Apache服務(wù)器的.htaccess是一個非常強(qiáng)大的分布式配置文件�����,學(xué)會使用.htaccess�,對虛擬主機(jī)用戶來說�����,可以實(shí)現(xiàn)眾多的功能�。這里有一篇很容易讓人理解的.htaccess介紹,作為入門文章非常的適合����。文章最初來自,QiRan作了簡單的中文翻譯�����,我將加以完善�。
- Part 1 – Introduction介紹
- Part 2 - .htaccess Commande命令
- Part 3 - Password protection密碼保護(hù)
Part 1 – Introduction介紹
Introduction 介紹
In this tutorial you will find out about the .htaccess file and the power it has to improve your website. Although .htaccess is only a file, it can change settings on the servers and allow you to do many different things, the most popular being able to have your own custom 404 error pages. .htaccess isn‘t difficult to use and is really just made up of a few simple instructions in a text file.
從本指南中�,你將可以學(xué)習(xí)到有關(guān).htaccess文件及其功能的知識����,并用以優(yōu)化你的網(wǎng)站。盡管.htaccess只是一個文件���,但它可以更改服務(wù)器的設(shè)置���,允許你做許多不同的事情,最流行的功能是您可以創(chuàng)建自定義的“404 error”頁面����。.htaccess 并不難于使用,歸根結(jié)底�����,它只是在一個text文檔中添加幾條簡單的指令而已��。
Will My Host Support It? 我的主機(jī)支持它嗎�����?
This is probably the hardest question to give a simple answer to. Many hosts support .htaccess but don‘t actually publicise it and many other hosts have the capability but do not allow their users to have a .htaccess file. As a general rule, if your server runs Unix or Linux, or any version of the Apache web server it will support .htaccess, although your host may not allow you to use it.
這可能很難用簡單的答案來回答。許多主機(jī)支持.htaccess����,但實(shí)際上并不會特別聲明,許多其他類型的主機(jī)有能力但并不允許他們的用戶使用.htaccess�����。一般來說��,如果你的主機(jī)使用Unix或Linux系統(tǒng)�,或任何版本的Apache網(wǎng)絡(luò)服務(wù)器,從理論上都是支持.htaccess的�����,盡管你的主機(jī)服務(wù)商可能不允許你使用它��。
A good sign of whether your host allows .htaccess files is if they support password protection of folders. To do this they will need to offer .htaccess (although in a few cases they will offer password protection but not let you use .htaccess). The best thing to do if you are unsure is to either upload your own .htaccess file and see if it works or e-mail your web host and ask them.
判斷你的主機(jī)是否允許.htaccess���,一個標(biāo)志很好的是它是否支持文件夾密碼保護(hù)。為達(dá)到此功能��,主機(jī)服務(wù)商需要使用.htaccess(當(dāng)然�����,少數(shù)情況下他們雖提供密碼保護(hù)功能,但卻并不允許你使用.htaccess)�����。如果你不確定自己的主機(jī)是否支持.htaccess��,最好的辦法是上傳你自己的.htaccess文件看看是否有用�����,或者直接發(fā)送e-mail向你的主機(jī)服務(wù)商咨詢�����。
What Can I Do? 我該怎么做�����?
You may be wondering what .htaccess can do, or you may have read about some of its uses but don‘t realise how many things you can actually do with it.
你可能疑惑.htaccess到底能做些什么���,或者你可能曾知道它的一些功能但并不真正了解你實(shí)際到底可以用它來做多少事情�����。
There is a huge range of things .htaccess can do including: password protecting folders, redirecting users automatically, custom error pages, changing your file extensions, banning users with certian IP addresses, only allowing users with certain IP addresses, stopping directory listings and using a different file as the index file.
.htaccess可以做大量的事情��,包括:文件夾密碼保護(hù)��、用戶自動重定向��、自定義錯誤頁面����、改變你的文件擴(kuò)展名、封禁特定IP地址的用戶�����、只允許特定IP地址的用戶�����、禁止目錄列表��,以及使用其他文件作為index文件����。
Creating A .htaccess File 創(chuàng)建一個.htaccess文檔
Creating a .htaccess file may cause you a few problems. Writing the file is easy, you just need enter the appropriate code into a text editor (like notepad). You may run into problems with saving the file. Because .htaccess is a strange file name (the file actually has no name but a 8 letter file extension) it may not be accepted on certain systems (e.g. Windows 3.1). With most operating systems, though, all you need to do is to save the file by entering the name as:
創(chuàng)建.htaccess文件也許會給你帶來一些困難�。寫文件很容易,你只需要在文字編緝器(例如:寫字板)里寫下適當(dāng)?shù)拇a。真正困難的可能是文件的保存�,因?yàn)?htaccess是一個古怪的文件名(它事實(shí)上沒有文件名,只有一個由8個字母組成的擴(kuò)展名)�,而在一些系統(tǒng)(如windows 3.1)中無法接受這樣的文件名。在大多數(shù)的操作系統(tǒng)中���,你需要做的是將文檔保存成名為:
".htaccess"
(including the quotes). If this doesn‘t work, you will need to name it something else (e.g. htaccess.txt) and then upload it to the server. Once you have uploaded the file you can then rename it using an FTP program.
