.htaccessFiles provide a way to make configuration changes on a per-directory basis.
1. Why/how to use .htaccess
.htaccessFiles (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file containing one or more configuration directives is placed in a specific documentation directory, and the directives apply to that directory and all its subdirectories.
Note: If you want to
.htaccesscall the file as another file, you can useAccessFileNamethe command to change the file name. For example, if you wish to call a file.config, you would put the following into the server configuration file:AccessFileName ".config"Shell
Typically, .htaccessthe file uses the same syntax as the main configuration file. What can be placed in these files AllowOverrideis determined by the directive. This directive specifies in the category .htaccesswhich directives found in the file will be followed. If .htaccessa directive is allowed in a file, the documentation for that directive will contain a section that specifies the values that must be included in Overridethe directive in order for the directive to be allowed.AllowOverride
2. When to use/not to use .htaccess files
Generally, files should only be used when the main server configuration file is inaccessible .htaccess. For example, there is a common misconception that user authentication should always .htaccessbe done in a file, and in recent years another misconception is that mod_rewriteinstructions must be placed .htaccessin a file. That's not the case at all. You can put the user authentication configuration in the main server configuration, in fact this is the preferred way of doing things. Likewise, mod_rewritedirectives work better in a master server configuration in many ways.
.htaccessFile should be used in situations where the content provider needs to make configuration changes to the server on a per-directory basis but does not have root access on the server system. If the server administrator is unwilling to make frequent configuration changes, he may want to allow individual users .htaccessto make these changes in the files themselves. This is especially true, for example, where an ISP hosts multiple user sites on a single computer and wants its users to be able to change their configurations.
However, in general, files should be avoided whenever possible .htaccess. .htaccessAny configuration you consider putting into the file can <Directory>effectively be done in sections of the main server configuration file.
There are two main reasons to avoid using .htaccessfiles.
The first is performance. When AllowOverrideset to allow .htaccessfiles, httpd will look for files in every directory .htaccess. Therefore, allowing .htaccessfiles results in performance degradation, regardless of whether you actually use them. Additionally, the file is loaded every time the document is requested .htaccess.
Also note that httpd must look for files in all higher-level directories .htaccessin order to have the full set of instructions that must be applied. Therefore, if /www/htdocs/examplea file is requested from a directory, httpd must look for the following files:
/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess
Shell
So for every file access in that directory, even if none of those files exist, there are 4 extra file system accesses. (Note that .htaccessthis only occurs if the file is /enabled, which is generally not the case.)
As with RewriteRulethe directive, in .htaccessthe context these regular expressions must be recompiled with every request to the directory, whereas in the main server configuration context they will be compiled once and cached. Additionally, the rules themselves are more complex because each directory context must be addressed and mod_rewritethe limitations that come with it.
The second consideration is safety. You allow users to modify the server configuration, which may result in uncontrollable changes. Carefully consider whether you want to provide this permission to your users. Also note that providing users with less permissions than they need will result in additional technical support requests. Make sure you clearly tell users the level of permissions you are giving them. Specifying exactly AllowOverridewhat you set up and pointing them to the relevant documentation will save you a lot of confusion later.
Note that it is exactly equivalent to placing .htaccessthe file in the directory containing the directive /www/htdocs/exampleand placing the same directive in Directorythe section of the master server <Directory "/www/htdocs/example">configuration.
.htaccessThe file is in the directory /www/htdocs/example:
AddType text/example ".exm"
Shell
Contents of httpd.conf file -
<Directory "/www/htdocs/example">
AddType text/example ".exm"
</Directory>
Shell
However, placing this configuration in the server configuration file will result in less performance penalty because the configuration is loaded once when httpd starts, rather than every time the file is requested.
The use of the file can be completely disabled by AllowOverridesetting the directive to :none.htaccess
AllowOverride None
Shell
3. How to apply instructions
.htaccessConfiguration directives found in a file will be applied to the directory in which the file is found and .htaccessall its subdirectories. However, it's important to also remember that .htaccessfiles may exist within the directory. Instructions are applied in the order they are found. Therefore, files in a specific directory may override instructions found in files .htaccesshigher in the directory tree . .htaccessThose, in turn, may have been overridden by directives higher up, or within the master server configuration file itself.
Example:
In the directory /www/htdocs/example1, there is a .htaccessfile with the following content:
Options +ExecCGI
Shell
NOTE: Required
AllowOverride Optionsto allow directives.htaccessto be used in filesOptions.
In the directory /www/htdocs/example1/example2, there is a .htaccessfile with the contents:
Options Includes
Shell
Since the second .htaccessfile, in the directory /www/htdocs/example1/example2, is not allowed to execute CGI, as only Options Includesvalid, this completely overwrites any earlier settings that may already exist.
Merge .htaccess with main configuration file
.htaccessFiles can overwrite <Directory>fragments of the corresponding directory, but will be overwritten by other types of configuration fragments in the main configuration file. Even if settings exist AllowOverride, they can be used to enforce certain configurations. For example, to prevent the script from executing while allowing .htaccessanything else to be set in , you could use:
<Directory "/www/htdocs">
AllowOverride All
</Directory>
<Location "/">
Options +IncludesNoExec -ExecCGI
</Location>
Shell
4. Certification Example
There is a common misconception that you need to use .htaccessa file to implement password authentication. Placing the authentication directives <Directory>in a section of the master server configuration file is the preferred way to achieve this, and should only be used if you do not have access to the master server configuration file .htaccess. See above for when .htaccessfiles should and should not be used.
Having said that, if you still think you need to use .htaccessfiles, you may find that the following configuration may work for you.
.htaccessdocument content:
AuthType Basic
AuthName "Password Required"
AuthUserFile "/www/passwords/password.file"
AuthGroupFile "/www/passwords/group.file"
Require group admins
Shell
Please note that
AllowOverride AuthConfigmust be valid for these directives to take effect.
5. Server-side include examples
.htaccessAnother common use for files is to enable server-side includes for specific directories. This can be accomplished with the following configuration directive, placed in .htaccessa file in the required directory:
Options +Includes
AddType text/html shtml
AddHandler server-parsed shtml
Shell
Note that
AllowOverride OptionsandAllowOverride FileInfomust be valid for these instructions at the same time to be effective.
6. Rewrite rules in .htaccess files
When .htaccessused within a file RewriteRule, note that the context of each directory changes slightly. In particular, rules are considered relative to the current directory, not the original requested URI. Consider the following example:
# In httpd.conf
RewriteRule "^/images/(.+)\.jpg" "/images/$1.png"
# In .htaccess in root dir
RewriteRule "^images/(.+)\.jpg" "images/$1.png"
# In .htaccess in images/
RewriteRule "^(.+)\.jpg" "$1.png"
Shell
In the document directory .htaccess, RewriteRuleremove leading slashes from the value provided, and in imagessubdirectories /images/. Therefore, the regular expression needs to omit that part as well.
7. CGI Examples
Finally, you may want to use .htaccessa file to allow execution of CGI programs in specific directories. This can be achieved with the following configuration:
Options +ExecCGI
AddHandler cgi-script cgi pl
Shell
Alternatively, if you want all files in a given directory to be considered CGI programs, this might be achieved with the following configuration:
Options +ExecCGI
SetHandler cgi-script
Shell
Please note that AllowOverride Optionsand AllowOverride FileInfomust be in effect for these directives at the same time to be effective.