.htaccess Information & .htaccess Links at HealthHaven.com

In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator.^[1] The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.

In the Apache web server, the format of .htaccess is the same as the server's global configuration file;^[2] other web servers (such as Sun Java System Web Server and Zeus Web Server) implement the same syntax, even though their configuration files are very different. Directives in the .htaccess file apply to the current directory, and to all sub-directories (unless explicitly disabled in the server configuration), but for reasons of performance and security, cannot affect their parent directories.

The file name begins with a dot because dot-files are by convention hidden files on Unix-like operating systems.

[edit] Common usage

Authorization, authentication: .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access." The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords.^[3]
Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
Rewriting URLs: Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
Cache Control: .htaccess files allow a server to control caching by web browsers and proxies to reduce bandwidth usage, server load, and perceived lag.

[edit] When .htaccess files should be used

.htaccess files are read on every request, therefore changes made in these files take immediate effect as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.

For servers with multiple users, as is common in shared web hosting plans, it is often desirable to allow individual users the ability to alter their site configuration. In general, .htaccess files should be used by users who do not have access to the main server configuration files.^[4]

[edit] When .htaccess files should not be used

To control Apache, using the main server configuration file httpd.conf^[5] is preferred for security and performance reasons:^[6]

Performance loss: For each HTTP request there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files.
Security: Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.^[7]

[edit] References

^ "AllowOverride Directive". http://httpd.apache.org/docs/2.3/mod/core.html#allowoverride. Retrieved 2009-03-02.
^ "Configuration Files". http://httpd.apache.org/docs/2.3/configuring.html. Retrieved 2009-03-02.
^ "Apache Tutorial: Password Formats". http://httpd.apache.org/docs/2.3/misc/password_encryptions.html. Retrieved 2009-03-02.
^ "Apache Tutorial: When (not) to use .htaccess files". http://httpd.apache.org/docs/2.2/howto/htaccess.html#when. Retrieved 2008-01-12.
^ "Configuration Files - Apache HTTP Server". http://httpd.apache.org/docs/2.2/configuring.html. Retrieved 2008-01-12.
^ "When Not to use .htaccess files". Httpd.apache.org. http://httpd.apache.org/docs/2.0/howto/htaccess.html#when. Retrieved 2009-09-02.
^ "Protecting System Settings". http://httpd.apache.org/docs/2.3/misc/security_tips.html#systemsettings. Retrieved 2009-03-02.

[edit] External links

Apache Docs Tutorial: .htaccess files

This World Wide Web-related article is a stub. You can help Wikipedia by expanding it.

[0] "AllowOverride Directive". http://httpd.apache.org/docs/2.3/mod/core.html#allowoverride. Retrieved 2009-03-02.

[1] "Configuration Files". http://httpd.apache.org/docs/2.3/configuring.html. Retrieved 2009-03-02.

[2] "Apache Tutorial: Password Formats". http://httpd.apache.org/docs/2.3/misc/password_encryptions.html. Retrieved 2009-03-02.

[3] "Apache Tutorial: When (not) to use .htaccess files". http://httpd.apache.org/docs/2.2/howto/htaccess.html#when. Retrieved 2008-01-12.

[4] "Configuration Files - Apache HTTP Server". http://httpd.apache.org/docs/2.2/configuring.html. Retrieved 2008-01-12.

[5] "When Not to use .htaccess files". Httpd.apache.org. http://httpd.apache.org/docs/2.0/howto/htaccess.html#when. Retrieved 2009-09-02.

[6] "Protecting System Settings". http://httpd.apache.org/docs/2.3/misc/security_tips.html#systemsettings. Retrieved 2009-03-02.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Contents

[edit] Common usage

[edit] When .htaccess files should be used

[edit] When .htaccess files should not be used

[edit] References

[edit] External links