(包括引號)���。如果這也不行,你需要將其先命名為其它名字(例如htaccess.txt)����,再將其上傳到服務(wù)器上,之后直接使用FTP軟件來重命名�。
Warning 警告
Before beginning using .htaccess, I should give you one warning. Although using .htaccess on your server is extremely unlikely to cause you any problems (if something is wrong it simply won‘t work), you should be wary if you are using the Microsoft FrontPage Extensions. The FrontPage extensions use the .htaccess file so you should not really edit it to add your own information. If you do want to (this is not recommended, but possible) you should download the .htaccess file from your server first (if it exists) and then add your code to the beginning.
在使用.htaccess之前,我必須給你一些警告�。雖然在服務(wù)器上使用.htaccess絕對不太可能給你帶來任何麻煩(如果有些東西錯了,它只是沒效用罷了)���,但如果你使用Microsoft FrontPage Extensions����,就必須特別小心�����。因?yàn)镕rontPage Extensions本身使用了.htaccess,因此你不能編輯它并加入你自己的信息��。如果確實(shí)有這方面的需要(并不推薦�,但是可能),你應(yīng)該先從服務(wù)器上下載.htaccess文檔(如果存在)����,之后在前面加上你的代碼。
Custom Error Pages 自定義錯誤頁
The first use of the .htaccess file which I will cover is custom error pages. These will allow you to have your own, personal error pages (for example when a file is not found) instead of using your host‘s error pages or having no page. This will make your site seem much more professional in the unlikely event of an error. It will also allow you to create scripts to notify you if there is an error (for example I use a PHP script on Free Webmaster Help to automatically e-mail me when a page is not found).
我要介紹的.htaccess的第一個應(yīng)用是自定義錯誤頁面��,這將使你可以擁有自己的���、個性化的錯誤頁面(例如找不到文件時)����,而不是你的服務(wù)商提供的錯誤頁或沒有任何頁面���。這會讓你的網(wǎng)站在出錯的時候看上去更專業(yè)�。你還可以利用腳本程序在發(fā)生錯誤的時候通知你(例如我使用Free Webmaster Help的PHP腳本程序���,當(dāng)找不到頁面的時候自動e-mail給我)�。
You can use custom error pages for any error as long as you know its number (like 404 for page not found) by adding the following to your .htaccess file:
你所知道的任何頁面錯誤代碼(像404找不到頁面)���,都可以通過在.htaccess文件里加入下面的文字將其變成自定義頁面:
rrorDocument errornumber /file.html
For example if I had the file notfound.html in the root direct
ory of my site and I wanted to use it for a 404 error I would use:
舉例來說���,如果我的根目錄下有一個nofound.html文件,我想使用它作為404 error的頁面:
ErrorDocument 404 /notfound.html
If the file is not in the root directory of your site, you just need to put the path to it:
如果文件不在網(wǎng)站的根目錄下�����,你只需要把路徑設(shè)置為:
ErrorDocument 500 /errorpages/500.html
These are some of the most common errors:
以下是一些最常用的錯誤:
401 - Authorization Required 需要驗(yàn)證
400 - Bad request 錯誤請求
403 - Forbidden 禁止
500 - Internal Server Error 內(nèi)部服務(wù)器錯誤
404 - Wrong page 找不到頁面
Then, all you need to do is to create a file to display when the error happens and upload it and the .htaccess file.
接下來����,你要做的只是創(chuàng)建一個錯誤發(fā)生時顯示的文件,然后把它們和.htaccess一起上傳���。
Part 2 - .htaccess 命令
Introduction 介紹
In the last part I introduced you to .htaccess and some of its useful features. In this part I will show you how to use the .htaccess file to implement some of these.
