RewriteCond
%{HTTP_USER_AGENT} ^Express\ WebPictures [OR]RewriteCond
%{HTTP_USER_AGENT} ^ExtractorPro [OR]RewriteCond %{HTTP_USER_AGENT}
^EyeNetIE [OR]RewriteCond %{HTTP_USER_AGENT} ^FlashGet
[OR]RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]RewriteCond
%{HTTP_USER_AGENT} ^GetWeb! [OR]RewriteCond %{HTTP_USER_AGENT}
^Go!Zilla [OR]RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It
[OR]RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]RewriteCond
%{HTTP_USER_AGENT} ^Grafula [OR]RewriteCond %{HTTP_USER_AGENT}
^HMView [OR]RewriteCond %{HTTP_USER_AGENT} HTTrack
[NC,OR]RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper
[OR]RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]RewriteCond
%{HTTP_USER_AGENT} Indy\ Library [NC,OR]RewriteCond
%{HTTP_USER_AGENT} ^InterGET [OR]RewriteCond %{HTTP_USER_AGENT}
^Internet\ Ninja [OR]RewriteCond %{HTTP_USER_AGENT} ^JetCar
[OR]RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider
[OR]RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]RewriteCond
%{HTTP_USER_AGENT} ^LeechFTP [OR]RewriteCond %{HTTP_USER_AGENT}
^Mass\ Downloader [OR]RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool
[OR]RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]RewriteCond
%{HTTP_USER_AGENT} ^Navroad [OR]RewriteCond %{HTTP_USER_AGENT}
^NearSite [OR]RewriteCond %{HTTP_USER_AGENT} ^NetAnts
[OR]RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]RewriteCond
%{HTTP_USER_AGENT} ^Net\ Vampire [OR]RewriteCond %{HTTP_USER_AGENT}
^NetZIP [OR]RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]RewriteCond
%{HTTP_USER_AGENT} ^Offline\ Explorer [OR]RewriteCond
%{HTTP_USER_AGENT} ^Offline\ Navigator [OR]RewriteCond
%{HTTP_USER_AGENT} ^PageGrabber [OR]RewriteCond %{HTTP_USER_AGENT}
^Papa\ Foto [OR]RewriteCond %{HTTP_USER_AGENT} ^pavuk
[OR]RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]RewriteCond
%{HTTP_USER_AGENT} ^RealDownload [OR]RewriteCond %{HTTP_USER_AGENT}
^ReGet [OR]RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger
[OR]RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]RewriteCond
%{HTTP_USER_AGENT} ^SuperBot [OR]RewriteCond %{HTTP_USER_AGENT}
^SuperHTTP [OR]RewriteCond %{HTTP_USER_AGENT} ^Surfbot
[OR]RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]RewriteCond
%{HTTP_USER_AGENT} ^Teleport\ Pro [OR]RewriteCond
%{HTTP_USER_AGENT} ^VoidEYE [OR]RewriteCond %{HTTP_USER_AGENT}
^Web\ Image\ Collector [OR]RewriteCond %{HTTP_USER_AGENT} ^Web\
Sucker [OR]RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]RewriteCond
%{HTTP_USER_AGENT} ^WebCopier [OR]RewriteCond %{HTTP_USER_AGENT}
^WebFetch [OR]RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS
[OR]RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]RewriteCond
%{HTTP_USER_AGENT} ^WebReaper [OR]RewriteCond %{HTTP_USER_AGENT}
^WebSauger [OR]RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor
[OR]RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester
[OR]RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]RewriteCond
%{HTTP_USER_AGENT} ^WebWhacker [OR]RewriteCond %{HTTP_USER_AGENT}
^WebZIP [OR]RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]RewriteCond
%{HTTP_USER_AGENT} ^Widow [OR]RewriteCond %{HTTP_USER_AGENT}
^WWWOFFLE [OR]RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider
[OR]RewriteCond %{HTTP_USER_AGENT} ^ZeusRewriteRule ^.* - [F,L]
