PHP Advanced and Object-Oriented Programming
Larry Ullman
The standard solution in these situations is to use the Apache Web server’s mod_rewrite module to allow for “prettier” URLs. mod_rewrite is a tool that lets you instruct the server that when the user goes to one URL, the server should provide another resource. mod_rewrite makes use of regular expressions, so the matching pattern and resulting actual URL can be as complex as needed.
These, and other changes to Apache’s behavior, can be made in two ways: by editing the primary Apache configuration file or by creating directory-specific files. The primary configuration file is httpd.conf, found within a conf directory, and it dictates how the entire Apache Web server runs (where the httpd.conf file is on your system will depend on many things). An .htaccess
file (pronounced “H-T access”) is placed within a Web directory and is used to affect how Apache behaves within just that folder and subfolders.
Generally speaking, it’s preferable to make changes in the httpd.conf file, since this file needs to be read only by the Web server each time the server is started. Conversely, .htaccess files must be read by the Web server once for every request to which an .htaccess file might apply.

[Sun Jan 07 20:42:16.394102 2018] [rewrite:error] [pid 188:tid 2172] [client] AH00670: Options FollowSymLinks and SymLinksIfOwnerMatch are both off, so the RewriteRule directive is also forbidden due to its similar ability to circumvent directory restrictions : C:/phpStudy/PHPTutorial/WWW/fastdatav/
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm l.php

# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
DocumentRoot "C:\phpStudy\PHPTutorial\WWW"
<Directory />
Options +Indexes +FollowSymLinks +ExecCGI
AllowOverride All
Order allow,deny
Allow from all
Require all granted
+Indexes 表示允许对目录文件生成列表
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
# #
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
# #
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
DirectoryIndex index.html index.php index.htm l.php
按照顺序,有index.php l.php同时有时,执行index.php #
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
<Files ".ht*">
Require all denied
You don't have permission to access /.htmy on this server.
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#ErrorLog "logs/error.log"
#ErrorLog "|bin/rotatelogs.exe -l logs/error-%Y-%m-%d.log 2M" #
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel debug <IfModule log_config_module>
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
# 日志记录格式 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common <IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule> #
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
##CustomLog "logs/access.log" common #
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#CustomLog "logs/access.log" combined

Apache的Order Allow,Deny 详解

Allow和Deny可以用于apache的conf文件或者.htaccess文件中(配合Directory, Location, Files等),用来控制目录和文件的访问授权。

Order Deny,Allow
Allow from All


Order Allow,Deny
Deny from All

Order Deny,Allow
Deny from ip1 ip2
Order Allow,Deny
Allow from all
Deny from ip1 ip2


Order Deny,Allow
Allow from all
Deny from
解决方法:Order Allow,Deny,后面两句不动,即可。

Order Allow,Deny
Allow from ip1
Deny from all
错误:想只允许来自ip1的访问,但是,虽然第二句中设定了allow规则,由于order中deny在后,所以会以第三句deny为准,而第三句的范围中又明显包含了ip1(all include ip1),所以所有的访问都被禁止了。
Order Deny,Allow
Deny from all
Allow from ip1

Order deny,allow
allow from all
deny from
Order deny,allow
deny from
allow from all
Order allow,deny
deny from
allow from all
Order allow,deny
allow from all
deny from
Order allow,deny
deny from all
allow from
Order allow,deny
allow from
deny from all

Options +FollowSymLinks