在上一部分�,我已經(jīng)簡單介紹了.htaccess以及它的一些有用功能�,在這一部分,我將向你演示如何使用.htaccess文檔去實(shí)現(xiàn)這些功能�����。
Stop A Directory Index From Being Shown 停示顯示目錄列表
Sometimes, for one reason or another, you will have no index file in your directory. This will, of course, mean that if someone types the directory name into their browser, a full listing of all the files in that directory will be shown. This could be a security risk for your site.
有些時候���,由于某種原因�����,你的目錄里沒有index文件�����,這意味著當(dāng)有人在瀏覽器地址欄鍵入了該目錄的路徑,該目錄下所有的文件都會顯示出來�,這會給你的網(wǎng)站留下安全隱患��。
To prevent against this (without creating lots of new ‘index‘ files, you can enter a command into your .htaccess file to stop the directory list from being shown:
為避免這種情況(而不必創(chuàng)建一堆的新index文件)���,你可以在你的.htaccess文檔中鍵入以下命令��,用以阻止目錄列表的顯示:
Options -Indexes
Deny/Allow Certian IP Addresses 阻止/允許特定的IP地址
In some situations, you may want to only allow people with specific IP addresses to access your site (for example, only allowing people using a particular ISP to get into a certian directory) or you may want to ban certian IP addresses (for example, keeping disruptive memembers out of your message boards). Of course, this will only work if you know the IP addresses you want to ban and, as most people on the internet now have a dynamic IP address, so this is not always the best way to limit usage.
某些情況下��,你可能只想允許某些特定IP的用戶可以訪問你的網(wǎng)站(例如:只允許使用特定ISP的用戶進(jìn)入某個目錄)�,或者想封禁某些特定的IP地址(例如:將低級用戶隔離于你的信息版面外)�。當(dāng)然�����,這只在你知道你想攔截的IP地址時才有用�,然而現(xiàn)在網(wǎng)上的大多數(shù)用戶都使用動態(tài)IP地址��,所以這并不是限制使用的常用方法�。
You can block an IP address by using:
你可以使用以下命令封禁一個IP地址:
deny from 000.000.000.000
where 000.000.000.000 is the IP address. If you only specify 1 or 2 of the groups of numbers, you will block a whole range.
這里的000.000.000.000是被封禁的IP地址���,如果你只指明了其中的幾個�,則可以封禁整個網(wǎng)段的地址��。如你輸入210.10.56.��,則將封禁210.10.56.0~210.10.56.255的所有IP地址��。
You can allow an IP address by using:
你可以使用以下命令允許一個IP地址訪問網(wǎng)站:
allow from 000.000.000.000
where 000.000.000.000 is the IP address. If you only specify 1 or 2 of the groups of numbers, you will allow a whole range.
被允許的IP地址則為000.000.000.000�����,你可以象封禁IP地址一樣封禁整個網(wǎng)段�����。
If you want to deny everyone from accessing a directory, you can use:
如果你想阻止所有人訪問該目錄�,則可以使用:
deny from all
but this will still allow scripts to use the files in the directory.
不過這并不影響腳本程序使用這個目錄下的文檔。
Alternative Index Files 替換index文件
You may not always want to use index.htm or index.html as your index file for a directory, for example if you are using PHP files in your site, you may want index.php to be the index file for a directory. You are not limited to ‘index‘ files though. Using .htaccess you can set foofoo.blah to be your index file if you want to!
也許你不想一直使用index.htm或index.html作為目錄的索引文件�����。舉例來說�����,如果你的站點(diǎn)使用PHP文件�����,你可能會想使用index.php來作為該目錄的索引文檔。當(dāng)然也不必局限于“index”文檔���,如果你愿意�,使用.htaccess你甚至能夠設(shè)置foofoo.balh來作為你的索引文檔�����!
Alternate index files are entered in a list. The server will work from left to right, checking to see if each file exists, if none of them exisit it will display a directory listing (unless, of course, you have turned this off).
