What is .htaccess?
What is a .htaccess file?
.htaccess files are simple text files containing apache's configuration directives. These files can be edited with a normal text editor such as notepad on windows, while on linux, for example, with vi, nano or mcedit.
How it works
Apache's .htaccess files work in an extraordinarily simple way: when apache receives a request, before executing it, it checks to see if an .htaccess file exists in the folder of the requested file or in a previous folder; if so, it reads and interprets it at runtime and configures itself to comply with the directives in the file.
It is very important to note that Apache reloads the file with each request, so that it does not have to restart if changes are made, as is necessary if the main configuration file is modified.
What it is used for
An .htaccess file is commonly used for:
- Denying specific IPs to your site
- Password protecting your site
- Rewriting URLs
- Custom error pages
- Compressing and Caching Files
- General Security and Hack Prevention
.htaccess file scope is restricted to the folder in which the file is located.
The scope also includes all subfolders and related files in the root directory.
Using directives that call, in any way, previous folders in the directory tree will cause an "Internal Server Error," which is a 500-type error.
Any .htaccess files present in subdirectories of the folder containing the file with directives will have a higher priority than the main .htaccess. In this way it is possible to override any directives acquired from an .htaccess present in a parent folder.
When to use (or not to use) .htaccess files
In general, you should only use .htaccess files when you don't have access to the main server configuration file.
.htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system.
However, in general, use of .htaccess files should be avoided when possible. There are two main reasons to avoid the use of .htaccess files:
Performance: mainly because the .htaccess file is loaded every time a document is requested, and all .htaccess files must be searched in the folders
Security: allowing users to change the server configuration could result in changes over which you have no control