Should I use .htaccess in an Apache production/live environment?

Posted on

Should I use .htaccess in an Apache production/live environment? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about apache-2.2, .htaccess, , , .

Is there any reason (security, performance, etc.) that I should not use .htaccess in an Apache production/live environment?

Solution :

Apache’s official recommendation is to avoid use of .htaccess unless it’s absolutely necessary.

If AllowOverride is set to anything other than None, then every single request that the system receives for a context with AllowOverride enabled will cause the Apache process to check for an .htaccess file in every part of the filesystem tree that could potentially contain a .htaccess that would apply to the current request.

See here:

In general, you should never use .htaccess files unless you don’t have access to the main server configuration file. There is, for example, a prevailing misconception that user authentication should always be done in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things.

.htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves. This is particularly true, for example, in cases where ISPs are hosting multiple user sites on a single machine, and want their users to be able to alter their configuration.

However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a section in your main server configuration file.

It depends on your requirements.

The technical reason for the existence of the .htaccess mechanism is so that people other than site administrators can change local configuration that they control without requiring access to the global apache server configuration.

It doesn’t have a lot to do with security, but using many .htaccess files will impact performance.

Leave a Reply

Your email address will not be published. Required fields are marked *