這些互為替換的索引文件可以排成一個列表�����,服務(wù)器會從左至右進(jìn)行尋找����,檢查哪個文檔在真實(shí)的目錄中存在����。如果一個也找不到�����,它將會把目錄列表顯示出來(除非你已經(jīng)關(guān)閉了顯示目錄文件列表)��。
DirectoryIndex index.php index.php3 messagebrd.pl index.html index.htm
Redirection 重定向
One of the most useful functions of the .htaccess file is to redirect requests to different files, either on the same server, or on a completely different web site. It can be extremely useful if you change the name of one of your files but allow users to still find it. Another use (which I find very useful) is to redirect to a longer URL, for example in my newsletters I can use a very short URL for my affiliate links. The following can be done to redirect a specific file:
.htaccess最有用的功能之一就是將請求重定向到同站內(nèi)或站外的不同文檔���。這在你改變了一個文件名稱���,但仍然想讓用戶用舊地址訪問到它時���,變的極為有用。另一個應(yīng)用(我發(fā)現(xiàn)的很有用的)是重定向到一個長URL���,例如在我的時事通訊中�����,我可以使用一個很簡短的URL來指向我的會員鏈接���。以下是一個重定向文件的例子:
Redirect /location/from/root/file.ext
http://www./new/file/location.xyz
In this above example, a file in the root directory called oldfile.html would be entered as:
上述例子中��,訪問在root目錄下的名為oldfile.html可以鍵入:
/oldfile.html
and a file in the old subdirectory would be entered as:
訪問一個舊次級目錄中的文件可以鍵入:
/old/oldfile.html
You can also redirect whole directoires of your site using the .htaccess file, for example if you had a directory called olddirectory on your site and you had set up the same files on a new site at: http://www./newdirectory/ you could redirect all the files in that directory without having to specify each one:
你也可以使用.htaccess重定向整個網(wǎng)站的目錄��。假如你的網(wǎng)站上有一個名為olddirectory的目錄,并且你已經(jīng)在一個新網(wǎng)站 http://www./newdirectory/上建立了與上相同的文檔���,你可以將舊目錄下所有的文件做一次重定向而不必一一聲明:
Redirect /olddirectory http://www./newdirectory
Then, any request to your site below /olddirectory will bee redirected to the new site, with the
extra information in the URL added on, for example if someone typed in:
這樣���,任何指向到站點(diǎn)中/olddirectory目錄的請求都將被重新指向新的站點(diǎn)��,包括附加的額外URL信息。例如有人鍵入:
http://www./olddirecotry/oldfiles/images/image.gif
They would be redirected to:
請求將被重定向到:
http://www./newdirectory/oldfiles/images/image.gif
This can prove to be extremely powerful if used correctly.
如果正確使用�����,此功能將極其強(qiáng)大�����。
Part 3 – 密碼保護(hù)
Introduction 介紹
Although there are many uses of the .htaccess file, by far the most popular, and probably most useful, is being able to relaibly password protect directories on websites. Although JavaScript etc. can also be used to do this, only .htaccess has total security (as someone must know the password to get into the directory, there are no ‘back doors‘)
盡管有各種各樣的.htaccess用法��,但至今最流行的也可能是最有用的做法是將其用于網(wǎng)站目錄可靠的密碼保護(hù)����。盡管JavaScrip等也能做到,但只有.htaccess具有完美的安全性(即訪問者必須知曉密碼才可以訪問目錄�����,并且絕無“后門”可走)���。
The .htaccess File 密碼保護(hù)的.htaccess文件
Adding password protection to a directory using .htaccess takes two stages. The first part is to add the appropriate lines to your .htaccess file in the directory you would like to protect. Everything below this directory will be password protected:
利用.htaccess將一個目錄加上密碼保護(hù)分兩個步驟。第一步是在你的.htaccess文檔里加上適當(dāng)?shù)膸仔写a����,再將.htaccess文檔放進(jìn)你要保護(hù)的目錄下:
AuthName "Section Name"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
There are a few parts of this which you will need to change for your site. You should replace "Section Name" with the name of the part of the site you are protecting e.g. "Members Area".
你可能需要根據(jù)你的網(wǎng)站情況修改一下上述內(nèi)容中的一些部分�,如用被保護(hù)部分的名字"Members Area"����,替換掉“Section Name”。
The /full/parth/to/.htpasswd should be changed to reflect the full server path to the .htpasswd file (more on this later). If you do not know what the full path to your webspace is, contact your system administrator for details.
/full/parth/to/.htpasswd則應(yīng)該替換為指向.htpasswd文件(后面詳述該文檔)的完整服務(wù)器路徑。如果你不知道你網(wǎng)站空間的完整路徑��,請?jiān)儐栆幌履愕南到y(tǒng)管理員���。
The .htpasswd File 密碼保護(hù)的.htpasswd文件
Password protecting a directory takes a little more work than any of the other .htaccess functions because you must also create a file to contain the usernames and passwords which are allowed to access the site. These should be placed in a file which (by default) should be called .htpasswd. Like the .htaccess file, this is a file with no name and an 8 letter extension. This can be placed anywhere within you website (as the passwords are encrypted) but it is advisable to store it outside the web root so that it is impossible to access it from the web.
