The
.htaccess file provides ways to change configurations for each directory.
.htaccess file (or "distributed configuration file") provides a method to change the configuration for each directory, that is, placing a file containing instructions in a specific directory, and the instructions in it apply to this directory and all subdirectory.
If you need to use a file name other than .htaccess, you can use the AccessFileName command to change it. For example, if you need to use .config, you can configure it in the server configuration file as follows: AccessFileName .config
Usually, .htaccess files use the same configuration syntax as the main configuration file. The AllowOverride directive determines which directives in the .htaccess file are valid by category. If a directive is allowed in .htaccess, then in the description of this manual, the directive will have an override section that describes the value that must be set in the AllowOverride directive for the directive to take effect.
In general, .htaccess files should not be used unless you do not have access to the main configuration file. There is a very common misunderstanding that user authentication can only be achieved through .htaccess files. In fact, this is not the case. It is completely feasible and a good method to write user authentication in the main configuration file.
.htaccess files should be used in situations where the content provider needs to change the server's configuration for a specific directory without root privileges. If the server administrator is unwilling to frequently modify the configuration, he or she can allow users to modify the configuration themselves through the .htaccess file, especially if the ISP runs multiple user sites on the same machine and hopes that users can change the configuration themselves.
However, you should generally avoid using .htaccess files whenever possible. Any configuration that you wish to put in the .htaccess file can be placed in the
There are two main reasons to avoid using .htaccess files.
The first is performance. If AllowOverride enables .htaccess files, Apache needs to look for .htaccess files in every directory, so enabling .htaccess will cause a performance drop regardless of whether it is actually used. In addition, for each request, the .htaccess file needs to be read once.
Also, Apache must look for .htaccess files in all parent directories for all valid directives to take effect (see directives in effect), so if a page in /www/htdocs/example is requested, Apache The following files must be found:
/.htaccess /www/.htaccess /www/htdocs/.htaccess /www/htdocs/example/.htaccess
A total of 4 additional files are accessed, even though none of them exist. (Note that this may simply be due to allowing the root directory "/" to use .htaccess, although this is rare.)
Second is safety. This will allow users to modify the server configuration themselves, which may lead to some unexpected modifications, so please carefully consider whether you should give the user such privileges. However, giving users less privileges than meets their needs will result in additional technical support requests. Therefore, users must be clearly informed of the permissions that have been given to them, explain the value of the AllowOverride setting, and guide them to refer to the corresponding Explain to avoid a lot of trouble in the future.
Note that placing instructions in the .htaccess file in the /www/htdocs/example directory is completely equivalent to placing the same instructions in the
Putting the configuration in the main configuration file is more efficient because it only needs to be read once when Apache starts, rather than every time the file is requested.
The configuration directives in the .htaccess file apply to the directory where the .htaccess file is located and all its subdirectories. However, it is important to note that there may also be .htaccess files in its upper-level directory, and the directive is to search The order takes effect in sequence, so the instructions in the .htaccess file in a specific directory may override the instructions in the .htaccess file in its parent directory, that is, the instructions in the subdirectory will override the instructions in the parent directory or the main configuration file.
Example: The .htaccess file in the /www/htdocs/example1 directory has the following content: Options +ExecCGI
(Note: "AllowOverride Options" must be set to allow the use of "Options" directives in .htaccess)
The .htaccess file in the /www/htdocs/example1/example2 directory has the following content: Options Includes
Due to the existence of the second .htaccess file, CGI execution in /www/htdocs/example1/example2 is not allowed, but only Options Includes are allowed, which completely overrides the previous settings.
As discussed in Configuration Sections (Containers), the .htaccess file can override the settings for the corresponding directory in the
<Directory /> Allowoverride All </Directory> <Location /> Options +IncludesNoExec -ExecCGI </Location>
如果你只是为了知道如何认证,而直接从这里开始看的,有很重要的一点需要注意,有一种常见的误解,认为实现密码认证必须要使用.htaccess文件,其实是不正确的。把认证指令放在主配置文件的
有此声明在先,如果你仍然需要使用.htaccess文件,请继续看以下说明。.htaccess文件的内容:
AuthType Basic AuthName "Password Required" AuthUserFile /www/passwords/password.file AuthGroupFile /www/passwords/group.file Require Group admins
必须设置 AllowOverride AuthConfig 以允许这些指令生效。
.htaccess文件的另一个常见用途是允许一个特定的目录使用服务器端包含(SSI),可以在需要的目录中放置.htaccess文件,并作如下配置:
Options +Includes AddType text/html shtml AddHandler server-parsed shtml
注意,必须同时设置 AllowOverride Options 和 AllowOverride FileInfo 以使这些指令生效。
可以通过.htaccess文件允许在特定的目录中执行CGI程序,需要作如下配置:
Options +ExecCGI AddHandler cgi-script cgi pl
另外,如下配置可以使给定目录下的所有文件被视为CGI程序:
Options +ExecCGI SetHandler cgi-script
注意,必须同时设置 AllowOverride Options 和 AllowOverride FileInfo 以使这些指令生效。
如果在.htaccess文件中的某些指令不起作用,可能有多种原因。
最常见的原因是AllowOverride指令没有被正确设置,必须确保没有对此文件区域设置 AllowOverride None 。有一个很好的测试方法,就是在.htaccess文件随便增加点无意义的垃圾内容,如果服务器没有返回了一个错误消息,那么几乎可以断定设置了 AllowOverride None 。
在访问文档时,如果收到服务器的出错消息,应该检查Apache的错误日志,可以知道.htaccess文件中哪些指令是不允许使用的,也可能会发现需要纠正的语法错误。