.htaccess
Encyclopedia
A .htaccess file is a directory
-level configuration file
supported by several web server
s, that allows for decentralized management of web server configuration.
The original purpose of .htaccess - reflected in its name - was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI
handlers, etc.
These files are placed inside the web tree, and are able to override a subset of the server's global configuration for that directory, and all sub-directories.
which have very different native global configuration files.
, authentication
: .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The .htaccess file is often accompanied by a .htpasswd
file which stores valid usernames and their password
s.
Rewriting URLs
: Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
Blocking : Use allow/deny to block users by IP address or domain. Also, use to block bad bots, rippers and referrers. Often used to restrict access by Search Engine spiders
SSI : Enable server-side includes.
Directory listing : Control how the server will react when no specific web page is specified.
Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found
.
MIME types : Instruct the server how to treat different varying file types.
Cache Control
: .htaccess files allow a server to control caching
by web browser
s and proxies to reduce bandwidth
usage, server
load, and perceived lag
.
Non-privileged users : For servers with multiple users, it is often desirable to allow individual users the ability to alter their site configuration. The use of .htaccess files allows such individualization, and by unprivileged users - because the main server configuration files do not need to be changed.
Performance loss : For each HTTP request, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files. It is possible to programatically migrate directives from .htaccess to
Security : Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.
Directory (file systems)
In computing, a folder, directory, catalog, or drawer, is a virtual container originally derived from an earlier Object-oriented programming concept by the same name within a digital file system, in which groups of computer files and other folders can be kept and organized.A typical file system may...
-level configuration file
Configuration file
In computing, configuration files, or config files configure the initial settings for some computer programs. They are used for user applications, server processes and operating system settings. The files are often written in ASCII and line-oriented, with lines terminated by a newline or carriage...
supported by several web server
Web server
Web server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
s, that allows for decentralized management of web server configuration.
The original purpose of .htaccess - reflected in its name - was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI
Common Gateway Interface
The Common Gateway Interface is a standard method for web servers software to delegate the generation of web pages to executable files...
handlers, etc.
These files are placed inside the web tree, and are able to override a subset of the server's global configuration for that directory, and all sub-directories.
Format
For historical reasons the format of .htaccess is the same as the Apache web server's global configuration file even when used with web servers such as Sun Java System Web Server and Zeus Web ServerZeus Web Server
Zeus Web Server is a proprietary web server for Unix and Unix-like platforms . Support for AIX, Tru64, and Mac OS X was dropped on 10 June 2008....
which have very different native global configuration files.
Common usage
AuthorizationAuthorization
Authorization is the function of specifying access rights to resources, which is related to information security and computer security in general and to access control in particular. More formally, "to authorize" is to define access policy...
, authentication
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
: .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The .htaccess file is often accompanied by a .htpasswd
.htpasswd
.htpasswd is a flat-file used to store usernames and password for basic authentication of Apache HTTP Server. The name of the file is given by in the .htaccess configuration, and can be anything, but ".htpasswd" is the canonical name. The file name starts with a dot, because most Unix-like...
file which stores valid usernames and their password
Password
A password is a secret word or string of characters that is used for authentication, to prove identity or gain access to a resource . The password should be kept secret from those not allowed access....
s.
Rewriting URLs
Rewrite engine
A rewrite engine is software that modifies a web URL's appearance . Rewritten URLs are used to provide shorter and more relevant-looking links to web pages...
: Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
Blocking : Use allow/deny to block users by IP address or domain. Also, use to block bad bots, rippers and referrers. Often used to restrict access by Search Engine spiders
SSI : Enable server-side includes.
Directory listing : Control how the server will react when no specific web page is specified.
Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found
HTTP 404
The 404 or Not Found error message is a HTTP standard response code indicating that the client was able to communicate with the server, but the server could not find what was requested. A 404 error should not be confused with "server not found" or similar errors, in which a connection to the...
.
MIME types : Instruct the server how to treat different varying file types.
Cache Control
Web cache
A web cache is a mechanism for the temporary storage of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag...
: .htaccess files allow a server to control caching
Cache
In computer engineering, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere...
by web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
s and proxies to reduce bandwidth
Bandwidth (computing)
In computer networking and computer science, bandwidth, network bandwidth, data bandwidth, or digital bandwidth is a measure of available or consumed data communication resources expressed in bits/second or multiples of it .Note that in textbooks on wireless communications, modem data transmission,...
usage, server
Web server
Web server can refer to either the hardware or the software that helps to deliver content that can be accessed through the Internet....
load, and perceived lag
Lag
Lag is a common word meaning to fail to keep up or to fall behind. In real-time applications, the term is used when the application fails to respond in a timely fashion to inputs...
.
Advantages
Immediate changes : Because .htaccess files are read on every request, changes made in these files take immediate effect - as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.Non-privileged users : For servers with multiple users, it is often desirable to allow individual users the ability to alter their site configuration. The use of .htaccess files allows such individualization, and by unprivileged users - because the main server configuration files do not need to be changed.
Disadvantages
Controlling Apache using the main server configuration filehttpd.confHttpd.confhttpd.conf is a configuration file which is used by the Apache HTTP Server. It stores information on various functions of the server, which can be edited by removing or adding a number sign "#" at the beginning of the line, thus setting values for each directive.The httpd.conf file can be located...
is often preferred for security and performance reasons:Performance loss : For each HTTP request, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files. It is possible to programatically migrate directives from .htaccess to
httpd.confHttpd.confhttpd.conf is a configuration file which is used by the Apache HTTP Server. It stores information on various functions of the server, which can be edited by removing or adding a number sign "#" at the beginning of the line, thus setting values for each directive.The httpd.conf file can be located...
if this performance loss is a concern.Security : Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.