目錄的密碼保護(hù)比.htaccess的其他功能要麻煩些,因?yàn)槟惚仨毻瑫r創(chuàng)建一個包含用戶名和密碼的文檔,用于訪問你的網(wǎng)站����,相關(guān)信息(默認(rèn))位于一個名為.htpasswd的文檔里�����。像.htaccess一樣,.htpasswd也是一個沒有文件名且具有8位擴(kuò)展名的文檔,可以放置在你網(wǎng)站里的任何地方(此時密碼應(yīng)加密),但建議你將其保存在網(wǎng)站W(wǎng)eb根目錄外����,這樣通過網(wǎng)絡(luò)就無法訪問到它了。
Entering Usernames And Passwords 輸入用戶名和密碼
Once you have created your .htpasswd file (you can do this in a standard text editor) you must enter the usernames and passwords to access the site. They should be entered as follows:
創(chuàng)建好.htpasswd文檔后(可以通過文字編輯器創(chuàng)建)���,下一步是輸入用于訪問網(wǎng)站的用戶名和密碼�����,應(yīng)為:
username:password
where the password is the encrypted format of the password. To encrypt the password you will either need to use one of the premade scripts available on the web or write your own. There is a good username/password service at the KxS site which will allow you to enter the user name and password and will output it in the correct format.
“password”的位置應(yīng)該是加密過的密碼。你可以通過幾種方法來得到加密過的密碼:一是使用一個網(wǎng)上提供的permade腳本或自己寫一個��;另一個很不錯的username/password加密服務(wù)是通過KxS網(wǎng)站����,這里允許你輸入用戶名及密碼�,然后生成正確格式的密碼���。
For multiple users, just add extra lines to your .htpasswd file in the same format as the first. There are even scripts available for free which will manage the .htpasswd file and will allow automatic adding/removing of users etc.
對于多用戶,你只需要在.htpasswd文檔中新增同樣格式的一行即可��。另外還有一些免費(fèi)的腳本程序可以方便地管理.htpasswd文檔,可以自動新增/移除用戶等����。
Accessing The Site 訪問網(wǎng)站
When you try to access a site which has been protected by .htaccess your browser will pop up a standard username/password dialog box. If you don‘t like this, there are certain scripts available which allow you to embed a username/password box in a website to do the authentication. You can also send the username and password (unencrypted) in the URL as follows:
當(dāng)你試圖訪問被.htaccess密碼保護(hù)的目錄時���,你的瀏覽器會彈出標(biāo)準(zhǔn)的username/password對話窗口。如果你不喜歡這種方式��,有些腳本程序可以允許你在頁面內(nèi)嵌入username/password輸入框來進(jìn)行認(rèn)證,你也可以在瀏覽器的URL框內(nèi)以以下方式輸入用戶名和密碼(未加密的):
http://username:password@www.website.com/directory/
Summary 小結(jié)
.htaccess is one of the most useful files a webmaster can use. There are a wide variety of different uses for it which can save time and increase security on your website.
.htaccess是一個站點(diǎn)管理員可以應(yīng)用的強(qiáng)大工具,有更多的變化以適應(yīng)不同的用途,可以節(jié)約時間及提高網(wǎng)站的安全性��。
相關(guān)閱讀:
.htaccess的特別說明
- 啟用.htaccess�����,需要修改httpd.conf,啟用AllowOverride�,并可以用AllowOverride限制特定命令的使用
- 如果需要使用.htaccess以外的其他文件名,可以用AccessFileName指令來改變�。例如�����,需要使用.config �����,則可以在服務(wù)器配置文件中按以下方法配置:
AccessFileName .config
- 一般情況下�����,不應(yīng)該使用.htaccess文件���,除非你對主配置文件沒有訪問權(quán)限。有一種很常見的誤解�,認(rèn)為用戶認(rèn)證只能通過.htaccess文件實(shí)現(xiàn),其實(shí)并不是這樣,把用戶認(rèn)證寫在主配置文件中是完全可行的��,而且是一種很好的方法��。.htaccess文件應(yīng)該被用在內(nèi)容提供者需要針對特定目錄改變服務(wù)器的配置而又沒有root權(quán)限的情況下。如果服務(wù)器管理員不愿意頻繁修改配置,則可以允許用戶通過.htaccess文件自己修改配置,尤其是ISP在同一個機(jī)器上運(yùn)行了多個用戶站點(diǎn)�,而又希望用戶可以自己改變配置的情況下����。雖然如此�����,一般都應(yīng)該盡可能地避免使用.htaccess文件�����。任何希望放在.htaccess文件中的配置��,都可以放在主配置文件的<Directory>段中����,而且更高效。避免使用.htaccess文件有兩個主要原因��,即性能和安全���。
