You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by André Warnier <aw...@ice-sa.com> on 2009/03/13 20:00:40 UTC
[users@httpd] [DISCUSS] .htaccess for all and everything
Hi.
Browsing this list, I often get the impression that people use .htaccess
files for just about everything, even probably cases where it would be
better (for performance), clearer (to avoid secondary effects) and
easier (for control and maintenance) to put functionally equivalent
instructions in the main httpd.conf (or vhost.conf) configuration file.
As I understand it, enabling .htaccess files has the consequence that
Apache first has to go down once the path to the final file, checking
each intermediate directory of the path from
DocumentRoot/to/the/final/place for associated <Directory> and
<Location> containers and access directives therein and combine them,
and then finally when it gets to DocumentRoot/to/the/final/place and
finds a .htaccess file in it, throw all of that away and restart from
the beginning.
If the .htaccess are allowed in each intermediate directory, that must
generate quite an overhead, as compared to a
<Directory /to/the/final/place>
Allow from ...
Deny from ...
</Directory>
section.
Similarly, having RewriteRules inside of such a .htaccess makes it quite
a bit harder to figure out what is going on, independently of the fact
that any previous global RewriteRules would also have been applied for
nothing.
About the only advantage that I can see to .htaccess files, is when the
user has access only to a specific directory on the webserver, and does
not have access to the Apache configuration file.
Is that an extreme view ?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [DISCUSS] .htaccess for all and everything
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
André Warnier wrote:
> Hi.
>
> Browsing this list, I often get the impression that people use .htaccess
> files for just about everything [...]
There is no excuse for the administrator (with .conf file permissions) to
ever, ever, ever deploy .htaccess or set AllowOverride != None. There are
as many guides which state "don't do this" as there are which advocate
abusing .htaccess.
> About the only advantage that I can see to .htaccess files, is when the
> user has access only to a specific directory on the webserver, and does
> not have access to the Apache configuration file.
I'll give you one other valid test/staging scenario; you are trying to
figure out the impact of a particular directive or group of directives,
and wish to rapidly repeat the tests without restarting the server. The
.htaccess file provides a clean mechanism to experiment with many of the
httpd features, provided they are per-request / per-file / per-dir
overrides that you are experimenting with.
> Is that an extreme view ?
No :)
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [DISCUSS] .htaccess for all and everything
Posted by Frank Gingras <fr...@gmail.com>.
Andre,
I agree. So do most of the administrators in #apache on freenode, for
that matter.
I've seen speed improvements up to 15% in some extreme cases where
htaccess contents were merged into the appropriate sections of the
config files.
Aside from the performance issues, most new users stumble upon rewrite
rules, and find out to their dismay that they don't match in that
context. Even worse, most of them simply loop indefinitely.
I think the main reason why so many new users fall into this trap is
that most howto sites promote the use of htaccess without exposing the
alternate, proper way. One recent (?) example that comes to my mind is
www.askapache.com.
After a couple years of preaching, I don't see this situation improving
at all. The percentage of new users that simply disregard those 'tips'
is increasing, steadily.
Frank.
André Warnier wrote:
> Hi.
>
> Browsing this list, I often get the impression that people use .htaccess
> files for just about everything, even probably cases where it would be
> better (for performance), clearer (to avoid secondary effects) and
> easier (for control and maintenance) to put functionally equivalent
> instructions in the main httpd.conf (or vhost.conf) configuration file.
>
> As I understand it, enabling .htaccess files has the consequence that
> Apache first has to go down once the path to the final file, checking
> each intermediate directory of the path from
> DocumentRoot/to/the/final/place for associated <Directory> and
> <Location> containers and access directives therein and combine them,
> and then finally when it gets to DocumentRoot/to/the/final/place and
> finds a .htaccess file in it, throw all of that away and restart from
> the beginning.
> If the .htaccess are allowed in each intermediate directory, that must
> generate quite an overhead, as compared to a
> <Directory /to/the/final/place>
> Allow from ...
> Deny from ...
> </Directory>
> section.
>
> Similarly, having RewriteRules inside of such a .htaccess makes it quite
> a bit harder to figure out what is going on, independently of the fact
> that any previous global RewriteRules would also have been applied for
> nothing.
>
> About the only advantage that I can see to .htaccess files, is when the
> user has access only to a specific directory on the webserver, and does
> not have access to the Apache configuration file.
>
> Is that an extreme view ?
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org