An explanation of Apache HTTP Server. htaccess file

Source: Internet
Author: User

This article is for Apache httpd version 2.2. htaccess official Help document translation, and strive to be rigorous and accurate

Apache HTTP Server Tutorial:. htaccess file

The. htaccess file provides a way to configure modifications based on each directory.

. htaccess file

Related modules related directives

Core Accessfilename

MoD authn file allowoverride

MoD Authz groupfile Options

MoD CGI AddHandler

MoD include SetHandler

MoD MIME AuthType





If you have access to the primary server profile, you should avoid using. htaccess files altogether. Using the. htaccess will slow down your Apache HTTP service. Any instructions that can be included in the. htaccess file are best set in the directory block, which can also play the same role but with better performance.

What is the. htaccess file/How to use them

The. htaccess file (or "Distributed configuration File") provides a way to modify the configuration based on each directory. A file that contains one or more instructions can be placed in a specific document directory, and the instruction is applied to that directory and all subdirectories of that directory.


If you want to call your. htaccess a different name, you can use the Accessfilename directive to modify the name. For example, if you want to call this file a. config, you can put the following in the server configuration file:

Accessfilename. config

Typically, the. htaccess file uses the same syntax as the master configuration file. What you can put in these. htaccess files depends on the allowoverride directive. On a policy, the allowoverride directive specifies which directives found in the. htaccess file can work (using the be honored in English, which should be understood here as a function, editor's note). If an instruction is allowed to appear in a. htaccess file, the instruction document of the directive will contain an override item that specifies what value should be added to the. htaccess file for this instruction to be executed in the. allowoverride.

For example, if you consult the documentation for the Adddefaultcharset directive, you will find that the directive can appear in the. htaccess file. (See the context line in the instruction overview.) The override line records the FileInfo. So, at least you have to have allowoverride FileInfo to ensure that the adddefaultcharset instructions that appear in the. htaccess file are executed.


Context:server config,virtual host,directory,.htaccess


If you are not sure whether a particular instruction is allowed to appear in the. htaccess file, query the description of the instruction document and check if the context line contains ". htaccess".

When to use or not to use the. htaccess file

Typically, use a. htaccess file only if you cannot access the primary server configuration file (http.conf Editor note). For example, there is a common mistaken idea that user authentication should always be handled in the. htaccess file and, in recent years, another type of mod_rewrite directive must be written into the. htaccess file. This is not the case at all. You can put the user authentication configuration in the master server configuration, in fact, this is the preferred way of processing. Similarly, the Mod_rewrite directive in the master Configuration server configuration will work better in many ways.

The. htaccess file should be used in the following cases, the file content provider needs to modify the configuration on the server based on each directory, but does not have access to the server system. In situations where system administrators do not want to make frequent configuration changes, it is a desirable thing to allow individual users to make configuration changes for themselves in the. htaccess file. For example, in such a real situation, ISPs always put multiple users of the site into a separate machine, but also want users can change their own configuration.

However, generally speaking, try to avoid using. htaccess files if possible. Any configuration that is considered in the. htaccess file can be more efficiently configured in the <Directory> section of the master server configuration file.

There are 2 main reasons to avoid using. htaccess files.

The first one is performance. When AllowOverride is set to allow. htaccess files, each directory is viewed by httpd for. htaccess files per directory. So, allowing. htaccess files can produce performance collisions, whether you actually use them or not! Also, the. htaccess file is loaded every time the document is requested.

Further note that the HTTPD must consult the. htaccess file in all upper-level directories to obtain all instructions that it must apply. (see sections on how directives is applied.) This way, if the files in the/www/htdocs/example directory are requested, httpd must search for the following files:





This allows 4 additional file system access for each file in the directory, even if no files are found for each additional access. (Note that this happens only when the. htaccess file is on/enabled, and this is not normally the case.) )

In the case where the rewriterule instruction is used, the regular expression in the. htaccess context is recompiled for each request that points to the directory, however, the regular expression in the primary server configuration environment only needs to be compiled one time cache. In addition, the rules of an expression are more complex in themselves, and each rule is always accompanied by the limitations of each directory environment and Mod_rewrite. Consult rewrite guide for more details on this topic.

A second consideration is security. If you allow users to modify the server configuration, this may result in changes that are beyond your control. Consider carefully whether you want to give the user such privileges. It is also important to note that giving fewer permissions to users leads to additional technical support requests. Ensure that users are clearly informed of what level of authority they have given them. Accurately specifying the values to be set by the allowoverride, pointing these values to the relevant documentation, will resolve many of your confusion in the future.

Note that the. htaccess file containing an instruction is placed in the directory/www/htdocs/example and the same instruction is placed in the directory section of the primary server configuration <Directory/www/htdocs/example> is completely equivalent in the.

