

ErrorDocument 404 /404.html



• Part 1 – Introduction介绍
• Part 2 - .htaccess Commande命令
• Part 3 - Password protection密码保护

Part 1 – Introduction介绍

Introduction 介绍

In this tutorial you will find out about the .htaccess file and thepower it has to improve your website. Although .htaccess is only afile, it can change settings on the servers and allow you to domany different things, the most popular being able to have your owncustom 404 error pages. .htaccess isn't difficult to use and isreally just made up of a few simple instructions in a textfile.
从本指南中,您可以学习到有关.htaccess文档及其功能,用以优化您的网站。尽管.htaccess只是一个文档,但它可以更改服务器的设置,允许您做许多不同的事情,最流行的功能是您可以创建自定义的“404error”页面。.htaccess 并不难于应用,只是在一个text文档中添加几条简单的指令而已。

Will My Host Support It? 我的主机支持它吗?

This is probably the hardest question to give a simple answer to.Many hosts support .htaccess but don't actually publicise it andmany other hosts have the capability but do not allow their usersto have a .htaccess file. As a general rule, if your server runsUnix or Linux, or any version of the Apache web server it will support.htaccess, although your host may not allow you to use it.

A good sign of whether your host allows .htaccess files is if theysupport password protection of folders. Todo this they will need to offer .htaccess (although in a few casesthey will offer password protection but not let you use .htaccess).The best thing to do if you are unsure is to either upload your own.htaccess file and see if it works or e-mail your web host and askthem.

What Can I Do? 我该怎么做?

You may be wondering what .htaccess can do, or you may have readabout some of its uses but don't realise how many things you canactually do with it.

There is a huge range of things .htaccess can do including:password protecting folders, redirecting users automatically,custom error pages, changing your file extensions, banning userswith certian IP addresses, only allowing users with certain IPaddresses, stopping directory listings and using a different fileas the index file.

Creating A .htaccess File 创建一个.htaccess文档

Creating a .htaccess file may cause you a few problems. Writing thefile is easy, you just need enter the appropriate code into a texteditor (like notepad). You may run into problems with saving thefile. Because .htaccess is a strange file name (the file actuallyhas no name but a 8 letter file extension) it may not be acceptedon certain systems (e.g. Windows 3.1). With most operatingsystems, though, all you need to do is to save the file by enteringthe name as:

(including the quotes). If this doesn't work, you will need to nameit something else (e.g. htaccess.txt) and then upload it to theserver. Once you have uploaded the file you can then rename itusing an FTP program.

Warning 警告

Before beginning using .htaccess, I should give you one warning.Although using .htaccess on your server is extremely unlikely tocause you any problems (if something is wrong it simply won'twork), you should be wary if you are using the Microsoft FrontPageExtensions. The FrontPage extensions use the .htaccess file so youshould not really edit it to add your own information. If you dowant to (this is not recommended, but possible) you should downloadthe .htaccess file from your server first (if it exists) and thenadd your code to the beginning.
在使用.htaccess之前,我必须给你一些警告。尽管在服务器上使用.htaccess绝对不太可能给你带来任何麻烦(如果有些东西错了,它只是没效用罢了),但如果你使用MicrosoftFrontPage Extensions你就需要小心些。FrontPageExtensions使用了.htaccess,因此你不能编辑它,加入你自己的信息。如果你需要(并不推荐,但是可能)你应该先从服务器上下载.htaccess文档(如果存在),之后在前面加上你的代码。

Custom Error Pages 自定义错误页

The first use of the .htaccess file which I will cover is customerror pages. These will allow you to have your own, personal errorpages (for example when a file is not found) instead of using yourhost's error pages or having no page. This will make your site seemmuch more professional in the unlikely event of an error. It willalso allow you to create scripts to notify you if there is an error(for example I use a PHP script on Free Webmaster Help toautomatically e-mail me when a page is not found).
我想介绍的.htaccess第一个应用是自定义错误页面,这使得你可以拥有自己的、个性化的错误页面(例如找不到文件时),而不是你的服务商提供的错误页或没有任何页面。这会让你的网站在出错的时候看上去更加专业。你还可以利用脚本程序在发生错误的时候通知你(例如我使用FreeWebmaster Help的PHP脚本程序,当找不到页面的时候自动e-mail给我)。

