• 赤色のリンクは、まだ日本語Codexに存在しないページ・画像です。英語版と併せてご覧ください。(詳細

このWikiはいつでも誰でも編集できます

「htaccess」の版間の差分

提供: WordPress Codex 日本語版
移動先: 案内検索
(ログイン画面をパスワードで保護する)
(あわせて読む)
373行目: 373行目:
 
[[Category:トラブルシューティング]]
 
[[Category:トラブルシューティング]]
 
[[Category:上級トピック]]
 
[[Category:上級トピック]]
 +
[[Category:セキュリティ]]

2015年5月26日 (火) 21:43時点における版

The .htaccess is a distributed configuration file, and is how Apache handles configuration changes on a per-directory basis.

WordPress uses this file to manipulate how Apache serves files from its root directory, and subdirectories thereof. Most notably, WP modifies this file to be able to handle pretty permalinks.

This page may be used to restore a corrupted .htaccess file (e.g. a misbehaving plugin).

基本のWordPress

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

マルチサイト

WordPress 3.5 以上

If you activated Multisite on WordPress 3.5 or later, use one of these.

サブフォルダーの例

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

サブドメインの例

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

WordPress 3.4 以下

If you originally installed WordPress with 3.4 or older and activated Multisite then, you need to use one of these:

サブフォルダーの例

WordPress 3.0 through 3.4.2

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
# END WordPress


サブドメインの例

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]
# END WordPress


WordPress MU

If you started using WordPress with WordPress MU (WPMU) and then migrated to a newer version of WordPress multisite, the .htaccess rules are more complex:

SubFolder Example

RewriteEngine On
RewriteBase /

# BEGIN WordPress
#uploaded files
RewriteRule ^(.*/)?files/$ index.php [L]
RewriteCond %{REQUEST_URI} !.*wp-content/plugins.*
RewriteRule ^(.*/)?files/(.*) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteCond %{REQUEST_URI} ^.*/wp-admin$
RewriteRule ^(.+)$ $1/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule  ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
# END WordPress


一般的な例

オプション

Any options preceded by a + are added to the options currently in force, and any options preceded by a - are removed from the options currently in force.

Possible values for the Options directive are any combination of:

None 
All options are turned off.
All 
All options except for MultiViews. This is the default setting.
ExecCGI 
Execution of CGI scripts using mod_cgi is permitted.
FollowSymLinks 
The server will follow symbolic links in this directory.
Includes 
Server-side includes provided by mod_include are permitted.
IncludesNOEXEC 
Server-side includes are permitted, but the #exec cmd and #exec cgi are disabled.
Indexes 
URL maps to a directory, and no DirectoryIndex, a formatted listing of the directory.
MultiViews 
Content negotiated "MultiViews" are allowed using mod_negotiation.
SymLinksIfOwnerMatch 
Only follow symbolic links where target is owned by the same user id as the link.

This will disable all options, and then only enable FollowSymLinks, which is necessary for mod_rewrite.

Options None
Options FollowSymLinks


DirectoryIndex

DirectoryIndex sets the file that Apache will serve if a directory is requested.

Several URLs may be given, in which case the server will return the first one that it finds.

DirectoryIndex index.php index.html /index.php


デフォルトの言語

DefaultLanguage will cause all files that do not already have a specific language tag associated with it will use this.

DefaultLanguage en


デフォルトの文字セット

Set the default character encoding sent in the HTTP header. See: Setting charset information in .htaccess

AddDefaultCharset UTF-8

Set Charset for Specific Files

AddType 'text/html; charset=UTF-8' .html


Set for specific files

<Files "example.html">
AddCharset UTF-8 .html
</Files>


サーバ署名

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents. Optionally add a line containing the server version and virtual host name to server-generated pages (internal error documents, FTP directory listings, mod_status and mod_info output etc., but not CGI generated documents or custom error documents).

On 
adds a line with the server version number and ServerName of the serving virtual host
Off 
suppresses the footer line
Email 
creates a "mailto:" reference to the ServerAdmin of the referenced document
SetEnv SERVER_ADMIN admin@site.com
ServerSignature Email


ファイルダウンロードを強制する

The below will cause any requests for files ending in the specified extensions to not be displayed in the browser but instead force a "Save As" dialog so the client can download.

AddType application/octet-stream .avi .mpg .mov .pdf .xls .mp4


HTTP圧縮

The AddOutputFilter directive maps the filename extension extension to the filters which will process responses from the server before they are sent to the client. This is in addition to any filters defined elsewhere, including SetOutputFilter and AddOutputFilterByType. This mapping is merged over any already in force, overriding any mappings that already exist for the same extension.

See also: https://developers.google.com/speed/docs/insights/EnableCompression

AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

Force Compression for certain files

<FilesMatch "\.(js|css|txt|xml)$">
SetOutputFilter DEFLATE
</FilesMatch>


Send Custom HTTP Headers

The Header directive lets you send HTTP headers for every request, or just specific files. You can view a sites HTTP Headers using Firebug, Chrome Dev Tools, Wireshark or an online tool.

Header set X-Pingback "http://www.askapache.com/xmlrpc.php"
Header set Content-Language "en-US"


Unset HTTP Headers

This will unset HTTP headers, using always will try extra hard to remove them.

Header unset Pragma
Header always unset WP-Super-Cache
Header always unset X-Pingback


ログイン画面をパスワードで保護する

wp-login.phpファイルを保護するのは、非常に有用です。htpasswd generatorパスワードジェネレーターを使用しましょう。

Basic認証

<Files wp-login.php>
AuthType Basic
AuthName "Password Protected"
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Satisfy All
</Files>

Digest認証

<Files wp-login.php>
AuthType Digest
AuthName "Password Protected"
AuthDigestDomain /wp-login.php https://www.askapache.com/wp-login.php
AuthUserFile /full/path/to/.htpasswd
Require valid-user
Satisfy All
</Files>

特定のIPを必要とする

This is a way to only allow certain IP addresses to be allowed access.

ErrorDocument 401 default
ErrorDocument 403 default

<Files wp-login.php>
Order deny,allow
Deny from all
Allow from 198.101.159.98 localhost
</Files>


機密ファイルを保護

This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds.

<FilesMatch "^.*(error_log|wp-config\.php|php.ini|\.[hH][tT][aApP].*)$">
Order deny,allow
Deny from all
</FilesMatch>


SSLを要求する

This will force SSL, and require the exact hostname or else it will redirect to the SSL version. Useful in a /wp-admin/.htaccess file.

SSLOptions +StrictRequire
SSLRequireSSL
SSLRequire %{HTTP_HOST} eq "www.wordpress.com"
ErrorDocument 403 https://www.wordpress.com


外部リソース


あわせて読む

最新英語版: WordPress Codex » htaccess最新版との差分

このページ「htaccess」はまだ書きかけで、情報が不足しています。続きを書いて WordPress を手助けしましょう.


このページ「htaccess」は未翻訳です。和訳や日本語情報を加筆してくださる協力者を求めています