Wednesday, April 11, 2012

Why I disable Apache's .htaccess

One of Apache's many options is to disable .htaccess. You can put all your configuration in the httpd.conf file, and do away with .htaccess. This does limit the ability for you to make *dynamic* changes to your Apache settings (dynamic==without restarting Apache), but it also speeds up server queries a little since it doesn't have to check for an .htaccess file for each request. It doesn't cache .htaccess files much, afaik, except maybe checking the last modified time (perhaps), and any OS based file caching. Apache does have to check for the existence of one in every folder that is referenced though, regardless of any secondary caching.

To disable .htaccess just specify the directories for which you want to disable it for, then add something like so to your configuration file -- encased in Directory tags specifying the folder to apply it to (e.g. the root public_html folder):

AllowOverride None

This means no .htaccess configuration overrides are checked for at request time, saving at least a marginal amount of system resources.

In addition, I feel disabling .htaccess also strengthens security a small bit. After all, if someone were able to over-write, or create, an .htaccess file, they might compromise your security. Of course, taking this action may break some popular Apache management software, so do so with care. Just remember that any advice you see on the web to put such and such in .htaccess can also go in the Apache configuration file. If using cPanel, use its custom include files, not a direct edit to the httpd.conf - else your changes will be lost.

Just a random note, which was the original intent of this blog ;).

No comments:

Post a Comment