Original address: http://man.chinaunix.net/newsoft/Apache2.2_chinese_manual/howto/htaccess.html
. htaccess file
related Modules |
related Directives |
Core Mod_authn_file mod_authz_groupfile mod_cgi mod_include mod_mime |
Accessfilename allowoverride Options AddHandler sethandler authtype authname authuserfile authgroupfile Require |
working principle and use method
The. htaccess file (or distributed configuration file) provides a way to change the configuration for each directory by placing a file containing instructions in a specific directory with instructions for this directory and all of its subdirectories. Description:
If you need to use a filename other than. htaccess, you can change it with the Accessfilename directive. For example, if you need to use. config, you can configure it in the server configuration file in the following ways:
Accessfilename. config
Typically, the. htaccess file uses the same configuration syntax as the primary configuration file. The allowoverride directive determines, by category, which instructions in the. htaccess file are valid. If an instruction is allowed to be used in. htaccess, then in the description of this manual there is an overlay segment that describes the value that must be set in the allowoverride directive for this instruction to take effect.
For example, an elaboration of the Adddefaultcharset Directive in this manual indicates that this instruction can be used in the. htaccess file (see scope Item), and that the override line is FileInfo, so that the command in. htaccess is valid, at least set AllowOverride FileInfo. Example:
Scope |
Server config, virtual host, directory,. htaccess |
Overlay items |
FileInfo |
If you are unsure whether an instruction can be used with a. htaccess file, you can consult the instructions in the Manual for the directive, and see if ". htaccess" is available in the scope line. (not) use of. htaccess files
In general, you should not use the. htaccess file unless you do not have access to the primary configuration file. There is a very common misconception that user authentication can only be achieved through the. htaccess file, it is not so, the user authentication written in the main configuration file is completely feasible, and is a good way.
The. htaccess file should be used in cases where the content provider needs to change the server configuration for a particular directory without root permissions. If your server administrator does not want to modify the configuration frequently, you can allow users to modify the configuration themselves through the. htaccess file, especially if the ISP is running multiple user sites on the same machine, and you want users to be able to change their configuration.
However, you should generally avoid using. htaccess files as much as possible. Any configuration you want to put in the. htaccess file can be placed in the <Directory> section of the main configuration file, and is more efficient.
There are two main reasons to avoid using. htaccess files.
The first is performance. If the. htaccess file is enabled by allowoverride, Apache needs to find the. htaccess file in each directory, so whether or not it is actually used, enabling. Htaccess can cause performance degradation. In addition, for each request, a. htaccess file needs to be read once.
Also, Apache must look up the. htaccess file in all superior directories to make all valid directives work (see the instructions in effect), so if you request a page in/www/htdocs/example, Apache must look for the following files:
/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess
A total of 4 additional files are accessed, even if they do not exist. (Note that this may only be due to the use of the root directory "/". htaccess, although this is not much. )
The second is security. This allows the user to modify the server's configuration on their own, which may lead to some unexpected changes, so please seriously consider whether you should give the user such privileges. However, if you give the user less privileges and do not meet their needs, there will be additional technical support requests, so you must explicitly tell the user the permissions that have been given to them, explain the values set by the allowoverride, and guide them through the appropriate instructions to avoid causing a lot of trouble in the future.
Note that placing instructions in the. htaccess file in the/www/htdocs/example directory is exactly equivalent to placing the same instructions in the <Directory/www/htdocs/example> section of the main configuration file.
The. htaccess file in the/www/htdocs/example directory: the contents of the. htaccess file in the/www/htdocs/example directory:
Extracts from the AddType text/example. EXM httpd.conf file:
<Directory/www/htdocs/example>
AddType text/example. EXM
</Directory>
However, it is more efficient to place the configuration in the primary configuration file because it only needs to be read once when the Apache is started, not every time the file is requested.
Setting AllowOverride to none completely disables the use of the. htaccess file:
entry into force of the allowoverride None directive
The configuration directive in the. htaccess file acts on the directory where the. htaccess file resides and all of its subdirectories, but it is important to note that the Its parent directory may also be available. htaccess files, and the instructions are in the order of lookup, the instructions in the. htaccess file in a particular directory might overwrite the instructions in the. htaccess file in their parent directory, that is, the instructions in the subdirectory will overwrite the instructions in the parents directory or in the master configuration file.
Example:
The. htaccess file in the/www/htdocs/example1 directory has the following contents:
Options +execcgi
(Note: "allowoverride options" must be set to allow the "options" command to be used in. htaccess)
The. htaccess file in the/www/htdocs/example1/example2 directory has the following contents:
Options Includes
Because of the existence of the second. htaccess file, CGI execution in/www/htdocs/example1/example2 is not allowed, and only Options Includes are allowed, which completely overwrites the previous settings. Merge. htaccess into the master configuration file
As discussed in the configuration segment (container), the. htaccess file can overwrite the settings for the corresponding directory in <Directory>, but it is also overwritten by other types of configuration segments in the primary configuration file. This feature can be used to enforce certain configurations, even when allowoverride has been allowed. For example, in order to force script execution in. htaccess without limiting others, you can do this:
<directory/>
AllowOverride All
</Directory>
<location/>
Options +includesnoexec-execcgi
Examples of </Location> certifications
If you just want to know how to authenticate, and directly from here to start to see, there is a very important point to note, there is a common misconception that the implementation of password authentication must use the. htaccess file, in fact, is not true. It is a better way to place the authentication instructions in the <Directory> section of the main configuration file, and the. htaccess file should only be used when the primary configuration file is not authorized. See the above discussion about when and when you should not use the. htaccess file.
If you still need to use the. htaccess file, please continue with the following instructions.
The contents of the. htaccess file:
AuthType Basic
AuthName "Password Required"
Authuserfile/www/passwords/password.file
Authgroupfile/www/passwords/group.file
Require Group Admins
AllowOverride authconfig must be set to allow these instructions to take effect.
For more detailed instructions, see Authentication, Authorization, access control. server-side include (SSI) examples
Another common use of. htaccess files is to allow a specific directory to use server-side inclusion (SSI), where you can place the. htaccess file in the directory you want, and configure it as follows:
Options +includes
AddType text/html shtml
AddHandler server-parsed shtml
Note that both the allowoverride Options and the allowoverride FileInfo must be set up for these instructions to take effect.
For more detailed instructions on server-side inclusion, see the SSI Guide. CGI examples
You can use the. htaccess file to allow CGI programs to be executed in a specific directory, which requires the following configuration:
Options +execcgi
AddHandler cgi-script CGI Pl
In addition, the following configuration allows all files in a given directory to be treated as CGI programs:
Options +execcgi
SetHandler Cgi-script
Note that both the allowoverride Options and the allowoverride FileInfo must be set up for these instructions to take effect.
For more detailed instructions on CGI programming and configuration, see the CGI guide. Troubleshoot
If some of the instructions in the. htaccess file do not work, there may be several reasons.
The most common reason is that the allowoverride directive is not set correctly, and you must ensure that the file locale is not set allowoverride none. A good test method is to simply add meaningless spam to the. htaccess file, and if the server does not return an error message, it is almost certain that allowoverride None is set.
If you receive an error message from the server when you access the document, you should check the Apache error log to see which instructions are not allowed in the. htaccess file, or you may find syntax errors that need to be corrected.