In-depth understanding of PHP. htaccess file _php Tutorial

The. htaccess file provides a way to change the configuration for each directory.

How it works and how to use it

The. htaccess file (or "Distributed Profile") provides a way to change the configuration for each directory by placing a file containing instructions in a specific directory that acts on this directory and all its subdirectories.

If you need to use a file name other than. htaccess, you can use the Accessfilename directive to change it. For example, if you need to use. config, you can configure it in the server configuration file as follows: Accessfilename. config

Typically, the. htaccess file uses the same configuration syntax as the master configuration file. The allowoverride directive determines, by category, which directives in the. htaccess file are valid. If an instruction is allowed to be used in. htaccess, in the instructions in this manual, this directive will have an overlay segment that describes the value that must be set in the AllowOverride directive in order for this directive to take effect.

(not) where the. htaccess file is used

In general, you should not use. htaccess files unless you have no access to the master profile. There is a common misconception that user authentication can only be achieved through the. htaccess file, which is not true, and it is perfectly feasible to write user authentication in the main configuration file, and it is a good method.

The. htaccess file should be used when the content provider needs to change the configuration of the server for a specific directory without root privileges. If the server administrator is reluctant to modify the configuration frequently, you can allow the user to modify the configuration by using the. htaccess file itself, especially if the ISP runs multiple user sites on the same machine and wants the user to change the configuration themselves.

Even so, it is generally best to avoid using. htaccess files. Any configuration that you wish to place in the. htaccess file can be placed in the section of the master configuration file and is more efficient.

There are two main reasons for avoiding the use of. htaccess files.

The first is performance. If the. htaccess file is enabled for allowoverride, Apache needs to find the. htaccess file in each directory, so whether or not it is actually used, enabling. Htaccess can result in degraded performance. In addition, for each request, you need to read the. htaccess file once.

Also, Apache must look up the. htaccess file in all superior directories to make all valid instructions work (see instructions for the entry into force), so if you request a page in/www/htdocs/example, Apache must look for the following files:

/.htaccess/www/.htaccess/www/htdocs/.htaccess/www/htdocs/example/.htaccess

A total of 4 additional files will be accessed, even if none of these files exist. (Note that this may only be due to allowing the root directory "/" to be used. htaccess, although this is not a lot.) )

Next is security. This allows the user to modify the configuration of the server itself, which may lead to some unexpected modifications, so consider carefully whether the user should be given such privileges. However, if the user is given less privileges to meet their needs, additional technical support requests will be made, so you must explicitly tell the user what permissions have been given to them, explain the values set by allowoverride, and guide them through the instructions to avoid a lot of trouble in the future.

Note that placing instructions in the. htaccess file in the/www/htdocs/example directory is exactly equivalent to placing the same instruction in the segment in the main configuration file.

It is more efficient to put the configuration in the master profile because it needs to be read only once at Apache startup, not every time the file is requested.

The entry into force of the directive

The configuration directives in the. htaccess file act on the directory where the. htaccess file resides and all of its subdirectories, but it is important to note that The parent directory may also have. htaccess files, and directives are in order of lookup, so directives in a. htaccess file in a specific directory may overwrite the directives in the. htaccess file in their parent directory, meaning that directives in subdirectories overwrite the parent directory or the instructions in the master configuration file.

Example: the. htaccess file in the/www/htdocs/example1 directory has the following: Options +execcgi

(Note: "allowoverride options" must be set to allow the "options" directive in. htaccess)

The. htaccess file in the/www/htdocs/example1/example2 directory has the following contents: Options includes

Because of the existence of the second. htaccess file, CGI execution in/www/htdocs/example1/example2 is disallowed and only the Options includes is allowed, which completely overrides the previous settings.

Merging. htaccess into the master configuration file

As discussed in the configuration section (container), the. htaccess file can overwrite the settings of the corresponding directory in the segment, but it is also overwritten by other types of configuration segments in the master configuration file. This feature can be used to enforce certain configurations, even if the allowoverride is already licensed. For example, in order to force a script to be enforced in. htaccess without limiting other circumstances, you can:

 
  allowoverride all
 
  Options +includesnoexec-execcgi

Certification examples

If you just want to know how to certify, and directly from here to see, there is a very important point to note, there is a common misconception that the implementation of password authentication must use the. htaccess file and is actually not correct. Placing the authentication instructions in the section of the master configuration file is a better approach, and the. htaccess file should be used only when the master configuration file is not accessible. See above for a discussion of when and when you should not use the. htaccess file.

With this statement in the first case, if you still need to use the. htaccess file, continue to see the following instructions. Contents of the. htaccess file:

AuthType basicauthname "Password Required" authuserfile/www/passwords/password.fileauthgroupfile/www/passwords/ Group.filerequire Group Admins

AllowOverride authconfig must be set to allow these instructions to take effect.

Server-side include (SSI) example

Another common use for. htaccess files is to allow a specific directory to use server-side inclusion (SSI) and to place the. htaccess file in the desired directory and configure it as follows:

Options +includesaddtype text/html Shtmladdhandler server-parsed shtml

Note that both the allowoverride Options and the allowoverride FileInfo must be set up for these instructions to take effect.

CGI examples

You can use the. htaccess file to allow CGI programs to be executed in a specific directory, which needs to be configured as follows:

Options +execcgiaddhandler cgi-script CGI Pl

In addition, the following configuration allows all files under a given directory to be considered CGI programs:

Options +execcgisethandler Cgi-script

Note that both the allowoverride Options and the allowoverride FileInfo must be set up for these instructions to take effect.

Troubleshooting

If some of the directives in the. htaccess file do not work, there may be several reasons.

The most common reason is that the allowoverride directive is not set correctly, and you must ensure that no allowoverride is set for this file locale. A good test method is to add a bit of meaningless spam to the. htaccess file, and if the server does not return an error message, you can almost conclude that the allowoverride none is set.

When accessing a document, if you receive an error message from the server, you should check the Apache error log to know which directives are not allowed in the. htaccess file, and you may find syntax errors that need to be corrected.

http://www.bkjia.com/PHPjc/752346.html www.bkjia.com true http://www.bkjia.com/PHPjc/752346.html techarticle The . htaccess file provides a way to change the configuration for each directory. How it works and how to use the. htaccess file (or "Distributed Profile") provides the configuration for each directory change ...

