Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by VinkoVrsalovic: http://wiki.apache.org/httpd/ScratchPad/htaccess The comment on the change is: A first try to improve this. Please correct any errors you see! :) ------------------------------------------------------------------------------ (!) This document should be used to draft a new version of the [http://httpd.apache.org/docs/trunk/howto/htaccess.html official httpd howto docs] (!) - '''The use of .htaccess files is strongly discouraged as they can have a detremental effect on server performance.''' + '''The use of .htaccess files is strongly discouraged as they can have a detrimental effect on server performance. Please use it only when strictly needed.''' + == What's .htaccess files purpose? == + + The purpose of .htaccess files is to provide a means to configure HTTPd to users that cannot modify the main configuration file (usually httpd.conf, see DistrosDefaultLayout). + + == .htaccess myths == + + === .htaccess files mean password protection === + + No, .htaccess files can be used to provide password protection the same way main configuration files can be used to provide + password protection, nothing special about .htaccess here. + + == When should I use .htaccess files? == + + Only when you cannot edit directly the main configuration file! + + === But, it's ugly having all that stuff in the main config file! === + Well, it might be, but you can use the Include directive to alleviate that if it really bothers you! + + Let's suppose you dislike huge config files and that, for instance, you want to provide password authentication for all your virtual hosts. You could put a .htaccess in the root of each virtual host (BUT PLEASE DON'T!), or, you could create a + directory within the tree of apache's config files and create a config file per vhost with the proper directives, say + /usr/local/apache2/conf/vhosts-protection. Then, in httpd.conf you can write Include /usr/local/apache2/conf/vhosts-protection/*.conf for all those directives to take effect. + + '''/usr/local/apache2/cont/vhosts-protection/vhost-1.conf''' + {{{ + <Directory "/var/www/html/vhost-1> + AuthType Basic + AuthName "Authentication Required" + AuthUserFile "/etc/htpasswd/vhost-1/.htpasswd" + Require valid-user + + Order allow,deny + Allow from all + </Directory> + }}} + + And so on. Now let's suppose you really must use .htaccess files, the .htaccess file should be located in /var/www/html/vhost-1/ and it should read like: + + '''/var/www/html/vhost-1/.htaccess''' + {{{ + AuthType Basic + AuthName "Authentication Required" + AuthUserFile "/etc/htpasswd/vhost-1/.htpasswd" + Require valid-user + + Order allow,deny + Allow from all + }}} + + As you can see, .htaccess files are restricted to the directory they're placed in, and thus you can think of .htaccess files as adding dynamically to Apache configuration a <Directory /path/to/.htaccess> .htaccess content </Directory> == How do I use .htaccess files? == + .htaccess files are used by placing valid Apache directives in the files. You might not get what you want due to Override configuration in the main config file. + == How can I prevent users from using .htaccess, or how to define what can they do on them? == + + By setting AllowOverride properly. See [http://httpd.apache.org/docs/trunk/mod/core.html#allowoverride AllowOverride] docs. == How can I create a new .htaccess file? == Use your favourite editor to create a .htaccess file in the folder where you want it to take affect. + == What can I do with my .htaccess file? == + You are restricted from two fronts, what the administrator chose to enable, and what Apache allows. To check the first one, + contact your administrator (or hosting provider, or just try), to check the second one, find the directive you want to use in + the documentation, and see the Context: section. If it says .htaccess, then it can be used, given that the admininstrator gave + you access to that. - == What can I do with my .htaccess file == + == How do I troubleshoot my .htaccess file? == + Try putting garbage in it. If it is being read, you'll get an Internal Server Error when accessing that URL. If it is being read see ["htaccessGotchas"] to find more about what can be going wrong.
