Talking about. htaccess file--Avoid misuse. htaccess file

Source: Internet
Author: User

The. htaccess file provides a way to modify the configuration at a directory level.

If you have permission to modify the Apache configuration file, then there is absolutely no need to use the. htaccess file. Using a. htaccess file slows Apache performance. All configuration directives that are allowed to appear in the. htaccess file can be set in the directory block in the Apache configuration file, with the same effect and better performance.

What is the. htaccess? How to use the. htaccess file?
The. htaccess file provides a way to modify the configuration at a directory level. A file that contains one or more configuration directives that are placed in the directory, which take effect for the current directory and all of its subdirectories.

If you want to modify the file name of the. htaccess file, you can use the Accessfilename directive to define the new file name. For example, if you want to change. config, you just need to add the following command to the Apache configuration file: htaccess

" . config "

Generally speaking, the. htaccess syntax is consistent with the Apache master configuration file syntax. Whether the directives in the. htaccess file are in effect at the allowoverride level is closely related.
In the Adddefaultcharset ( directive:
Context:server config, virtual host, directory,. htaccess indicates that Adddefaultcharset can be set in the. htaccess file.
Override:fileinfo means that for the Adddefaultcharset directive in. htaccess to take effect, the allowoverride of the relevant directory requires at least FileInfo permissions

If you are unsure whether an instruction is allowed to be used in the. htaccess file, you can view the context information in the document for this instruction.

When would you use the. htaccess file? When not to use?
Typically, you need to use the. htaccess file only if you do not have permission to modify the Apache configuration file.

A common misconception is that user authentication should be completed in the. htaccess file;
Another misconception is that the Mod_rewrite directive must be set in the. htaccess file.

The above two points are completely incorrect and you can put the user authentication in the Apache master configuration file and recommend doing so. Similarly, the Mod_rewrite directive works better in the main configuration file (in most respects).

The. htaccess file should be applied to the content provider that needs to be configured to meet the different requirements of each file directory and does not have root privileges. System administrators are reluctant to change configuration frequently, so it is necessary to allow independent users to make changes to the configuration in the. htaccess file.

In any case, it is generally best to avoid using. htaccess files. Any configuration that you consider to be placed in a. htaccess file can be placed in a block in the master configuration file.

Why do I need to avoid using the. htaccess file? Here are two main reasons
1. Performance.
2. Security.

Place the. htaccess file in the/www/htdocs/example directory, and the <directory "=" "www=" "htdocs=" "Example" = "" "In the main configuration file is exactly the same as the >.

file  in/www/htdocs/exampleaddtype text". EXM"
file " /www/htdocs/example ">    addtype text". EXM"</Directory>

Changing the allowoverride to none can completely block the. htaccess file

AllowOverride None

How are configuration instructions received?
A configuration directive in a. htaccess file is applied to the current directory of the. htaccess file and to all subdirectories. However, do not forget that there may be a. htaccess file in the upper-level file directory. Configuration directives are applied in the order in which they are found. Therefore, a configuration directive in a. htaccess file may overwrite the higher-level. htaccess file, as well as the configuration directives in the master configuration file for Apache.

. htaccess merging with the master configuration file
The. htaccess file can overwrite the configuration directives in the master configuration file, but it is overwritten by other kinds of configuration locks in the master configuration file. This feature can be used to "harden" those configurations that do not wish to be overwritten by. htaccess, regardless of whether they have a broad allowoverride setting. For example, to disable script execution, regardless of how the. htaccess file is set up, you can use:

" /www/htdocs ">    allowoverrideall"/">    +includesnoexec- execcgi</Location>

This example assumes that your documentroot is/www/htdocs.

Authentication (user authentication) example

. htaccess file Contents:

" Password Required "  "/www/passwords/password.file" "/www/passwords/ Group.file"Require Group Admins

Note that allowoverride authconfig permission is required to make the above directive effective.

Server Side includes sample
Another common requirement for. htaccess files is to open the server-side containing the specified directory. Place the. htaccess file in the desired directory:

. htaccess file Contents:

Options +includesaddtype text/HTML shtmladdhandler server-parsed shtml

Note: The above configuration directives require allowoverride options and allowoverride FileInfo

Rewrite Rules in the. htaccess file
When you use. htaccess to create rewrite rule, you need to be aware that every directory context has a little change. The original URI becomes relative to the current directory, so take a look at the example:

# in Httpd.confrewriterule"^/images/(. +) \.jpg" "/images/$1.png"# in. htaccessinchRootdirRewriterule"^images/(. +) \.jpg" "Images/$1.png"# in. htaccessinchimages/Rewriterule"^ (. +) \.jpg" "$1.png"

In the. htaccess file, the beginning slash is removed, and in the images subdirectory,/images/is removed.

If you feel that reading this article is helpful to you, please reprint this article, but reprint article must be in the article page obvious position to retain this paragraph, otherwise reserves the right to hold legal responsibility.


Original link:

Talking about. htaccess file--Avoid misuse. htaccess file

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.