You can use custom error pages for any error as long as you knowits number (like 404 for page not found) by adding the following toyour .htaccess file:

ErrorDocument errornumber /file.html
For example if I had the file notfound.html in the rootdirect
ory of my site and I wanted to use it for a 404 error I woulduse:

ErrorDocument 404 /notfound.html
If the file is not in the root directory of your site, you justneed to put the path to it:

ErrorDocument 500 /errorpages/500.html
These are some of the most common errors:

401 - Authorization Required
400 - Bad request
403 - Forbidden
500 - Internal Server Error
404 - Wrong page
Then, all you need to do is to create a file to display when theerror happens and upload it and the .htaccess file.

Part 2 - .htaccess 命令

Introduction 介绍

In the last part I introduced you to .htaccess and some of itsuseful features. In this part I will show you how to use the.htaccess file to implement some of these.

Stop A Directory Index From Being Shown 停示显示目录索引

Sometimes, for one reason or another, you will have no index filein your directory. This will, of course, mean that if someone typesthe directory name into their browser, a full listing of all thefiles in that directory will be shown. This could be a securityrisk for your site.

To prevent against this (without creating lots of new 'index'files, you can enter a command into your .htaccess file to stop thedirectory list from being shown:

Options -Indexes
Deny/Allow Certian IP Addresses 阻止/允许特定的IP地址

In some situations, you may want to only allow people with specificIP addresses to access your site (for example, only allowing peopleusing a particular ISP to get into a certian directory) or you maywant to ban certian IP addresses (for example, keeping disruptivememembers out of your message boards). Of course, this will onlywork if you know the IP addresses you want to ban and, as mostpeople on the internet now have a dynamic IP address, so this isnot always the best way to limit usage.

You can block an IP address by using:

deny from
where is the IP address. If you only specify 1 or 2of the groups of numbers, you will block a whole range.

You can allow an IP address by using:

allow from
where is the IP address. If you only specify 1 or 2of the groups of numbers, you will allow a whole range.

If you want to deny everyone from accessing a directory, you canuse:

deny from all
but this will still allow scripts to use the files in thedirectory.

Alternative Index Files 替代的index文档

You may not always want to use index.htm or index.html as yourindex file for a directory, for example if you are using PHP filesin your site, you may want index.php to be the index file for adirectory. You are not limited to 'index' files though. Using.htaccess you can set foofoo.blah to be your index file if you wantto!

Alternate index files are entered in a list. The server will workfrom left to right, checking to see if each file exists, if none ofthem exisit it will display a directory listing (unless, of course,you have turned this off).

DirectoryIndex index.php index.php3 messagebrd.pl index.htmlindex.htm
Redirection 重新指向

One of the most useful functions of the .htaccess file is toredirect requests to different files, either on the same server, oron a completely different web site. It can be extremely useful ifyou change the name of one of your files but allow users to stillfind it. Another use (which I find very useful) is to redirect to alonger URL, for example in my newsletters I can use a very shortURL for my affiliate links. The following can be done to redirect aspecific file:

Redirect /location/from/root/file.ext http://www.othersite.com/new/file/location.xyz
In this above example, a file in the root directory calledoldfile.html would be entered as:

and a file in the old subdirectory would be entered as:

You can also redirect whole directoires of your site using the.htaccess file, for example if you had a directory calledolddirectory on your site and you had set up the same files on anew site at: http://www.newsite.com/newdirectory/ you couldredirect all the files in that directory without having to specifyeach one:

Redirect /olddirectory http://www.newsite.com/newdirectory
Then, any request to your site below /olddirectory will beeredirected to the new site, with the
extra information in the URL added on, for example if someone typedin:

They would be redirected to:

This can prove to be extremely powerful if used correctly.

