Morten Bergset, profile picture
Uploaded byMorten Bergset
393 views

htaccess

The document discusses various ways to configure .htaccess files to modify Apache server behavior. Some examples covered include: 1. Using ErrorDocument directives to customize error pages for different HTTP status codes like 400, 401, 403, 404, and 500. 2. Authentication and authorization using Auth directives like AuthUserFile and AuthGroupFile to password protect directories. 3. Rewrite rules to redirect requests, rewrite URLs, and route requests through index.php for an MVC framework. 4. Common flags used in rewrite rules like L, QSA, and R to control matching and redirection behavior.

Embed presentation

Downloaded 13 times
En lightning talk av Morten Bergset
Hva er .htaccess • det er en fil en kan overstyre det som Apache i httpd.conf tillater • endringen gjelder i den mappen .htaccess filen er lagret, og underliggende mapper • med veldig lite kode kan man gjøre store endringer!
Error dokumenter ErrorDocument 400 /errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/serverr.html
Passord beskytte fil/mappe AuthUserFile /usr/local/you/safedir/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user valid-user
Blokkere besøk på IP order allow,deny deny from 123.45.6.7 allow from all
.html som .php AddHandler application/x-httpd-php .html Security through obscurity…
Redirect vs RewriteRule • Redirect er nesten samme som RewriteRule • Redirect er enkel • RewriteRule er kraftig (regex)
Redirects # Ny url på en mappe:
 Redirect /old /new # Redirecte hele website til ny url (301=permanent)
 Redirect 301 / http://test.com/ # Ny url på fil:
 Redirect /dir/oldfile.php /newfile.php
RewriteRules Example:
 RewriteRule ^dir/([0-9]+)/?$ /index.php?id=$1 [L] Pattern: ^dir/([0-9]+) /?$
 Rewrite: /index.php?id=$1
 Command Flag: [L]
Betingelser # Turn on the rewrite engine
 RewriteEngine on # If the request doesn't end in .php, continue processing rules
 RewriteCond %{REQUEST_URI} !.php$ [NC] # If the request doesn't end in a slash continue processing the rules
 RewriteCond %{REQUEST_URI} [^/]$ # Rewrite the request with a .php extension. L means this is the 'Last' rule
 RewriteRule ^(.*)$ $1.php [L]
Redirect http til https RewriteEngine On 
 RewriteCond %{SERVER_PORT} 80 
 RewriteRule ^(.*)$ https://sub.profundo.no/$1 [R,L]
Få den siste delen av url som parameter RewriteEngine On 
 RewriteRule ^(w+)$ ./index.php?id=$1 ————————————————————————————————————————————- I PHP kode: <?= $_GET["id"] ?>
Slippe å ha .php i url Options MultiViews
Vise innhold i annen folder uten å gå til annen URL Options +FollowSymLinks -MultiViews RewriteEngine On RewriteBase / RewriteRule ^kunde$ /kunde/ [QSA,L,R=301,NC] RewriteRule ^kunde?(.*)$ /app/$1 [QSA,L,NC]
Fjerne www i URL RewriteEngine On RewriteCond %{HTTP_HOST} !^your-site.com$ [NC] RewriteRule ^(.*)$ https://your-site.com/$1 [L,R=301]
Dette bruker jeg i mitt MVC prosjekt hjemme RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?route=$1 [L,NC,QSA]
Alle requester går via index.php, 
 unntatt filer som er tilgjengelig i public folder AddDefaultCharset utf-8
 AddCharset utf-8 .html .css .php .txt .js
 
