25.4. The .htaccess file

An .htaccess file just is a plain text file that contains web server “directives” (another word for instructions in the Apache world), one per line. Think of it as an .ini file for your web server. The peculiarity of the .htaccess files is that, contrary to .ini files, their directives can be overwritten by .htaccess files located in subdirectories.

Thus your web server root directory may contain an .htaccess file (perhaps put in place by your ISP) whose directives should be valid through the whole website. However, you can create separate .htaccess files, one for each subdirectory of your website, containing directives that override those of the root. In this manner, you can achieve a very fine-grained control of the web server's behaviour.

WarningBeware of hidden .htaccess files!
 

Just because you don't see any .htaccess file there, does not necessarily mean there isn't one! Some hosts will hide files whose names start with a period, so you'd better ask your ISP. Overwriting an .htaccess file can affect your website in a very negative way - you could even lose access to it, if you delete an .htaccess file that contained directives vital to your configuration.

If you don't have access to the web server configuration file (a usual situation in mass hosting environments), then a properly populated .htaccess file is your only way of setting server configuration options. Apart form URL manipulation, there is a whole bunch of interesting things you can achieve with the .htaccess file, see Section 25.6, Section 25.7, or Section 27.3, for example. But before you do them, please make a backup of the existing .htaccess file!

Also bear in mind that, if you have full control of your server (i.e. administrator access to its configuration file), then it will be way faster to avoid using .htaccess and insert all the necessary lines in the configuration file itself. As the Apache HOWTO on when (not) to use .htaccess files says, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a <Directory> section in your main server configuration file.

There are two main reasons to avoid the use of .htaccess files:

  1. The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.

    Further note that Apache must look for .htaccess files in all higher-level directories, in order to have a full complement of directives that it must apply. Thus, if a file is requested out of a directory /www/htdocs/example, Apache must look for the following files:

    /.htaccess
    /www/.htaccess
    /www/htdocs/.htaccess
    /www/htdocs/example/.htaccess

    And so, for each file access out of that directory, there are 4 additional file-system accesses, even if none of those files are present. (Note that this would only be the case if .htaccess files were enabled for /, which is not usually the case.)

  2. The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over which you have no control. Carefully consider whether you want to give your users this privilege.

Note that it is completely equivalent to put a .htaccess file in a directory /www/htdocs/example containing a directive, and to put that same directive in a Directory section <Directory /www/htdocs/example> in your main server configuration:

.htaccess file in /www/htdocs/example:

AddType text/example .exm

httpd.conf example:

<Directory /www/htdocs/example>
AddType text/example .exm
</Directory>

However, putting this configuration in your server configuration file will result in less of a performance hit, as the configuration is loaded once when Apache starts, rather than every time a file is requested. Remember this, before you complain that Googletap (Section 25.5.1) is too slow for you.

TipHow to disable .htaccess completely
 

The use of .htaccess files can be disabled completely by setting the AllowOverride directive to "none"

AllowOverride None

In the sections to follow, we will see that the .htaccess file has to be populated with lines like

#Your Account
RewriteRule ^userinfo-([a-zA-Z0-9_-]*)\.html
modules.php?name=Your_Account&op=userinfo&username=$1

If you don't use the .htaccess file for performance reasons, you should put those lines in the configuration file. It is these lines that trigger mod_rewrite (Section 25.2) to translate static URLs that match the regular expression (Section 25.3)

^userinfo-([a-zA-Z0-9_-]*)\.html

to a dynamic URL that PHP-Nuke understands:

modules.php?name=Your_Account&op=userinfo&username=(some username)