Thread: Htaccess

    #1
  1. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Posts
    698
    Rep Power
    95

    Htaccess


    I am using an apache server and directory access is disabled. I would like to allow directory access for one directory only. I go into that directory and I issue the following:
    vi .htaccess
    and inside that file I write:
    Options +Indexes
    I save the file and try to access the directory from the web browser and I can't.
    Rats! What am I doing wrong?
    Evan
  2. #2
  3. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,066
    Rep Power
    9398
  4. #3
  5. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Posts
    698
    Rep Power
    95
    <Directory />
    Options FollowSymLinks
    AllowOverride All
    Order deny,allow
    Allow from all
    </Directory>

    I see. How do I modify this to allow one directory only?

    Thanks,
    Evan
  6. #4
  7. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,066
    Rep Power
    9398
    Actually <Directory /> should have AllowOverride None, then <Directory your site> should (since you need it) have AllowOverride Options (or AllowOverride All if you want everything). Then you can use a .htaccess file.

    Easiest way to check if you can use a .htaccess file: put random, nonsense junk in it and make sure you get a 500 error when you try to browse your site.
  8. #5
  9. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Posts
    698
    Rep Power
    95
    Is this what you recommend?
    <Directory />
    Options FollowSymLinks
    AllowOverride None
    ...
    </Directory>

    <Directory /home/site/public_html/>
    Options FollowSymLinks
    AllowOverride All
    ...
    </Directory>

    Originally Posted by requinix
    Actually <Directory /> should have AllowOverride None, then <Directory your site> should (since you need it) have AllowOverride Options (or AllowOverride All if you want everything). Then you can use a .htaccess file.

    Easiest way to check if you can use a .htaccess file: put random, nonsense junk in it and make sure you get a 500 error when you try to browse your site.
    Evan
  10. #6
  11. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,066
    Rep Power
    9398
  12. #7
  13. Banned ;)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Nov 2001
    Location
    Woodland Hills, Los Angeles County, California, USA
    Posts
    9,625
    Rep Power
    4247
    Oy vey. If you already have access to httpd.conf, why are you overriding stuff to use .htaccess? You can directly put that configuration setting in httpd.conf. If anything, enabling .htaccess use slows your webserver performance quite a bit. This is how you should configure httpd.conf

    <Directory />
    Options FollowSymLinks
    AllowOverride None
    ...
    </Directory>
    <Directory /home/site/public_html/special_directory/>
    Options FollowSymLinks Indexes
    ...
    </Directory>

    The Options lines will enable indexes on /home/site/public_html/special_directory/ and below only. If you enable .htaccess use in your httpd.conf, every time a request comes in (say to http://yourdomain.com/path/to/file.html), the webserver has to check for .htaccess in /home/site/public_html/path/to, then check for .htaccess in /home/site/public_html/path and then check for .htaccess in /home/site/public_html/ and merge the contents of the various .htaccess files (if they exist) to the final config and then make a decision based on that as to whether it needs to serve the file or not. And this happens on *every* request. Which means multiple file accesses (and possibly reads) for every request to /path/to/file.html.

    Now if you have access to httpd.conf and do the configuration there directly and don't enable .htaccess in there, then the config is loaded when the webserver starts up and it doesn't reread the config for every request. Which is why it is a lot more efficient to do it this way.

    IMHO .htaccess should only be used if you are using a shared web server with other people (since you don't need to restart the webserver if you change .htaccess). However, if you are using your own webserver, it is much better to disable .htaccess (set AllowOverride to None or don't set it at all (which makes the setting None by default)) and make your changes directly in httpd.conf.

    Incidentally, this isn't just my advice, it is the advice given by the folks who write the Apache web server.
    From: http://httpd.apache.org/docs/current.../htaccess.html
    Right at the very top of the page, they say:
    You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.
    and a little further down, they say:
    In general, you should only use .htaccess files when you don't have access to the main server configuration file. There is, for example, a common misconception that user authentication should always be done in .htaccess files, and, in more recent years, another misconception that mod_rewrite directives must go in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things. Likewise, mod_rewrite directives work better, in many respects, in the main server configuration.

    .htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves. This is particularly true, for example, in cases where ISPs are hosting multiple user sites on a single machine, and want their users to be able to alter their configuration.

    However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a <Directory> section in your main server configuration file.
    'Nuff said .

    Comments on this post

    • requinix agrees : true dat
    Last edited by Scorpions4ever; July 23rd, 2013 at 02:42 PM.
    Up the Irons
    What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
    "Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
    Down with Sharon Osbourne

    "I wouldn't hire a butcher to fix my car. I also wouldn't hire a marketing firm to build my website." - Nilpo
  14. #8
  15. Contributing User
    Devshed Novice (500 - 999 posts)

    Join Date
    Nov 2003
    Posts
    698
    Rep Power
    95
    I do have a access to http.conf file and everyone's input is greatly valued.

    THANKS!
    Evan

IMN logo majestic logo threadwatch logo seochat tools logo