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^ index.php
Flagg • QSA = preserve existing query parameters (query string append) • L = last rule • R = force redirect • NC = no case, case-insensitive
Tvinge download av filterer <Files *.xls> ForceType application/octet-stream Header set Content-Disposition attachment </Files>
Hindre tilgang i en mappe deny from all eller order deny,allow
 deny from all
 allow from xxx.xxx.xxx.xxx
Hindre tilgang til filer <FilesMatch ".(htaccess|htpasswd|ini|fla|psd|log|sh)$">
 Order Allow,Deny
 Deny from all
 </FilesMatch>
Legg til/endre MIME types # audio
 AddType audio/ogg oga ogg # video
 AddType video/ogg ogv
Directory listing # liste opp filer
 Options +Indexes # liste opp alle unntatt gif og jpg
 IndexIgnore *.gif *.jpg # IKKE liste opp filer
 Options -Indexes
Optimalisere statiske filer AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/ javascript text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4.0[678] no-gzip BrowserMatch bMSIE !no-gzip !gzip-only-text/html
Browser caching <IfModule mod_expires.c>
 ExpiresActive On
 ExpiresByType image/jpg "access 1 year"
 ExpiresByType image/jpeg "access 1 year"
 ExpiresByType image/gif "access 1 year"
 ExpiresByType image/png "access 1 year"
 ExpiresByType text/css "access 1 month"
 ExpiresByType application/pdf "access 1 month"
 ExpiresByType text/x-javascript "access 1 month"
 ExpiresByType application/x-shockwave-flash "access 1 month"
 ExpiresByType image/x-icon "access 1 year"
 ExpiresDefault "access 2 days"
 </IfModule>
Automatisk UTF-8 charset på filer <FilesMatch ".(htm|html|css|js)$"> AddDefaultCharset UTF-8 </FilesMatch>
Hindre robot indeksering Header set X-Robots-Tag "noindex, noarchive, nosnippet"
Sette caching av filer: optimalisering <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> Header set Cache-Control "max-age=28800" </FilesMatch>
Maintenance page RewriteCond %{REMOTE_ADDR} !your_ip_address RewriteCond %{REMOTE_ADDR} !127.0.0.1 RewriteRule !offline.php$ http://www.example.com/back_soon.html [L,R=307]
Logge PHP errors # display no errs to user
 php_flag display_startup_errors off
 php_flag display_errors off
 php_flag html_errors off # log to file
 php_flag log_errors on
 php_value error_log /location/to/php_error.log
Compress output: GZIP <IfModule mod_gzip.c>
 mod_gzip_on Yes
 mod_gzip_dechunk Yes
 mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
 mod_gzip_item_include handler ^cgi-script$
 mod_gzip_item_include mime ^text/.*
 mod_gzip_item_include mime ^application/x-javascript.*
 mod_gzip_item_exclude mime ^image/.*
 mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
 </IfModule>
Shorter URLs Options +FollowSymlinks RewriteEngine on RewriteRule ^files/(.+)/(.+).zip download.php?type= $1&file=$2 [nc]
Laravel sin .htaccess
Joomla og htaccess

More Related Content

PPT
Comparative Development Methodologies
byelliando dias
 
PDF
Running the Apache Web Server
bywebhostingguy
 
PDF
CORS review
byEric Ahn
 
PPT
Apache Web Server Setup 4
byInformation Technology
 
PPT
Apache Web Server Setup 1
byInformation Technology
 
PPTX
Web Security - Cookies, Domains and CORS
byPerfectial, LLC
 
PDF
CORS and (in)security
byn|u - The Open Security Community
 
PPTX
DevOps Fest 2019. Сергей Марченко. Terraform: a novel about modules, provider...
byDevOps_Fest
 
Comparative Development Methodologies
byelliando dias
 
Running the Apache Web Server
bywebhostingguy
 
CORS review
byEric Ahn
 
Apache Web Server Setup 4
byInformation Technology
 
Apache Web Server Setup 1
byInformation Technology
 
Web Security - Cookies, Domains and CORS
byPerfectial, LLC
 
CORS and (in)security
byn|u - The Open Security Community
 
DevOps Fest 2019. Сергей Марченко. Terraform: a novel about modules, provider...
byDevOps_Fest
 

