httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "ScratchPad/htaccess" by pctony
Date Tue, 27 Feb 2007 23:08:01 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by pctony:
http://wiki.apache.org/httpd/ScratchPad/htaccess

The comment on the change is:
update 1 - still in progress

------------------------------------------------------------------------------
- (!) THIS IS A SCRATCHPAD ONLY PAGE AT THE MOMENT, AND SHOULD NOT BE MOVED OUT OF (!)
+ (!) THIS IS A SCRATCHPAD ONLY PAGE AT THE MOMENT, AND SHOULD NOT BE MOVED OUT OF HERE (!)
  
  (!) This document should be used to draft a new version of the [http://httpd.apache.org/docs/trunk/howto/htaccess.html
official httpd howto docs] (!)
  
- (!) Please review/delete  [http://wiki.apache.org/general/htaccess]  once this page graduates
from the ScratcPad (!)
+ (!) Please review/delete  [http://wiki.apache.org/general/htaccess]  once this page graduates
from the !ScratchPad (!)
  
  ----
  
  '''The use of .htaccess files is discouraged as they can have a detrimental effect on server
performance. Only use them when necessary.'''
  
- == What's the purpose of .htaccess files? ==
+ == What is the purpose of .htaccess files? ==
  
  The purpose of .htaccess files is to provide a means to configure Apache for users who cannot
modify the main configuration file (usually httpd.conf; see [["Info/DistrosDefaultLayout"]]).
  
@@ -18, +18 @@

  
  === .htaccess files mean password protection ===
  
- Not really; .htaccess files can be used to provide password protection the same way the
main configuration files can be used to provide password protection; there is nothing special
about .htaccess for this purpose.
+ Not really; .htaccess files '''''can''''' be used to provide password protection the same
way the main configuration files can be used to provide password protection; there is nothing
special about .htaccess for this purpose.
  
- == When should I use .htaccess files? ==
+ == When should I & should I not use .htaccess files? ==
  
+ === Should Use ===
- Only when you cannot directly edit the main configuration files!
+ .htaccess files should really only be used when you cannot directly edit the main configuration
files!
  
+ Using htaccess files will cause apache to search for them in every directory it recurses
into.  It will then read this every time it enters the directory
+ 
+ === Should not use ===
+ You should not use htaccess when :
+  1.  When you access to edit the main server configuration file(s)
+  1.  When server performance is of concern to you.  As these can have a negative impact
on server performance.
+  1.  When untrusted people host websites on the server.  (See notes on how to disable .htaccess
files)
+ 
- === But it's ugly having all that stuff in the main config file! ===
+ === But it's ugly having all that stuff in the main config file ===
  
  Well, it might be, but you can use the Include directive to alleviate that if it really
bothers you!
  
  Let's suppose you dislike huge config files and that, for instance, you want to provide
password authentication for all your virtual hosts. You could put a .htaccess in the root
of each virtual host, or you could create a 
  subdirectory within the Apache config directory, containing a config file per vhost with
the proper directives -- such as /usr/local/apache2/conf/vhosts-protection. Then, in httpd.conf,
you could write 
+ 
  {{{
  Include /usr/local/apache2/conf/vhosts-protection/*.conf
  }}}
@@ -71, +81 @@

  </Directory>
  }}}
  
+ 
  == How do I use .htaccess files? ==
  
  .htaccess files are containers for (certain, restricted) Apache directives. Note that some
directives might be ignored due to Override configuration in the main config files.
  
- == How can I prevent users from using .htaccess, or how define what can they do with them?
==
+ You must place the .htaccess file in the directory where you want it to effect changes.
 For example if you want to use a .htaccess file to force authentication for  www.example.com/admin

+ 
+ If your !DocumentRoot is ''/var/www/html/www.example.com'' then you would place your .htaccess
file in ''/var/www/html/www.example.com/admin''
+ 
+ == How can I prevent users from using .htaccess? ==
+ 
+ In your main server config, place the following in your top-level <Directory> block.
 i.e.
+ 
+ {{{
+ <Directory /var/www/html>
+ ...
+ AllowOveride None
+ ...
+ </Directory>
+ }}}
+ 
+ == How can I control what users can do with .htaccess files? ==
  
  By setting AllowOverride properly. See [http://httpd.apache.org/docs/trunk/mod/core.html#allowoverride
AllowOverride] docs.
  

Mime
View raw message