Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The following page has been changed by pctony: http://wiki.apache.org/httpd/ScratchPad/htaccess The comment on the change is: update 1 - still in progress ------------------------------------------------------------------------------ - (!) THIS IS A SCRATCHPAD ONLY PAGE AT THE MOMENT, AND SHOULD NOT BE MOVED OUT OF (!) + (!) THIS IS A SCRATCHPAD ONLY PAGE AT THE MOMENT, AND SHOULD NOT BE MOVED OUT OF HERE (!) (!) This document should be used to draft a new version of the [http://httpd.apache.org/docs/trunk/howto/htaccess.html official httpd howto docs] (!) - (!) Please review/delete [http://wiki.apache.org/general/htaccess] once this page graduates from the ScratcPad (!) + (!) Please review/delete [http://wiki.apache.org/general/htaccess] once this page graduates from the !ScratchPad (!) ---- '''The use of .htaccess files is discouraged as they can have a detrimental effect on server performance. Only use them when necessary.''' - == What's the purpose of .htaccess files? == + == What is the purpose of .htaccess files? == The purpose of .htaccess files is to provide a means to configure Apache for users who cannot modify the main configuration file (usually httpd.conf; see [["Info/DistrosDefaultLayout"]]). @@ -18, +18 @@ === .htaccess files mean password protection === - Not really; .htaccess files can be used to provide password protection the same way the main configuration files can be used to provide password protection; there is nothing special about .htaccess for this purpose. + Not really; .htaccess files '''''can''''' be used to provide password protection the same way the main configuration files can be used to provide password protection; there is nothing special about .htaccess for this purpose. - == When should I use .htaccess files? == + == When should I & should I not use .htaccess files? == + === Should Use === - Only when you cannot directly edit the main configuration files! + .htaccess files should really only be used when you cannot directly edit the main configuration files! + Using htaccess files will cause apache to search for them in every directory it recurses into. It will then read this every time it enters the directory + + === Should not use === + You should not use htaccess when : + 1. When you access to edit the main server configuration file(s) + 1. When server performance is of concern to you. As these can have a negative impact on server performance. + 1. When untrusted people host websites on the server. (See notes on how to disable .htaccess files) + - === But it's ugly having all that stuff in the main config file! === + === But it's ugly having all that stuff in the main config file === Well, it might be, but you can use the Include directive to alleviate that if it really bothers you! Let's suppose you dislike huge config files and that, for instance, you want to provide password authentication for all your virtual hosts. You could put a .htaccess in the root of each virtual host, or you could create a subdirectory within the Apache config directory, containing a config file per vhost with the proper directives -- such as /usr/local/apache2/conf/vhosts-protection. Then, in httpd.conf, you could write + {{{ Include /usr/local/apache2/conf/vhosts-protection/*.conf }}} @@ -71, +81 @@ </Directory> }}} + == How do I use .htaccess files? == .htaccess files are containers for (certain, restricted) Apache directives. Note that some directives might be ignored due to Override configuration in the main config files. - == How can I prevent users from using .htaccess, or how define what can they do with them? == + You must place the .htaccess file in the directory where you want it to effect changes. For example if you want to use a .htaccess file to force authentication for www.example.com/admin + + If your !DocumentRoot is ''/var/www/html/www.example.com'' then you would place your .htaccess file in ''/var/www/html/www.example.com/admin'' + + == How can I prevent users from using .htaccess? == + + In your main server config, place the following in your top-level <Directory> block. i.e. + + {{{ + <Directory /var/www/html> + ... + AllowOveride None + ... + </Directory> + }}} + + == How can I control what users can do with .htaccess files? == By setting AllowOverride properly. See [http://httpd.apache.org/docs/trunk/mod/core.html#allowoverride AllowOverride] docs.