What's hot

PDF
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
byWordCamp Sydney
 
PPTX
Misconfigured CORS, Why being secure isn't getting easier. AppSec USA 2016
byEvan J Johnson (Not a CISSP)
 
PPTX
Cross Origin Resource Sharing (CORS) - Azizul Hakim
byCefalo
 
PPTX
CrossRef Technical Basics 2010 CrossRef Workshops
byCrossref
 
KEY
Site Performance - From Pinto to Ferrari
byJoseph Scott
 
PDF
Cross-domain requests with CORS
byVladimir Dzhuvinov
 
PPT
Php intro
byJennie Gajjar
 
PPT
Html5 drupal7 with mandakini kumari(1)
byMandakini Kumari
 
PDF
一次Http请求过程分析
byTony Deng
 
PPTX
Demystifying REST
byKirsten Hunter
 
PPT
Bypass file upload restrictions
byMukesh k.r
 
PDF
File upload-vulnerability-in-fck editor
byPaolo Dolci
 
PDF
The cost of learning - advantage of mixer2
byY Watanabe
 
PPTX
Ajax basics
byHernán Garzón de la Roza
 
PPTX
Decentralized storage
byAnurag Dashputre
 
PPTX
PHP Hypertext Preprocessor
byadeel990
 
PPT
Now That's What I Call WordPress Security 2010
byBrad Williams
 
PDF
Caching. api. http 1.1
byArtjoker Digital
 
PPT
Session2 part1
bybanputer
 
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
byWordCamp Sydney
 
Misconfigured CORS, Why being secure isn't getting easier. AppSec USA 2016
byEvan J Johnson (Not a CISSP)
 
Cross Origin Resource Sharing (CORS) - Azizul Hakim
byCefalo
 
CrossRef Technical Basics 2010 CrossRef Workshops
byCrossref
 
Site Performance - From Pinto to Ferrari
byJoseph Scott
 
Cross-domain requests with CORS
byVladimir Dzhuvinov
 
Php intro
byJennie Gajjar
 
Html5 drupal7 with mandakini kumari(1)
byMandakini Kumari
 
一次Http请求过程分析
byTony Deng
 
Demystifying REST
byKirsten Hunter
 
Bypass file upload restrictions
byMukesh k.r
 
File upload-vulnerability-in-fck editor
byPaolo Dolci
 
The cost of learning - advantage of mixer2
byY Watanabe
 
Ajax basics
byHernán Garzón de la Roza
 
Decentralized storage
byAnurag Dashputre
 
PHP Hypertext Preprocessor
byadeel990
 
Now That's What I Call WordPress Security 2010
byBrad Williams
 
Caching. api. http 1.1
byArtjoker Digital
 
Session2 part1
bybanputer
 

More from Morten Bergset

PDF
KristiansandPHP 2017 - Nov
byMorten Bergset
 
PDF
Meetup16
byMorten Bergset
 
PDF
Laravel tips
byMorten Bergset
 
PDF
Laravel Spark, and Twig
byMorten Bergset
 
PDF
Meetup 9 i KristansandPHP
byMorten Bergset
 
PDF
Meetup #7, Laravel intro, og design/GUI
byMorten Bergset
 
PDF
KristiansandPHP meetup 6
byMorten Bergset
 
PDF
KristiansandPHP meetup 5
byMorten Bergset
 
PDF
Kristiansand php meeting #1
byMorten Bergset
 
PPTX
Responsiv design og Bootstrap 3
byMorten Bergset
 
KristiansandPHP 2017 - Nov
byMorten Bergset
 
Meetup16
byMorten Bergset
 
Laravel tips
byMorten Bergset
 
Laravel Spark, and Twig
byMorten Bergset
 
Meetup 9 i KristansandPHP
byMorten Bergset
 
Meetup #7, Laravel intro, og design/GUI
byMorten Bergset
 
KristiansandPHP meetup 6
byMorten Bergset
 
KristiansandPHP meetup 5
byMorten Bergset
 
Kristiansand php meeting #1
byMorten Bergset
 
Responsiv design og Bootstrap 3
byMorten Bergset
 

Recently uploaded

PPTX
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
PDF
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
PPTX
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
PDF
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
PDF
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
PDF
Networking 2 Syllabus using cisco packet tracer simulator
byODINARARCH
 
