You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wiki-changes@httpd.apache.org by Apache Wiki <wi...@apache.org> on 2007/01/26 12:18:58 UTC

[Httpd Wiki] Update of "ScratchPad/htaccess" by VinkoVrsalovic

Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by VinkoVrsalovic:
http://wiki.apache.org/httpd/ScratchPad/htaccess

The comment on the change is:
A first try to improve this. Please correct any errors you see! :)

------------------------------------------------------------------------------
  
  (!) This document should be used to draft a new version of the [http://httpd.apache.org/docs/trunk/howto/htaccess.html official httpd howto docs] (!)
  
- '''The use of .htaccess files is strongly discouraged as they can have a detremental effect on server performance.'''
+ '''The use of .htaccess files is strongly discouraged as they can have a detrimental effect on server performance. Please use it only when strictly needed.'''
  
+ == What's .htaccess files purpose? ==
+ 
+ The purpose of .htaccess files is to provide a means to configure HTTPd to users that cannot modify the main configuration file (usually httpd.conf, see DistrosDefaultLayout).
+ 
+ == .htaccess myths ==
+ 
+ === .htaccess files mean password protection ===
+ 
+ No, .htaccess files can be used to provide password protection the same way main configuration files can be used to provide
+ password protection, nothing special about .htaccess here.
+ 
+ == When should I use .htaccess files? ==
+ 
+ Only when you cannot edit directly the main configuration file!
+ 
+ === But, it's ugly having all that stuff in the main config file! ===
+ Well, it might be, but you can use the Include directive to alleviate that if it really bothers you!
+ 
+ Let's suppose you dislike huge config files and that, for instance, you want to provide password authentication for all your virtual hosts. You could put a .htaccess in the root of each virtual host (BUT PLEASE DON'T!), or, you could create a 
+ directory within the tree of apache's config files and create a config file per vhost with the proper directives, say
+ /usr/local/apache2/conf/vhosts-protection. Then, in httpd.conf you can write Include /usr/local/apache2/conf/vhosts-protection/*.conf for all those directives to take effect.
+ 
+ '''/usr/local/apache2/cont/vhosts-protection/vhost-1.conf'''
+ {{{
+ <Directory "/var/www/html/vhost-1> 
+   AuthType Basic
+   AuthName "Authentication Required"
+   AuthUserFile "/etc/htpasswd/vhost-1/.htpasswd"
+   Require valid-user
+ 
+   Order allow,deny
+   Allow from all
+ </Directory>
+ }}}
+ 
+ And so on. Now let's suppose you really must use .htaccess files, the .htaccess file should be located in /var/www/html/vhost-1/ and it should read like:
+ 
+ '''/var/www/html/vhost-1/.htaccess'''
+ {{{
+   AuthType Basic
+   AuthName "Authentication Required"
+   AuthUserFile "/etc/htpasswd/vhost-1/.htpasswd"
+   Require valid-user
+ 
+   Order allow,deny
+   Allow from all
+ }}}
+ 
+ As you can see, .htaccess files are restricted to the directory they're placed in, and thus you can think of .htaccess files as adding dynamically to Apache configuration a <Directory /path/to/.htaccess> .htaccess content </Directory>
  
  == How do I use .htaccess files? ==
  
+ .htaccess files are used by placing valid Apache directives in the files. You might not get what you want due to Override configuration in the main config file.
  
+ == How can I prevent users from using .htaccess, or how to define what can they do on them? ==
+ 
+ By setting AllowOverride properly. See [http://httpd.apache.org/docs/trunk/mod/core.html#allowoverride AllowOverride] docs.
  
  == How can I create a new .htaccess file? ==
  
  Use your favourite editor to create a .htaccess file in the folder where you want it to take affect.
  
  
+ == What can I do with my .htaccess file? ==
+ You are restricted from two fronts, what the administrator chose to enable, and what Apache allows. To check the first one,
+ contact your administrator (or hosting provider, or just try), to check the second one, find the directive you want to use in
+ the documentation, and see the Context: section. If it says .htaccess, then it can be used, given that the admininstrator gave
+ you access to that.
  
- == What can I do with my .htaccess file ==
+ == How do I troubleshoot my .htaccess file? ==
+ Try putting garbage in it. If it is being read, you'll get an Internal Server Error when accessing that URL. If it is being read see ["htaccessGotchas"] to find more about what can be going wrong.