Thay v gi mt thng bo thn thin, c th gi li m website:# send em to
a hellish website of your choiceRewriteRule ^.*$
http://www.hellish-website.com [R,L]Hoc gi mt blackhold fake
email:# send em to a virtual blackhole of fake email
addressesRewriteRule ^.*$ http://english-61925045732.spampoison.com
[R,L]C th chn theo referrer, y ta chn iaea.org:RewriteCond
%{HTTP_REFERER} ^http://www.iaea.org$RewriteRule
!^http://[^/.]\.yourdomain\.com.* - [F,L]Mt s cch chn khc:#
redirect any request for anything from spamsite to
differentspamsiteRewriteCond %{HTTP_REFERER} ^http://.*spamsite.*$
[NC]RewriteRule .* http://www.differentspamsite.com [R]
# redirect all requests from spamsite to an image of something
at differentspamsiteRewriteCond %{HTTP_REFERER}
^http://.*spamsite.*$ [NC]RewriteRule .*
http://www.differentspamsite/something.jpg [R]
# redirect traffic from a certain address or range of addresses
to another siteRewriteCond %{REMOTE_ADDR} 192.168.10.*RewriteRule
.* http://www.differentspamsite.com/index.html [R]4.14. Pass bo
v
t password bo v l mt bin php bo v ni dung website v ch cho php
ngi dng ni b c th truy nhp ni dung.c h tr bi Apache. Gip gii hn ngi
dng trong nhng khu vc khc nhau ca mt website.Khi mt th mc c t
password th ton b th mc con v file trong th mc s c t password nh
vy.Ni dung file .htaccess th mc cha n c bo v bi mt khu:
username:encryptedpasswordfred_smithCF9Pam/MXJg2
Tham kho trang sau (to password bo v th mc):
http://www.thejackol.com/scripts/htpasswdgen.php#
password-protect single file
AuthType BasicAuthName "Prompt"AuthUserFile
/home/path/.htpasswdRequire valid-user
# password-protect multiple files
AuthType basicAuthName "Development"AuthUserFile
/home/path/.htpasswdRequire valid-user
# password-protect the directory in which this htaccess rule
residesAuthType basicAuthName "This directory is
protected"AuthUserFile /home/path/.htpasswdAuthGroupFile
/dev/nullRequire valid-user
# password-protect directory for every IP except the one
specified# place in htaccess file of a directory to protect that
entire directoryAuthType BasicAuthName "Personal"AuthUserFile
/home/path/.htpasswdRequire valid-userAllow from 99.88.77.66Satisfy
Any4.15. T ng t CHMOD cho cc loi file
Cch thc ny m bo t CHMOD cho cc loi file xc nh.# ensure CHMOD
settings for specified file types# remember to never set CHMOD 777
unless you know what you are doing# files requiring write access
should use CHMOD 766 rather than 777# keep specific file types
private by setting their CHMOD to 400chmod .htpasswd files 640chmod
.htaccess files 644chmod php files 6004.16. Ngy trang tt c cc nh
dng m rng
Ngy trang tt c cc file v coi nh file .php# diguise all file
extensions as phpForceType application/x-httpd-phpHoc nh cc nh dng
khc. Ngoi ra, c th che giu file php di cc nh dng khc:
SetHandler application/x-httpd-php
4.17. Chng tn cng t chi dch v bng cch gii hn kch thc file
upload# protect against DOS attacks by limiting file upload
sizeLimitRequestBody 102400004.18. Bo v th mc bng cch disable vic
thc thi cc script# secure directory by disabling script
executionAddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml
.sh .cgiOptions ExecCGI4.19. Yu cu SSL# require SSLSSLOptions
+StrictRequireSSLRequireSSLSSLRequire %{HTTP_HOST} eq
"domain.tld"ErrorDocument 403 https://domain.tld
# require SSL without mod_sslRewriteCond %{HTTPS} !=on
[NC]RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]5.