Mind Sound Resonance Technique (MSRT) Teacher Training Course.pptx
byKaruna Yoga Vidya Peetham
 
Think before you Click (Ligap Project) - SI Ebhonu at FGGC.pdf
bySylvester Ebhonu
 
Cybersecurity cyber incident Weeks_7_to_9.pptx
byriaz59
 
AI Girlfriend Platforms Compared 2026 AI Angels Janitor AI Character AI Candy AI
byAi Angels
 
HYBRID APP DEVELOPMENT AND TECHNOLOGY 01
bydavidjohansen1597
 
Networking 2 Syllabus using cisco packet tracer simulator
byODINARARCH
 

htaccess

  • 1.
    En lightning talkav Morten Bergset
  • 2.
    Hva er .htaccess •det er en fil en kan overstyre det som Apache i httpd.conf tillater • endringen gjelder i den mappen .htaccess filen er lagret, og underliggende mapper • med veldig lite kode kan man gjøre store endringer!
  • 3.
    Error dokumenter ErrorDocument 400/errors/badrequest.html ErrorDocument 401 /errors/authreqd.html ErrorDocument 403 /errors/forbid.html ErrorDocument 404 /errors/notfound.html ErrorDocument 500 /errors/serverr.html
  • 4.
    Passord beskytte fil/mappe AuthUserFile/usr/local/you/safedir/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require user valid-user
  • 7.
    Blokkere besøk påIP order allow,deny deny from 123.45.6.7 allow from all
  • 8.
    .html som .php AddHandlerapplication/x-httpd-php .html Security through obscurity…
  • 9.
    Redirect vs RewriteRule •Redirect er nesten samme som RewriteRule • Redirect er enkel • RewriteRule er kraftig (regex)
  • 10.
    Redirects # Ny urlpå en mappe:
 Redirect /old /new # Redirecte hele website til ny url (301=permanent)
 Redirect 301 / http://test.com/ # Ny url på fil:
 Redirect /dir/oldfile.php /newfile.php
  • 12.
    RewriteRules Example:
 RewriteRule ^dir/([0-9]+)/?$ /index.php?id=$1[L] Pattern: ^dir/([0-9]+) /?$
 Rewrite: /index.php?id=$1
 Command Flag: [L]
  • 13.
    Betingelser # Turn onthe rewrite engine
 RewriteEngine on # If the request doesn't end in .php, continue processing rules
 RewriteCond %{REQUEST_URI} !.php$ [NC] # If the request doesn't end in a slash continue processing the rules
 RewriteCond %{REQUEST_URI} [^/]$ # Rewrite the request with a .php extension. L means this is the 'Last' rule
 RewriteRule ^(.*)$ $1.php [L]
  • 14.
    Redirect http tilhttps RewriteEngine On 
 RewriteCond %{SERVER_PORT} 80 
 RewriteRule ^(.*)$ https://sub.profundo.no/$1 [R,L]
  • 15.
    Få den sistedelen av url som parameter RewriteEngine On 
 RewriteRule ^(w+)$ ./index.php?id=$1 ————————————————————————————————————————————- I PHP kode: <?= $_GET["id"] ?>
  • 16.
    Slippe å ha.php i url Options MultiViews
  • 17.
    Vise innhold iannen folder uten å gå til annen URL Options +FollowSymLinks -MultiViews RewriteEngine On RewriteBase / RewriteRule ^kunde$ /kunde/ [QSA,L,R=301,NC] RewriteRule ^kunde?(.*)$ /app/$1 [QSA,L,NC]
  • 18.
    Fjerne www iURL RewriteEngine On RewriteCond %{HTTP_HOST} !^your-site.com$ [NC] RewriteRule ^(.*)$ https://your-site.com/$1 [L,R=301]
  • 19.
    Dette bruker jegi mitt MVC prosjekt hjemme RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php?route=$1 [L,NC,QSA]
  • 20.
    Alle requester gårvia index.php, 
 unntatt filer som er tilgjengelig i public folder AddDefaultCharset utf-8
 AddCharset utf-8 .html .css .php .txt .js
 