Part 3 – 密码保护

Introduction 介绍

Although there are many uses of the .htaccess file, by far the mostpopular, and probably most useful, is being able to relaiblypassword protect directories on websites. Although JavaScript etc.can also be used to do this, only .htaccess has total security (assomeone must know the password to get into the directory, there areno 'back doors')

The .htaccess File

Adding password protection to a directory using .htaccess takes twostages. The first part is to add the appropriate lines to your.htaccess file in the directory you would like to protect.Everything below this directory will be password protected:

AuthName "Section Name"
AuthType Basic
AuthUserFile /full/path/to/.htpasswd
Require valid-user
There are a few parts of this which you will need to change foryour site. You should replace "Section Name" with the name of thepart of the site you are protecting e.g. "Members Area".
有几个小部分你可能需要根据你的网站情况而修改一下。用被保护部分的名字替换掉”Section Name”,例如"MembersArea"。

The /full/parth/to/.htpasswd should be changed to reflect the fullserver path to the .htpasswd file (more on this later). If you donot know what the full path to your webspace is, contact yoursystem administrator for details.

The .htpasswd File

Password protecting a directory takes a little more work than anyof the other .htaccess functions because you must also create afile to contain the usernames and passwords which are allowed toaccess the site. These should be placed in a file which (bydefault)should be called .htpasswd. Like the .htaccess file, this is a filewith no name and an 8 letter extension. This can be placed anywherewithin you website (as the passwords are encrypted) but it isadvisable to store it outside the web root so that it is impossibleto access it from the web.

Entering Usernames And Passwords 输入用户名和密码

Once you have created your .htpasswd file (you can do this in astandard text editor) you must enter the usernames and passwords toaccess the site. They should be entered as follows:

where the password is the encrypted format of the password. Toencrypt the password you will either need to use one of the premadescripts available on the web or write your own. There is a goodusername/password service at the KxS site which will allow you toenter the user name and password and will output it in the correctformat.

For multiple users, just add extra lines to your .htpasswd file inthe same format as the first. There are even scripts available forfree which will manage the .htpasswd file and will allow automaticadding/removing of users etc.

Accessing The Site 访问网站

When you try to access a site which has been protected by .htaccessyour browser will pop up a standard username/password dialog box.If you don't like this, there are certain scripts available whichallow you to embed a username/password box in a website to do theauthentication. You can also send the username and password(unencrypted) in the URL as follows:

Summary 小结

.htaccess is one of the most useful files a webmaster can use.There are a wide variety of different uses for it which can savetime and increase security on your website.




注意:大部分搜索引擎将“404”与“410”状态同等对待,如Google。(参见Matt Cutts的说明)


  HTTP 404错误意味着链接指向的网页不存在,即原始网页的URL失效,这种情况经常会发生,很难避免,比如说:网页URL生成规则改变、网页文件更名或移动位置、导入链接拼写错误等,导致原来的URL地址无法访问;当Web服务器接到类似请求时,会返回一个404状态码,告诉浏览器要请求的资源并不存在。但是,Web服务器默认的404错误页面,无论Apache还是IIS,均十分简陋、呆板且对用户不友好,无法给用户提供必要的信息以获取更多线索,无疑这会造成用户的流失。







(二)自定义404错误页使用Meta Refresh返回“302”状态码




  在自定义404错误页面设置完毕后,一定要检查一下其是不是能够正确地返回“404”状态码。可以使用ServerHeader检查工具,输入一个不存在网页的url,查看一下HTTP Header的返回情况,确信其返回的是“404 Notfound”。





  为Apache Server设置 404错误页面的方法很简单,只需在.htaccess 文件中加入如下内容即可:

ErrorDocument 404 /notfound.php



首先,修改应用程序根目录的设置,打开 “web.config” 文件编辑,在其中加入如下内容:
<customErrors mode=”On” defaultRedirect=”error.asp”>
<error statusCode=”404″ redirect=”notfound.asp” />



Response.Status = “404 Not Found”