Mt s cu hnh hu ch khc
5.1. Kim tra URL# automatically corect simple speling erors
CheckSpelling On
5.2. Sp xp li trang thng bo li
Cu hnh ny rt hu ch v n a ra li cho ngi truy cp website mt cch
thn thin, gip cho ch website hin th cc thng bo li theo cch ring.#
serve custom error pagesErrorDocument 400
/errors/400.htmlErrorDocument 401 /errors/401.htmlErrorDocument 403
/errors/403.htmlErrorDocument 404 /errors/404.htmlErrorDocument 500
/errors/500.html5.3. Ch dn cho browser download v my thay v chy trc
tip
iu ny hu ch i vi cc file multi media# instruct browser to
download multimedia filesAddType application/octet-stream
.aviAddType application/octet-stream .mpgAddType
application/octet-stream .wmvAddType application/octet-stream .mp3C
th p dng vi cc nh dng khc (Xem thm phn: 3.9)5.4. Ch th server hin
th m ngun vi mt s file thc thi
Mt s trng hp cn hin th m ngun ca mt file thay v thc thi chng, s
dng:RemoveHandler cgi-script .pl .py .cgi
5.5. Redirect ngi dng ti mt site tm thi khi pht trin hoc sa
li
Trong qu trnh pht trin, bo tr hay sa cha website, bn khng mun
khch hng ving thm, cu hnh di s gip chuyn hng ngi dng ti mt site khc
trong khi qun tr vin vn c kh nng truy nhp y (x.x.x.x l IP ca qun
tr):# redirect all visitors to alternate site but retain full
access for youErrorDocument 403 http://www.alternate-site.comOrder
deny,allowDeny from allAllow from x.x.x.x5.6. Chn truy cp ti file
hay th mc theo thi gian# prevent access during the midnight
hourRewriteCond %{TIME_HOUR} ^12$RewriteRule ^.*$ - [F,L]
# prevent access throughout the afternoonRewriteCond
%{TIME_HOUR} ^(12|13|14|15)$RewriteRule ^.*$ - [F,L]
6. Th thut redirect
i vi tt c cc loi redirect s dng mode_rewrite cn enable ch :
RewriteEngine.# initialize and enable rewrite engineRewriteEngine
on6.1. Redirect t http://www.domain.com sang http://domain.com#
permanently redirect from www domain to non-www domainRewriteEngine
onOptions +FollowSymLinksRewriteCond %{HTTP_HOST}
^www\.domain\.tld$ [NC]RewriteRule ^(.*)$ http://domain.tld/$1
[R=301,L]6.2. Redirect t mt domain c sang domain mi# redirect from
old domain to new domainRewriteEngine OnRewriteRule ^(.*)$
http://www.new-domain.com/$1 [R=301,L]6.3. Redirect String
Variations sang mt a ch
Gi s mt request c cha string: some-string, ta s chuyn request ny
ti trang: http://some-string.com# redirect any variations of a
specific character string to a specific addressRewriteRule
^some-string http://www.some-string.com [R]Mt s phng php khc:# map
URL variations to the same directory on the same serverAliasMatch
^/director(y|ies) /www/docs/target
# map URL variations to the same directory on a different
serverRedirectMatch ^/[dD]irector(y|ies) http://domain.com6.4. Mt s
redirect khc
Redirect mt site u vo vi trng thi 301:# redirect an entire site
via 301redirect 301 / http://www.domain.com/Redirect mt file vi
trng thi 301:# redirect a specific file via 301redirect 301
/current/currentfile.html
http://www.newdomain.com/new/newfile.htmlRedirect mt site qua mt
redirect lin tc:# redirect an entire site via permanent
redirectRedirect permanent / http://www.domain.com/Redirect mt
trang hoc mt th mc vi redirect lin tc:# redirect a page or
directoryRedirect permanent old_file.html
http://www.new-domain.com/new_file.htmlRedirect permanent
/old_directory/ http://www.new-domain.com/new_directory/Redirect mt
file s dng RedirectMatch:# redirect a file using
