You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by André Warnier <aw...@ice-sa.com> on 2009/03/13 20:00:40 UTC

[users@httpd] [DISCUSS] .htaccess for all and everything

Hi.

Browsing this list, I often get the impression that people use .htaccess 
files for just about everything, even probably cases where it would be 
better (for performance), clearer (to avoid secondary effects) and 
easier (for control and maintenance) to put functionally equivalent 
instructions in the main httpd.conf (or vhost.conf) configuration file.

As I understand it, enabling .htaccess files has the consequence that 
Apache first has to go down once the path to the final file, checking 
each intermediate directory of the path from 
DocumentRoot/to/the/final/place for associated <Directory> and 
<Location> containers and access directives therein and combine them, 
and then finally when it gets to DocumentRoot/to/the/final/place and 
finds a .htaccess file in it, throw all of that away and restart from 
the beginning.
If the .htaccess are allowed in each intermediate directory, that must 
generate quite an overhead, as compared to a
<Directory /to/the/final/place>
   Allow from ...
   Deny from ...
</Directory>
section.

Similarly, having RewriteRules inside of such a .htaccess makes it quite 
a bit harder to figure out what is going on, independently of the fact 
that any previous global RewriteRules would also have been applied for 
nothing.

About the only advantage that I can see to .htaccess files, is when the 
user has access only to a specific directory on the webserver, and does 
not have access to the Apache configuration file.

Is that an extreme view ?


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] [DISCUSS] .htaccess for all and everything

Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.

André Warnier wrote:
> Hi.
> 
> Browsing this list, I often get the impression that people use .htaccess 
> files for just about everything [...]

There is no excuse for the administrator (with .conf file permissions) to
ever, ever, ever deploy .htaccess or set AllowOverride != None.  There are
as many guides which state "don't do this" as there are which advocate
abusing .htaccess.

> About the only advantage that I can see to .htaccess files, is when the 
> user has access only to a specific directory on the webserver, and does 
> not have access to the Apache configuration file.

I'll give you one other valid test/staging scenario; you are trying to
figure out the impact of a particular directive or group of directives,
and wish to rapidly repeat the tests without restarting the server.  The
.htaccess file provides a clean mechanism to experiment with many of the
httpd features, provided they are per-request / per-file / per-dir
overrides that you are experimenting with.

> Is that an extreme view ?

No :)

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] [DISCUSS] .htaccess for all and everything

Posted by Frank Gingras <fr...@gmail.com>.

Andre,

I agree. So do most of the administrators in #apache on freenode, for 
that matter.

I've seen speed improvements up to 15% in some extreme cases where 
htaccess contents were merged into the appropriate sections of the 
config files.

Aside from the performance issues, most new users stumble upon rewrite 
rules, and find out to their dismay that they don't match in that 
context. Even worse, most of them simply loop indefinitely.

I think the main reason why so many new users fall into this trap is 
that most howto sites promote the use of htaccess without exposing the 
alternate, proper way. One recent (?) example that comes to my mind is 
www.askapache.com.

After a couple years of preaching, I don't see this situation improving 
at all. The percentage of new users that simply disregard those 'tips' 
is increasing, steadily.

Frank.

André Warnier wrote:
> Hi.
> 
> Browsing this list, I often get the impression that people use .htaccess 
> files for just about everything, even probably cases where it would be 
> better (for performance), clearer (to avoid secondary effects) and 
> easier (for control and maintenance) to put functionally equivalent 
> instructions in the main httpd.conf (or vhost.conf) configuration file.
> 
> As I understand it, enabling .htaccess files has the consequence that 
> Apache first has to go down once the path to the final file, checking 
> each intermediate directory of the path from 
> DocumentRoot/to/the/final/place for associated <Directory> and 
> <Location> containers and access directives therein and combine them, 
> and then finally when it gets to DocumentRoot/to/the/final/place and 
> finds a .htaccess file in it, throw all of that away and restart from 
> the beginning.
> If the .htaccess are allowed in each intermediate directory, that must 
> generate quite an overhead, as compared to a
> <Directory /to/the/final/place>
>   Allow from ...
>   Deny from ...
> </Directory>
> section.
> 
> Similarly, having RewriteRules inside of such a .htaccess makes it quite 
> a bit harder to figure out what is going on, independently of the fact 
> that any previous global RewriteRules would also have been applied for 
> nothing.
> 
> About the only advantage that I can see to .htaccess files, is when the 
> user has access only to a specific directory on the webserver, and does 
> not have access to the Apache configuration file.
> 
> Is that an extreme view ?
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org