From Seo Wiki - Search Engine Optimization and Programming Languages
In several web servers (most commonly Apache), .htaccess (hypertext access) is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web tree, and is able to override a subset of the server's global configuration; the extent of this subset is defined by the web server administrator. The original purpose of .htaccess was to allow per-directory access control (e.g. requiring a password to access the content), hence the name. Nowadays .htaccess can override many other configuration settings, mostly related to content control, e.g. content type and character set, CGI handlers, etc.
In the Apache web server, the format of .htaccess is the same as the server's global configuration file; other web servers (such as Sun Java System Web Server and Zeus Web Server) implement the same syntax, even though their configuration files are very different. Directives in the .htaccess file apply to the current directory, and to all sub-directories (unless explicitly disabled in the server configuration), but for reasons of performance and security, cannot affect their parent directories.
- Authorization, authentication
- .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords.
- Rewriting URLs
- Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
- Use allow/deny to block users by IP address or domain. Also, use to block bad bots, rippers and referrers.
- Directory listing
- Control how the server will react when no specific web page is specified.
- Customized error responses
- Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
- MIME types
- Instruct the server how to treat different varying file types.
- Cache Control
- .htaccess files allow a server to control caching by web browsers and proxies to reduce bandwidth usage, server load, and perceived lag.
When .htaccess files should be used
.htaccess files are read on every request, therefore changes made in these files take immediate effect as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.
For servers with multiple users, as is common in shared web hosting plans, it is often desirable to allow individual users the ability to alter their site configuration. In general, .htaccess files should be used by users who do not have access to the main server configuration files.
When .htaccess files should not be used
- Performance loss
- For each HTTP request there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files.
- Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.
- ↑ "AllowOverride Directive". http://httpd.apache.org/docs/2.3/mod/core.html#allowoverride. Retrieved 2009-03-02.
- ↑ "Configuration Files". http://httpd.apache.org/docs/2.3/configuring.html. Retrieved 2009-03-02.
- ↑ "Apache Tutorial: Password Formats". http://httpd.apache.org/docs/2.3/misc/password_encryptions.html. Retrieved 2009-03-02.
- ↑ "Apache Tutorial: When (not) to use .htaccess files". http://httpd.apache.org/docs/2.2/howto/htaccess.html#when. Retrieved 2008-01-12.
- ↑ "Configuration Files - Apache HTTP Server". http://httpd.apache.org/docs/2.2/configuring.html. Retrieved 2008-01-12.
- ↑ "When Not to use .htaccess files". Httpd.apache.org. http://httpd.apache.org/docs/2.0/howto/htaccess.html#when. Retrieved 2009-09-02.
- ↑ "Protecting System Settings". http://httpd.apache.org/docs/2.3/misc/security_tips.html#systemsettings. Retrieved 2009-03-02.