超好用,.htaccess用法大全,wordpress也适用
点击数: 2857
文章目录
这些.htaccess代码,非常的好,想得到的功能,大部分都有。
再次申明一下,这些代码是可以直接复制到.htaccess里面产生效果,绝大部分都是可以用,而有些是需要稍作修改。
因此你要修改.htaccess的时候,请先备份。
重新和重定向
注:你伺服器需要安装及启用mod_rewrite。
强制 www
- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^example.com [NC]
- RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
强制www通用方法
- RewriteCond %{HTTP_HOST} !^$
- RewriteCond %{HTTP_HOST} !^www. [NC]
- RewriteCond %{HTTPS}s ^on(s)|
- RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
强制 non-www
让网址不带www的方法- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^www.example.com [NC]
- RewriteRule ^(.*)$ http://example.com/$1 [L,R=301]
强制non-www通用方法
- RewriteEngine on
- RewriteCond %{HTTP_HOST} ^www.
- RewriteCond %{HTTPS}s ^on(s)|off
- RewriteCond http%1://%{HTTP_HOST} ^(https?://)(www.)?(.+)$
- RewriteRule ^ %1%3%{REQUEST_URI} [R=301,L]
强制 HTTPS
- RewriteEngine on
- RewriteCond %{HTTPS} !on
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
- # Note: It's also recommended to enable HTTP Strict Transport Security (HSTS)
- # on your HTTPS website to help prevent man-in-the-middle attacks.
- # See https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
- Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
强制HTTPS 通过代理
- RewriteCond %{HTTP:X-Forwarded-Proto} !https
- RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
重新指向到一个页面
- Redirect 301 /oldpage.html http://dhamma.com.tw/newpage.html
- Redirect 301 /oldpage2.html http://dhamma.com.tw/folder/
目录别名
- RewriteEngine On
- RewriteRule ^source-directory/(.*) target-directory/$1
重新指向整个网站
- Redirect 301 / http://newsite.com/
干净的URL
- RewriteEngine On
- RewriteCond %{SCRIPT_FILENAME} !-d
- RewriteRule ^([^.]+)$ $1.php [NC,L]
拒绝所有访问
[cc lang="php"] ## Apache 2.2 Deny from all ## Apache 2.4 # Require all denied [/cc]拒绝所有访问-排除部分
[cc lang="php"] ## Apache 2.2 Order deny,allow Deny from all Allow from xxx.xxx.xxx.xxx ## Apache 2.4 # Require all denied # Require ip xxx.xxx.xxx.xxx [/cc]注:单独列出所有允许的IP地址遮罩爬虫/恶意访问
[cc lang="php"] ## Apache 2.2 Order deny,allow Allow from all Deny from xxx.xxx.xxx.xxx Deny from xxx.xxx.xxx.xxy ## Apache 2.4 # Require all granted # Require not ip xxx .xxx.xxx.xxx # Require not ip xxx.xxx.xxx.xxy [/cc]保护隐藏档和目录
隐藏文件和目录(那些名称以一个点。),如果不是全部的时间固定。 example: .htaccess, .htpasswd, .git, .hg…- RewriteCond %{SCRIPT_FILENAME} -d [OR]
- RewriteCond %{SCRIPT_FILENAME} -f
- RewriteRule "(^|/)." - [F]
- RedirectMatch 404 /\..*$
保护备份档案和原始程式码档
如果你可以通过一些文本/ HTML编辑器留,公开这些文件,会造成极大的安全威胁,那你需要这段代码保护。"(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$"> - ## Apache 2.2
- Order allow,deny
- Deny from all
- Satisfy All
- ## Apache 2.4
- # Require all denied
禁止目录被流览
- Options All -Indexes
禁止图片连结被盗连
- [cc lang="php"]
- RewriteEngine on
- # Remove the following line if you want to block blank referrer too
- RewriteCond %{HTTP_REFERER} !^$
- RewriteCond %{HTTP_REFERER} !^http(s)?://(.+.)?example.com [NC]
- RewriteRule .(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]
- # If you want to display a "blocked" banner in place of the hotlinked image,
- # replace the above rule with:
- # RewriteRule .(jpg|jpeg|png|gif|bmp) http://example.com/blocked.png [R,L]
- [/cc]
禁止图片连结被盗连(针对特店网址)
有时候,我们只想让某部分人禁止图片盗连。-
class=dp-highlighter>class=bar>
- class=dp-c>
- class=alt>[cc lang=class=string>"php"]
- RewriteEngine on
- class=alt># Remove the following line class=keyword>if you want to block blank referrer too
- RewriteCond %{HTTP_REFERER} !^$
- class=alt>
- RewriteCond %{HTTP_REFERER} !^http(s)?:class=comment>//(.+.)?example.com [NC]
- class=alt>RewriteRule .(jpg|jpeg|png|gif|bmp)$ - [NC,F,L]
- class=alt># If you want to display a class=string>"blocked" banner in place of the hotlinked image,
- # replace the above rule with:
- class=alt># RewriteRule .(jpg|jpeg|png|gif|bmp) http:class=comment>//example.com/blocked.png [R,L]
- [/cc]
用密码保护目录
首先,你需要在系统中的某个地方创建一个.htpasswd的文件:- htpasswd -c /home/fellowship/.htpasswd boromir
- AuthType Basic
- AuthName "One does not simply"
- AuthUserFile /home/fellowship/.htpasswd
- Require valid-user
用密码保护档案
- AuthName "One still does not simply"
- AuthType Basic
- AuthUserFile /home/fellowship/.htpasswd
"one-ring.o"> - Require valid-user
- Require valid-user
使用Referrer过滤浏览者
- RewriteEngine on
- # Options +FollowSymlinks
- RewriteCond %{HTTP_REFERER} somedomain.com [NC,OR]
- RewriteCond %{HTTP_REFERER} anotherdomain.com
- RewriteRule .* - [F]
防止被别的网站嵌入
这可以防止网站被嵌入(别人使用iframe语法),当然可以允许制定特定URI。- SetEnvIf Request_URI "/starry-night" allow_framing=true
- Header set X-Frame-Options SAMEORIGIN env=!allow_framing
启用网站压缩功能
这可以让网站加速,最为标准的语法,我就是用这个语法的。- # compression for mangled headers.
- # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
- SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)s*,?s*)+|[X~-] {4,13}$ HAVE_Accept-Encoding
- RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
- # Compress all output labeled with one of the following MIME-types
- # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
- # and can remove the `` and `` lines
- # as `AddOutputFilterByType` is still in the core directives).
- AddOutputFilterByType DEFLATE application/atom+xml
- application/javascript
- application/json
- application/rss+xml
- application/vnd.ms-fontobject
- application/x-font-ttf
- application/x-web-app-manifest+json
- application/xhtml+xml
- application/xml
- font/opentype
- image/svg+xml
- image/x-icon
- text/css
- text/html
- text/plain
- text/x-component
- text/xml
设定浏览器快取功能
也称设置过期头资讯,详细的内容我有这篇介绍设定浏览器快取功能- ExpiresActive on
- ExpiresDefault "access plus 1 month"
- # CSS
- ExpiresByType text/css "access plus 1 year"
- # Data interchange
- ExpiresByType application/json "access plus 0 seconds"
- ExpiresByType application/xml "access plus 0 seconds"
- ExpiresByType text/xml "access plus 0 seconds"
- # Favicon (cannot be renamed!)
- ExpiresByType image/x-icon "access plus 1 week"
- # HTML components (HTCs)
- ExpiresByType text/x-component "access plus 1 month"
- # HTML
- ExpiresByType text/html "access plus 0 seconds"
- # JavaScript
- ExpiresByType application/javascript "access plus 1 year"
- # Manifest files
- ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
- ExpiresByType text/cache-manifest "access plus 0 seconds"
- # Media
- ExpiresByType audio/ogg "access plus 1 month"
- ExpiresByType image/gif "access plus 1 month"
- ExpiresByType image/jpeg "access plus 1 month"
- ExpiresByType image/png "access plus 1 month"
- ExpiresByType video/mp4 "access plus 1 month"
- ExpiresByType video/ogg "access plus 1 month"
- ExpiresByType video/webm "access plus 1 month"
- # Web feeds
- ExpiresByType application/atom+xml "access plus 1 hour"
- ExpiresByType application/rss+xml "access plus 1 hour"
- # Web fonts
- ExpiresByType application/font-woff2 "access plus 1 month"
- ExpiresByType application/font-woff "access plus 1 month"
- ExpiresByType application/vnd.ms-fontobject "access plus 1 month"
- ExpiresByType application/x-font-ttf "access plus 1 month"
- ExpiresByType font/opentype "access plus 1 month"
- ExpiresByType image/svg+xml "access plus 1 month"
设定PHP变数
- php_value
- # For example:
- php_value upload_max_filesize 60M
- php_value max_execution_time 200
自定义错误页面
- ErrorDocument 500 "Houston, we have a problem."
- ErrorDocument 401 http://error.example.com/mordor.html
- ErrorDocument 404 /errors/halflife3.html
自动UTF-8 Encode
让您的文字内容应始终是UTF-8编码- # Use UTF-8 encoding for anything served text/plain or text/html
- AddDefaultCharset utf-8
- # 强制 UTF-8 for a number of file formats
- AddCharset utf-8 .atom .css .js .json .rss .vtt .xml
切换PHP版本
如果你是租用虚拟主机,虚拟主机或许安装许多版本的php,而你可以透过此方法来更改php版本。- AddHandler application/x-httpd-php55 .php
- # Alternatively, you can use AddType
- AddType application/x-httpd-php55 .php
禁止IE相容性
- BrowserMatch MSIE is-msie
- Header set X-UA-Compatible IE=edge env=is-msie
支持WebP图片格式
- RewriteEngine On
- RewriteCond %{HTTP_ACCEPT} image/webp
- RewriteCond %{DOCUMENT_ROOT}/$1.webp -f
- RewriteRule (.+).(jpe?g|png)$ $1.webp [T=image/webp,E=accept:1]
