.htaccess
From Wikipedia, the free encyclopedia
In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of directory-level configuration files that allow for decentralized management of configuration when placed inside the web tree. .htaccess files may contain any number of allowed configuration directives and follow the same syntax as the main configuration files[1]. Directives placed in .htaccess files apply to the directory where you place the file, and all sub-directories, unless disabled in the main configuration[2]. The file name starts with a dot because dot-files are by convention hidden files on Unix-like operating systems. A subset of Apache's .htaccess syntax is also supported by other web servers, such as Sun Java System Web Server and Zeus Web Server.
Contents |
[edit] Common usage
- Authorization, authentication
- .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access." The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords. [3]
- Customized error responses
- Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found
- Rewriting URLs
- Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
- Cache Control
- .htaccess files allow a server to control User agent caching used by web browsers to reduce bandwidth usage, server load, and perceived lag.
[edit] When .htaccess files should be used
.htaccess files are read on every request, therefore changes made in these files take immediate effect as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.
For servers with multiple users, as is common in shared web hosting plans, it is often desirable to allow individual users the ability to alter their site configuration. In general, .htaccess files should be used by users who do not have access to the main server configuration files.[4]
[edit] When .htaccess files should not be used
To control Apache, using the main server configuration file httpd.conf
[5] is preferred for security and performance reasons:[6]
- Performance loss
- For each HTTP request there are additional file-system accesses for every parent directory when using .htaccess.
- Security
- Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.[7]
[edit] See also
[edit] References
- ^ "Configuration Files". http://httpd.apache.org/docs/2.3/configuring.html. Retrieved on 2009-03-02.
- ^ "AllowOverride Directive". http://httpd.apache.org/docs/2.3/mod/core.html#allowoverride. Retrieved on 2009-03-02.
- ^ "Apache Tutorial: Password Formats". http://httpd.apache.org/docs/2.3/misc/password_encryptions.html. Retrieved on 2009-03-02.
- ^ "Apache Tutorial: When (not) to use .htaccess files". http://httpd.apache.org/docs/2.2/howto/htaccess.html#when. Retrieved on 2008-01-12.
- ^ "Configuration Files - Apache HTTP Server". http://httpd.apache.org/docs/2.2/configuring.html. Retrieved on 2008-01-12.
- ^ When Not to use .htaccess files
- ^ "Protecting System Settings". http://httpd.apache.org/docs/2.3/misc/security_tips.html#systemsettings. Retrieved on 2009-03-02.