This article is for white-talk (note the topics for) learning uploaded files, are some of the chiefs should be useless stuff (but welcome Gangster trap and is pointing the wrong, thank you in advance)!
So get started.
(1) The first is the .htaccess file.
htaccess is the acronym for Hypertext access (Hypertext Access) is a profile-based Apache Web server to use for directory and all subdirectories in it under the control of the directory .
The main function of .htaccess files, including password-protect folders, to prohibit or allow the user to use the IP address to access prohibited directory browsing, the user is automatically redirected to another page or directory, create and use custom error pages, changing with specific extensions use a file name, or by specifying a file extension or specific file as a home page.
You need to add ServerSignature Off instruction in all .htaccess file, because then you can prevent the display of information on the server directory listings (which makes the reconnaissance phase of the attacker will be very obvious tips). So, the best time to complete control of the web service through your httpd.conf, not your htaccess file.
(First so be it, tired ah)