RedirectMatchRedirectMatch 301 ^.*$
http://www.domain.com/index.htmlKhi redirect cc file, s dng lut
Redirect vi cc file trong cng domain, s dng lut RewriteRule cho bt
c domain no. Lut RewriteRule mnh hn lut Redirect.# redirect files
directories and domains via RewriteRuleRewriteRule
http://old-domain.com/old-file.htmlhttp://new-domain.com/new-file.htmlRewriteRule
http://old-domain.com/old-dir/http://new-domain.com/new-dir/RewriteRule
http://old-domain.com/http://new-domain.com/6.5. Chuyn khch hng ti
mt domain con
Lut ny cho php tt c cc visitor xem page thng qua domain con.#
send visitors to a subdomainRewriteCond %{HTTP_HOST} !^$RewriteCond
%{HTTP_HOST} !^subdomain\.domain\.com$ [NC]RewriteRule ^/(.*)$
http://subdomain.domain.tld/$1 [L,R=301]6.6. Mt s redirect khc
# rewrite only if the file is not foundRewriteCond
%{REQUEST_FILENAME} !-fRewriteRule ^(.+)special\.html?$
cgi-bin/special/special-html/$1
# rewrite only if an image is not foundRewriteCond
%{REQUEST_FILENAME} !-fRewriteRule images/special/(.*).gif
cgi-bin/special/mkgif?$1
# seo-friendly rewrite rules for various directoriesRewriteRule
^(.*)/aud/(.*)$ $1/audio-files/$2 [L,R=301]RewriteRule
^(.*)/img/(.*)$ $1/image-files/$2 [L,R=301]RewriteRule
^(.*)/fla/(.*)$ $1/flash-files/$2 [L,R=301]RewriteRule
^(.*)/vid/(.*)$ $1/video-files/$2 [L,R=301]
# broswer sniffing via htaccess environmental
variablesRewriteCond %{HTTP_USER_AGENT} ^Mozilla.*RewriteRule ^/$
/index-for-mozilla.html [L]RewriteCond %{HTTP_USER_AGENT}
^Lynx.*RewriteRule ^/$ /index-for-lynx.html [L]RewriteRule ^/$
/index-for-all-others.html [L]
# redirect query to Google searchOptions
+FollowSymlinksRewriteEngine OnRewriteCond %{REQUEST_URI}
.google\.php*RewriteRule ^(.*)$ ^http://www.google.com/search?q=$1
[R,NC,L]
# deny request according to the request methodRewriteCond
%{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD)$ [NC]RewriteRule ^.*$
- [F]
# redirect uploads to a better placeRewriteCond
%{REQUEST_METHOD} ^(PUT|POST)$ [NC]RewriteRule ^(.*)$
/cgi-bin/upload-processor.cgi?p=$1 [L,QSA]
# seo friendly redirect for a single fileRedirect 301
/old-dir/old-file.html http://domain.com/new-dir/new-file.html
# seo friendly redirect for multiple files
# redirects all files in dir directory with first letters
xyzRedirectMatch 301 /dir/xyz(.*) http://domain.com/$1
# seo friendly redirect entire site to a different
domainRedirect 301 / http://different-domain.com7. Mt s cu hnh
khc
7.1. Kch hot SSI
Khi s dng ch SSI, phn m rng cc file trn server phi dng .shtml
thay v .html. iu ny gy bt li cho cc website thit lp dng .html, trnh
phi chuyn i li nh dng m rng file trn server, to file .htaccess vi
ni dung:
AddHandler server-parsed .html
C th thm nhiu dng server chp nhn nhiu nh dng khc nhau.V
d:AddHandler server-parsed .htmlAddHandler server-parsed
.shtmlAddHandler server-parsed .htm
7.2. Chn truy cp ti cc file include trong file .php
trnh b truy cp ti th mc cha cc file .php, to file .htaccess vi
ni dung:## Enable Mod Rewrite, this is only required once in each
.htaccess fileRewriteEngine OnRewriteBase /## Test for access to
includes directoryRewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\
/includes/ .*$ [NC]## Test that file requested has php
extensionRewriteCond %{REQUEST_FILENAME} ^.+\.php$## Forbid
AccessRewriteRule .* - [F,NS,L]
Trong , includes l th mc cha file .php