Deep understanding of PHP. htaccess files

Generally, the. htaccess file uses the same configuration syntax as the main configuration file. The AllowOverride command determines which commands in the. htaccess file are valid by type. If a command allows the working principle and usage in. htaccess

. The htaccess file (distributed configuration file) provides a way to change the configuration of each directory, that is, to place a file containing commands in a specific directory, the commands act on this directory and all its subdirectories.

If you want to use a file name other than. htaccess, you can use the AccessFileName command to change the file name. For example, to use. config, you can configure it in the server configuration file as follows: AccessFileName. config

Generally, the. htaccess file uses the same configuration syntax as the main configuration file. The AllowOverride command determines which commands in the. htaccess file are valid by type. If a command allows. in htaccess, the instruction in this manual contains an overwrite section, which describes the value that must be set in AllowOverride for this instruction to take effect.

Use of. htaccess files

Generally, the. htaccess file should not be used unless you have no access permission to the master configuration file. There is a common misunderstanding that user authentication can only pass. the htaccess file implementation is not like this. it is feasible to write user authentication in the main configuration file, and it is a good method.

The. htaccess file should be used when the content provider needs to change the server configuration for a specific directory without the root permission. If the server administrator is unwilling to modify the configuration frequently, the user can pass. the htaccess file modifies the configuration by itself, especially when the ISP runs multiple user sites on the same machine, and you want to change the configuration by yourself.

Even so, we should avoid using the. htaccess file as much as possible. Any configuration that you want to put in the. htaccess file can be placed in the main configuration file segment, and it is more efficient.
There are two main reasons to avoid using the. htaccess file.

First, performance. If AllowOverride enables the. htaccess file, Apache needs to find the. htaccess file in each directory. therefore, whether or not it is actually used, enabling. htaccess will lead to performance degradation. In addition, you must read the. htaccess file once for each request.

In addition, Apache must be located in the directory of all superiors. the htaccess file to make all valid commands take effect (see the command takes effect). Therefore, if you request a page in/www/htdocs/example, Apache must find the following file:

/.htaccess/www/.htaccess/www/htdocs/.htaccess/www/htdocs/example/.htaccess

A total of four additional files are required to be accessed, even if none of these files exist. (Note that this may only be because the root directory "/" is allowed to use. htaccess, although this is not the case .)

Second, security. This will allow users to modify their own server configurations, which may lead to some unexpected modifications, so please carefully consider whether such privileges should be given to users. However, if users are given fewer privileges but cannot meet their needs, additional technical support requests will be generated. Therefore, users must be explicitly notified of their permissions, describe the value set by AllowOverride and guide them to the corresponding instructions to avoid a lot of trouble in the future.

Note that placing commands in the. htaccess file under the/www/htdocs/example directory is exactly equivalent to placing the same commands in the middle section of the main configuration file.
It is more efficient to put the configuration in the main configuration file, because it only needs to be read once at Apache startup, rather than every time the file is requested.

Command takes effect

. The configuration commands in the htaccess file act on. the directory where the htaccess file is located and all its subdirectories. However, it is important to note that its parent directory may also exist. the htaccess file, and the commands take effect in order of search, so the command under a specific directory. commands in the htaccess file may overwrite the commands in the parent directory. commands in the htaccess file, that is, the commands in the subdirectory overwrite the commands in the parent directory or main configuration file.

Example: The. htaccess file in the/www/htdocs/example1 directory contains the following content: Options + ExecCGI

(Note: You must set "AllowOverride Options" to allow the "Options" command to be used in. htaccess)

The. htaccess file in the/www/htdocs/example1/example2 directory contains the following content: Options supported des

Because the second. htaccess file exists, CGI execution in/www/htdocs/example1/example2 is not allowed, but only Options allowed des is allowed. it completely overrides the previous settings.

Merge. htaccess into the main configuration file

As discussed in the configuration section (container ,. the htaccess file can overwrite the corresponding directory settings, but it will also be overwritten by other types of configuration segments in the main configuration file. This feature can be used to enforce certain configurations, even when AllowOverride is licensed. For example, in order to force script execution to be prohibited in. htaccess but not to restrict others, you can do this:

Allowoverride AllOptions +IncludesNoExec -ExecCGI

Authentication example

If you only want to know how to authenticate the password, you can directly start from here. it is important to note that there is a common misunderstanding that password authentication must be used. the htaccess file is actually incorrect. It is better to put authentication commands in the main configuration file segment, and the. htaccess file should only be used when you do not have access to the main configuration file. Refer to the above discussion on when and when the. htaccess file should not be used.

If you still need to use the. htaccess file, continue with the instructions below .. Htaccess file content:

AuthType BasicAuthName "Password Required"AuthUserFile /www/passwords/password.fileAuthGroupFile /www/passwords/group.fileRequire Group admins

AllowOverride AuthConfig must be set to allow these commands to take effect.

Server inclusion (SSI) example

Another common purpose of the. htaccess file is to allow a specific directory to use server-side inclusion (SSI). you can place the. htaccess file in the desired directory and make the following configuration:

Options +IncludesAddType text/html shtmlAddHandler server-parsed shtml

Note: AllowOverride Options and AllowOverride FileInfo must be set at the same time for these commands to take effect.

CGI example

You can use the. htaccess file to allow CGI programs to be executed in a specific directory. the following configuration is required:

Options +ExecCGIAddHandler cgi-script cgi pl

In addition, the following configuration can make all files in a given directory considered as CGI programs:

Options +ExecCGISetHandler cgi-script

Note: AllowOverride Options and AllowOverride FileInfo must be set at the same time for these commands to take effect.

Troubleshooting

If some commands in the. htaccess file do not work, there may be multiple reasons.

The most common cause is that the AllowOverride command is not correctly set. make sure that AllowOverride None is not set for this file region. A good test method is to add meaningless junk content to the. htaccess file. if the server does not return an error message, it can be concluded that AllowOverride None is set.

When accessing the document, if you receive an error message from the server, check the Apache error log. which commands in the htaccess file are not allowed, and you may find the syntax errors to be corrected.