 RewriteEngine On
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteRule ^ index.php
  • 21.
    Flagg • QSA =preserve existing query parameters (query string append) • L = last rule • R = force redirect • NC = no case, case-insensitive
  • 22.
    Tvinge download avfilterer <Files *.xls> ForceType application/octet-stream Header set Content-Disposition attachment </Files>
  • 23.
    Hindre tilgang ien mappe deny from all eller order deny,allow
 deny from all
 allow from xxx.xxx.xxx.xxx
  • 24.
    Hindre tilgang tilfiler <FilesMatch ".(htaccess|htpasswd|ini|fla|psd|log|sh)$">
 Order Allow,Deny
 Deny from all
 </FilesMatch>
  • 25.
    Legg til/endre MIMEtypes # audio
 AddType audio/ogg oga ogg # video
 AddType video/ogg ogv
  • 26.
    Directory listing # listeopp filer
 Options +Indexes # liste opp alle unntatt gif og jpg
 IndexIgnore *.gif *.jpg # IKKE liste opp filer
 Options -Indexes
  • 27.
    Optimalisere statiske filer AddOutputFilterByTypeDEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/ javascript text/css application/x-javascript BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4.0[678] no-gzip BrowserMatch bMSIE !no-gzip !gzip-only-text/html
  • 28.
    Browser caching <IfModule mod_expires.c>
 ExpiresActiveOn
 ExpiresByType image/jpg "access 1 year"
 ExpiresByType image/jpeg "access 1 year"
 ExpiresByType image/gif "access 1 year"
 ExpiresByType image/png "access 1 year"
 ExpiresByType text/css "access 1 month"
 ExpiresByType application/pdf "access 1 month"
 ExpiresByType text/x-javascript "access 1 month"
 ExpiresByType application/x-shockwave-flash "access 1 month"
 ExpiresByType image/x-icon "access 1 year"
 ExpiresDefault "access 2 days"
 </IfModule>
  • 29.
    Automatisk UTF-8 charsetpå filer <FilesMatch ".(htm|html|css|js)$"> AddDefaultCharset UTF-8 </FilesMatch>
  • 30.
    Hindre robot indeksering Headerset X-Robots-Tag "noindex, noarchive, nosnippet"
  • 31.
    Sette caching avfiler: optimalisering <FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|pdf)$"> Header set Cache-Control "max-age=28800" </FilesMatch>
  • 32.
    Maintenance page RewriteCond %{REMOTE_ADDR}!your_ip_address RewriteCond %{REMOTE_ADDR} !127.0.0.1 RewriteRule !offline.php$ http://www.example.com/back_soon.html [L,R=307]
  • 33.
    Logge PHP errors #display no errs to user
 php_flag display_startup_errors off
 php_flag display_errors off
 php_flag html_errors off # log to file
 php_flag log_errors on
 php_value error_log /location/to/php_error.log
  • 34.
    Compress output: GZIP <IfModulemod_gzip.c>
 mod_gzip_on Yes
 mod_gzip_dechunk Yes
 mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
 mod_gzip_item_include handler ^cgi-script$
 mod_gzip_item_include mime ^text/.*
 mod_gzip_item_include mime ^application/x-javascript.*
 mod_gzip_item_exclude mime ^image/.*
 mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
 </IfModule>
  • 35.
    Shorter URLs Options +FollowSymlinks RewriteEngineon RewriteRule ^files/(.+)/(.+).zip download.php?type= $1&file=$2 [nc]
  • 36.
  • 37.