An OSTraining member was recently confused about .htaccess files.
The member wondered what .htaccess files are for and why some sites use many .htaccess file.
So, here is our beginners guide to .htaccess files and how they're used.
Introducing .htaccess files
htaccess stands for "hypertext access".
These files provides configuration options for an entire directory. So, although I would not recommend this, you could have an .htaccess file for every directory on your server. The htaccess file acts as a subset of the server's global configuration files and allows rules to be overridden for specific directories.
These files are specific to Apache servers, so they're being used on the majority of servers worldwide.
The dot prefix marks the file as hidden for Unix based environments. Any file that starts with a prefix is usually a system file such as .bash.
What are common uses for .htaccess files?
htaccess files have evolved to have many, many uses for websites. Joomla, Drupal, WordPress and every major CMS relies heavily on htaccess files.
Often htaccess files add an additonal layor of protection to the folder they are in, plus the sub folders within. However, they have many other uses:
- URL rewriting
- Blocking spambots
- Directory listing
- Customized error responses
- Mime type
- Cache control
- ... and more uses.
Advantages of .htaccess files
- Instant change, the files are activated on a request basis so they will instantly start to work as soon as they are triggered. The global server configuration is only triggered every time the server is reset/reloaded.
- Non-privileged user power, by using .htaccess files users with minimal powers over the server can affect change over the sections they have access to this can allow for the server to be changed at the users will without need of global server access.
Disadvantages of .htaccess
- Performance, becomes an issue for each HTTP request the files are activated if you begin to experience performance loss from repeated access requests you should consider the performance of the .htaccess files and what can be migrated to httpd.conf or replaced entirely with nginx.
- Security, allowing users to change server settings this can open it up to security issues which is why it is recommended you make sure that the files have the correct access permissions, external access to .htaccess allows for the files to be updated which will take affect instantly which could result is the web server being compromised.
An example of an .htaccess file on a website
Let's take a look at how Drupal uses .htaccess files
In Drupal 7 you start with 2 .htaccess files.
One file is located in the document root. This protects some key files and folders. It is also involved in re-writing the site's URLs.
There's also another .htaccess file in the /sites/default/files/ folder, which contains all the files we upload to the site. This allows us to protect some of these files if we need to.