.htaccess

In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator.^[1] The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.

In the Apache web server, the format of .htaccess is the same as the server's global configuration file;^[2] other web servers (such as Sun Java System Web Server and Zeus Web Server) implement the same syntax, even though their configuration files are very different. Directives in the .htaccess file apply to the current directory, and to all sub-directories (unless explicitly disabled in the server configuration), but for reasons of performance and security, cannot affect their parent directories.

The file name begins with a dot because dot-files are by convention hidden files on Unix-like operating systems.

Common usage

Authorization, authentication: .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords.^[3]

Rewriting URLs: Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.

Blocking: Use allow/deny to block users by IP address or domain. Also, use to block bad bots, rippers and referrers.

SSI: Enable server-side includes.

Directory listing: Control how the server will react when no specific web page is specified.

Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.

MIME types: Instruct the server how to treat different varying file types.

Cache Control: .htaccess files allow a server to control caching by web browsers and proxies to reduce bandwidth usage, server load, and perceived lag.

When .htaccess files should be used

.htaccess files are read on every request, therefore changes made in these files take immediate effect as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.

For servers with multiple users, as is common in shared web hosting plans, it is often desirable to allow individual users the ability to alter their site configuration. In general, .htaccess files should be used by users who do not have access to the main server configuration files.^[4]

When .htaccess files should not be used

Controlling Apache using the main server configuration file httpd.conf^[5] is preferred for security and performance reasons:^[6]

Performance loss: For each HTTP request there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files.
Security: Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.^[7]

References

↑ "AllowOverride Directive". http://httpd.apache.org/docs/2.3/mod/core.html#allowoverride. Retrieved 2009-03-02.
↑ "Configuration Files". http://httpd.apache.org/docs/2.3/configuring.html. Retrieved 2009-03-02.
↑ "Apache Tutorial: Password Formats". http://httpd.apache.org/docs/2.3/misc/password_encryptions.html. Retrieved 2009-03-02.
↑ "Apache Tutorial: When (not) to use .htaccess files". http://httpd.apache.org/docs/2.2/howto/htaccess.html#when. Retrieved 2008-01-12.
↑ "Configuration Files - Apache HTTP Server". http://httpd.apache.org/docs/2.2/configuring.html. Retrieved 2008-01-12.
↑ "When Not to use .htaccess files". Httpd.apache.org. http://httpd.apache.org/docs/2.0/howto/htaccess.html#when. Retrieved 2009-09-02.
↑ "Protecting System Settings". http://httpd.apache.org/docs/2.3/misc/security_tips.html#systemsettings. Retrieved 2009-03-02.

External links

Apache Docs Tutorial: .htaccess files

bg:.htaccess cs:.htaccess de:.htaccess fr:.htaccess it:.htaccess ja:.htaccess pl:.htaccess ru:.htaccess simple:.htaccess fi:.htaccess zh:.htaccess

If you like SEOmastering Site, you can support it by - BTC: bc1qppjcl3c2cyjazy6lepmrv3fh6ke9mxs7zpfky0 , TRC20 and more...

→

[1] "AllowOverride Directive". http://httpd.apache.org/docs/2.3/mod/core.html#allowoverride. Retrieved 2009-03-02.

[2] "Configuration Files". http://httpd.apache.org/docs/2.3/configuring.html. Retrieved 2009-03-02.

[3] "Apache Tutorial: Password Formats". http://httpd.apache.org/docs/2.3/misc/password_encryptions.html. Retrieved 2009-03-02.

[4] "Apache Tutorial: When (not) to use .htaccess files". http://httpd.apache.org/docs/2.2/howto/htaccess.html#when. Retrieved 2008-01-12.

[5] "Configuration Files - Apache HTTP Server". http://httpd.apache.org/docs/2.2/configuring.html. Retrieved 2008-01-12.

[6] "When Not to use .htaccess files". Httpd.apache.org. http://httpd.apache.org/docs/2.0/howto/htaccess.html#when. Retrieved 2009-09-02.

[7] "Protecting System Settings". http://httpd.apache.org/docs/2.3/misc/security_tips.html#systemsettings. Retrieved 2009-03-02.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

.htaccess

Contents

Common usage

When .htaccess files should be used

When .htaccess files should not be used

References

External links

Navigation menu

Page actions

Page actions

Personal tools

Navigation

Search

Seo Tools

Tools

Main Categories