In the/www/htdocs/example. htaccess file:

What's in the. htpaccess file in/www/htdocs/example

AddType text/example. EXM

Parts from the httpd.conf file


AddType text/example. EXM


However, placing the configuration in the server configuration file will degrade performance conflicts because the server configuration file is loaded once at httpd startup, not every time a file request is loaded.

You can completely prohibit the use of the. htpaccess file by setting the allowoverride directive to none:

allowoverride None

How the instructions are applied

The configuration directives found in the. htaccess file are applied to the directory where the file is found, and all of its subdirectories. However, it is important to remember that there may also be a. htpasswd file in a high-level directory. Instructions are applied in the order found. Thus, the. htaccess file in a particular directory can overwrite the command found in the directory tree in the. htaccess of the high-level directory. Directives can override instructions in a higher-level directory, and so on, as defined in the master server configuration file.


In the directory/www/htdocs/example1, we include the following. htaccess files:

Option +execcgi

(Note that the "allowoverride Options" must be set to make the option directive in the. htpaccess file work.) )

In the directory/www/htdocs/example1/example2, we include the following. htaccess file

Option includes

Because of the second. htaccess file, in the directory/www/htdocs/example1/example2, CGI execution is not allowed, because only the options includes the session, any previous settings will be completely overwritten.

. htaccess flooding with the master configuration file (merging, Editor's note)

As discussed in the relevant documentation for the configuration section, the. htaccess file can overwrite the <Directory> chapters configured for the same directory, but will be overwritten by other types of chapters in the main configuration file. This fact can be used to enforce a specific configuration, even in the case of a free allowoverride setting. For example, when you allow any setting in. htaccess, in order to organize the script execution, you can use:


AllowOverride All



Options +includesnoexec-execcgi


Certification sample

If you jump directly to this section of the documentation to find out how to handle authentication, it's important to note that. Asking you to use the. htaccess file to improve password Authentication is a common mistake to understand. This is not the case at all. In your master server configuration file, place the certification directive in the <Directory> section to refine the preferred method for this option, and use the. htaccess file only if you cannot access the master server configuration file. View the discussion of when you should use and not use the. htaccess file above.

That being said, if you still think you need to use a. htaccess file, the following configuration may be useful for you.

. htaccess file Contents:

AuthType Basic

AuthName "Password Required"



Require Group Admins

Note that the allowoverride authconfig must be in effect to make these instructions work.

See the certification tutorials for a more complete discussion of certifications and authorizations.

Server-side Reference sample (server Side includes)

Another common use of. htaccess files is to enable server-side application functionality for specific directories. This can be handled using the following configuration directives, which need to be placed in the. htaccess file of the desired directory:

Options +includes

AddType text/html shtml

AddHandler server-parsed shtml

Note that allowoverride options and allowoverride FileInfo must all take effect in order for these directives to have an impact.

Please see the SSI tutorial for more complete discussion of server-side references.

CGI Example

Finally, you may want to use the. htaccess file to allow the execution of CGI programs in a particular directory. You can use the following configuration to perform:

Options +execcgi

AddHandler cgi-script CGI Pl

Or, if you want all the files in a given directory to be considered as CGI programs, you can use the following configuration to handle:

Options +execcgi

SetHandler Cgi-script

Note that allowoverride options and allowoverride FileInfo must all take effect in order for these directives to have an impact.

Please see the CGI tutorials for more complete CGI programming and configuration discussions.


When placing configuration instructions in a. htaccess file and not getting the desired effect, it should be caused by a number of things going wrong.

In the most common case, the problem is that allowoverride is not set in the way that configuration directives should be considered for execution. Make sure that it is not set to allowoverride none, which can cause file global problems. A good way to test this is to put the garbage configuration in the. htaccess file and reload the page. If there is no build server error, then almost certainly allowoverride none has an impact.

On the other hand, when accessing a document, if you get a server error message, check the httpd error log. The log is likely to inform you that the instructions used in the. htaccess file are not licensed.

[Fri Sep 17 18:43:16 2010] [Alert] [Client]/var/www/html/.htaccess:directoryindex not allowed here

This message indicates either that you have used a directive that is not licensed in the. htaccess file, or that you have not set sufficient levels in allowoverride for the instruction already in use. Query the description document of the particular directive to determine the use of the sample.

In addition, the log may tell you some syntax errors when using the instruction itself.

[Sat 09 16:22:34 2008] [Alert] [Client]/var/www/html/.htaccess:rewritecond:bad flag delimiters

In this case, the error message points to the specific syntax error you have made.

This article is from "GE Niu qiaoshanzhenhu" blog, please make sure to keep this source

An explanation of Apache HTTP Server. htaccess file

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.