超好用,.htaccess用法大全,wordpress也適用
點擊數: 2891
文章目錄
這些.htaccess代碼,非常的好,想得到的功能,大部分都有。
再次申明一下,這些代碼是可以直接複製到.htaccess裡面產生效果,絕大部分都是可以用,而有些是需要稍作修改。
因此你要修改.htaccess的時候,請先備份。
重新和重定向
註:你伺服器需要安裝及啟用mod_rewrite。
強制 www
- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^example.com [NC]
- RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
強制www通用方法
- RewriteCond %{HTTP_HOST} !^$
- RewriteCond %{HTTP_HOST} !^www. [NC]
- RewriteCond %{HTTPS}s ^on(s)|
- RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
強制 non-www
讓網址不帶www的方法- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^www.example.com [NC]
- RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
強制non-www通用方法
- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^www.
- RewriteCond %{HTTPS}s ^on(s)|off
- RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www.)?(.+)$
- RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]
强制 HTTPS
- RewriteEngine on
- RewriteCond %{HTTPS} !on
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
- # Note: It's also recommended to enable HTTP Strict Transport Security (HSTS)
- # on your HTTPS website to help prevent man-in-the-middle attacks.
- # See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
- Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
強制HTTPS 通過代理
- RewriteCond %{HTTP:X-Forwarded-Proto} !https
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
重新指向到一個頁面
- Redirect 301 /oldpage.html http://dhamma.com.tw/newpage.html
- Redirect 301 /oldpage2.html http://dhamma.com.tw/folder/
目錄別名
- RewriteEngine On
- RewriteRule ^source-directory/(.*) target-directory/$1
重新指向整個網站
- Redirect 301 / http://newsite.com/
乾淨的URL
- RewriteEngine On
- RewriteCond %{SCRIPT_FILENAME} !-d
- RewriteRule ^([^.]+)$ $1.php [NC,L]
拒絕所有訪問
[cc lang="php"] ## Apache 2.2 Deny from all ## Apache 2.4 # Require all denied [/cc]拒絕所有訪問-排除部分
[cc lang="php"] ## Apache 2.2 Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx ## Apache 2.4 # Require all denied # Require ip xxx.xxx.xxx.xxx [/cc] 註:單獨列出所有允許的IP地址遮罩爬蟲/惡意訪問
[cc lang="php"] ## Apache 2.2 Order deny,allow Allow from all Deny from xxx.xxx.xxx.xxx Deny from xxx.xxx.xxx.xxy ## Apache 2.4 # Require all granted # Require not ip xxx.xxx.xxx.xxx # Require not ip xxx.xxx.xxx.xxy [/cc]保護隱藏檔和目錄
隱藏文件和目錄(那些名稱以一個點。),如果不是全部的時間固定。example: .htaccess, .htpasswd, .git, .hg…- RewriteCond %{SCRIPT_FILENAME} -d [OR]
- RewriteCond %{SCRIPT_FILENAME} -f
- RewriteRule "(^|/)." - [F]
- RedirectMatch 404 /\..*$
保護備份檔案和原始程式碼檔
如果你可以通過一些文本/ HTML編輯器留,公開這些文件,會造成極大的安全威脅,那你需要這段代碼保護。"(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$"> - ## Apache 2.2
- Order allow,deny
- Deny from all
- Satisfy All
- ## Apache 2.4
- # Require all denied
禁止目錄被流覽
- Options All -Indexes
禁止圖片連結被盜連
- [cc lang="php"]
- RewriteEngine on
- # Remove the following line if you want to block blank referrer too
- RewriteCond %{HTTP_REFERER} !^$
- RewriteCond %{HTTP_REFERER} !^http(s)?://(.+.)?example.com [NC]
- RewriteRule .(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]
- # If you want to display a "blocked" banner in place of the hotlinked image,
- # replace the above rule with:
- # RewriteRule .(jpg|jpeg|png|gif|bmp) http://example.com/blocked.png [R,L]
- [/cc]
禁止圖片連結被盜連(針對特店網址)
有時候,我們只想讓某部分人禁止圖片盜連。-
class=dp-highlighter>class=bar>
- class=dp-c>
- class=alt>[cc lang=class=string>"php"]
- RewriteEngine on
- class=alt># Remove the following line class=keyword>if you want to block blank referrer too
- RewriteCond %{HTTP_REFERER} !^$
- class=alt>
- RewriteCond %{HTTP_REFERER} !^http(s)?:class=comment>//(.+.)?example.com [NC]
- class=alt>RewriteRule .(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]
- class=alt># If you want to display a class=string>"blocked" banner in place of the hotlinked image,
- # replace the above rule with:
- class=alt># RewriteRule .(jpg|jpeg|png|gif|bmp) http:class=comment>//example.com/blocked.png [R,L]
- [/cc]
用密碼保護目錄
首先,你需要在系統中的某個地方創建一個.htpasswd的文件:- htpasswd -c /home/fellowship/.htpasswd boromir
- AuthType Basic
- AuthName "One does not simply"
- AuthUserFile /home/fellowship/.htpasswd
- Require valid-user
用密碼保護檔案
- AuthName "One still does not simply"
- AuthType Basic
- AuthUserFile /home/fellowship/.htpasswd
"one-ring.o"> - Require valid-user
- Require valid-user
使用Referrer過濾瀏覽者
- RewriteEngine on
- # Options +FollowSymlinks
- RewriteCond %{HTTP_REFERER} somedomain.com [NC,OR]
- RewriteCond %{HTTP_REFERER} anotherdomain.com
- RewriteRule .* - [F]
防止被別的網站嵌入
這可以防止網站被嵌入(別人使用iframe語法),當然可以允許制定特定URI。- SetEnvIf Request_URI "/starry-night" allow_framing=true
- Header set X-Frame-Options SAMEORIGIN env=!allow_framing
啟用網站壓縮功能
這可以讓網站加速,最為標準的語法,我就是用這個語法的。- # compression for mangled headers.
- # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
- SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
- RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
- # Compress all output labeled with one of the following MIME-types
- # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
- # and can remove the `` and `` lines
- # as `AddOutputFilterByType` is still in the core directives).
- AddOutputFilterByType DEFLATE application/atom+xml
- application/javascript
- application/json
- application/rss+xml
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/svg+xml
- image/x-icon
- text/css
- text/html
- text/plain
- text/x-component
- text/xml
設定瀏覽器快取功能
也稱設置過期頭資訊,詳細的內容我有這篇介紹設定瀏覽器快取功能- ExpiresActive on
- ExpiresDefault "access plus 1 month"
- # CSS
- ExpiresByType text/css "access plus 1 year"
- # Data interchange
- ExpiresByType application/json "access plus 0 seconds"
- ExpiresByType application/xml "access plus 0 seconds"
- ExpiresByType text/xml "access plus 0 seconds"
- # Favicon (cannot be renamed!)
- ExpiresByType image/x-icon "access plus 1 week"
- # HTML components (HTCs)
- ExpiresByType text/x-component "access plus 1 month"
- # HTML
- ExpiresByType text/html "access plus 0 seconds"
- # JavaScript
- ExpiresByType application/javascript "access plus 1 year"
- # Manifest files
- ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
- ExpiresByType text/cache-manifest "access plus 0 seconds"
- # Media
- ExpiresByType audio/ogg "access plus 1 month"
- ExpiresByType image/gif "access plus 1 month"
- ExpiresByType image/jpeg "access plus 1 month"
- ExpiresByType image/png "access plus 1 month"
- ExpiresByType video/mp4 "access plus 1 month"
- ExpiresByType video/ogg "access plus 1 month"
- ExpiresByType video/webm "access plus 1 month"
- # Web feeds
- ExpiresByType application/atom+xml "access plus 1 hour"
- ExpiresByType application/rss+xml "access plus 1 hour"
- # Web fonts
- ExpiresByType application/font-woff2 "access plus 1 month"
- ExpiresByType application/font-woff "access plus 1 month"
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
- ExpiresByType application/x-font-ttf "access plus 1 month"
- ExpiresByType font/opentype "access plus 1 month"
- ExpiresByType image/svg+xml "access plus 1 month"
設定PHP變數
- php_value
- # For example:
- php_value upload_max_filesize 60M
- php_value max_execution_time 200
自定義錯誤頁面
- ErrorDocument 500 "Houston, we have a problem."
- ErrorDocument 401 http://error.example.com/mordor.html
- ErrorDocument 404 /errors/halflife3.html
自動UTF-8 Encode
讓您的文字內容應始終是UTF-8編碼- # Use UTF-8 encoding for anything served text/plain or text/html
- AddDefaultCharset utf-8
- # 强制 UTF-8 for a number of file formats
- AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
切換PHP版本
如果你是租用虛擬主機,虛擬主機或許安裝許多版本的php,而你可以透過此方法來更改php版本。- AddHandler application/x-httpd-php55 .php
- # Alternatively, you can use AddType
- AddType application/x-httpd-php55 .php
禁止IE相容性
- BrowserMatch MSIE is-msie
- Header set X-UA-Compatible IE=edge env=is-msie
支持WebP圖片格式
- RewriteEngine On
- RewriteCond %{HTTP_ACCEPT} image/webp
- RewriteCond %{DOCUMENT_ROOT}/$1.webp -f
- RewriteRule (.+).(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]
