htaccess stands for HyperTextAccess. .htaccess refers to the default filename of distributed configuration files, that provide a way to make configuration changes on a per-directory basis. Such a file, containing one or more configuration directives, is placed in a particular directory in the DocumentRoot, and the directives apply to that directory, and it’s subdirectories.
Using .htaccess files should be avoided completely if we have access to the main configuration files. Using .htaccess files slows down the server. Because htaccess rules applies to every request processed by the server. It naturally creates an overhead for the server. So the more complex htaccess rules are, the more resource intense they are.
Any directive that we can include in an .htaccess file is better set in a <Directory> block, as it will have the same effect with better performance.
Apache HTTP Server‘s project website provides the following topics on .htaccess files.
Basic tutorial on .htaccess files
http://httpd.apache.org/docs/2.4/howto/htaccess.html
Extensive tutorial on using .htaccess files for rewriting URLs
http://httpd.apache.org/docs/2.4/rewrite/
If writing htaccess directives are hard for you, then you must look to Dot HtAccesser.
Dot HtAccesser is a PHP based application, written by Chris Todd and was once provided by the website of Bite Size, Inc. This website is no longer operational. So I have provided Dot HtAccesser on the following link.
http://howtolamp.com/tools/htaccesser/
When Apache HTTP Server looks for a per-directory configuration file, it needs to know the name of that file. This is managed by the core module directive AccessFileName. By default the value of this directive is sets to .htaccess.
When Apache HTTP Server finds an .htaccess file, it needs to know which directives declared in that file can override earlier configuration directives. This is managed by the following two core module directives.
• AllowOverride
• AllowOverrideList
AllowOverride
SYNTAX: AllowOverride All|None|directive-type [directive-type] …
CONTEXT: directory
Default value is set to None.
Defines the set of directives that can be defined in a configuration file.
Allowoverride directive supports the following options.
1) All
2) AuthConfig
3) FileInfo
4) Indexes
5) Limit
6) Nonfatal
7) Options
8) None
http://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
1) All
Allows any directive with .htaccess context to be placed in .htaccess files.
To know if a certain Directive has .htaccess context, visit Apache HTTP Server‘s Directive Quick Reference at http://httpd.apache.org/docs/2.4/mod/quickreference.html.
2) AuthConfig
Allows the usage of authorization directives.
Manages the given directives provided by following modules.
core module
<Limit>, <LimitExcept>
http://httpd.apache.org/docs/2.4/mod/core.html
mod_access_compat.so
Satisfy
http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html
mod_auth_basic.so
AuthBasicAuthoritative, AuthBasicFake, AuthBasicProvider, AuthBasicUseDigestAlgorithm
http://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html
mod_auth_digest.so
AuthDigestAlgorithm, AuthDigestDomain, AuthDigestNonceLifetime, AuthDigestProvider, AuthDigestQop
http://httpd.apache.org/docs/2.4/mod/mod_auth_digest.html
mod_auth_form.so
AuthFormAuthoritative, AuthFormProvider
http://httpd.apache.org/docs/2.4/mod/mod_auth_form.html
mod_authn_anon.so
Anonymous, Anonymous_LogEmail, Anonymous_MustGiveEmail, Anonymous_NoUserID, Anonymous_VerifyEmail
http://httpd.apache.org/docs/2.4/mod/mod_authn_anon.html
mod_authn_core.so
AuthName, AuthType
http://httpd.apache.org/docs/2.4/mod/mod_authn_core.html
mod_authn_dbm.so
AuthDBMType, AuthDBMUserFile
http://httpd.apache.org/docs/2.4/mod/mod_authn_dbm.html
mod_authn_file.so
AuthUserFile
http://httpd.apache.org/docs/2.4/mod/mod_authn_file.html
mod_authn_socache.so
AuthnCacheProvideFor, AuthnCacheTimeout
http://httpd.apache.org/docs/2.4/mod/mod_authn_socache.html
mod_authnz_ldap.so
AuthLDAPAuthorizePrefix, AuthLDAPBindAuthoritative, AuthLDAPBindDN, AuthLDAPBindPassword, AuthLDAPCompareAsUser, AuthLDAPCompareDNOnServer, AuthLDAPDereferenceAliases, AuthLDAPGroupAttribute, AuthLDAPGroupAttributeIsDN, AuthLDAPInitialBindAsUser, AuthLDAPInitialBindPattern, AuthLDAPMaxSubGroupDepth, AuthLDAPRemoteUserAttribute, AuthLDAPRemoteUserIsDN, AuthLDAPSearchAsUser, AuthLDAPSubGroupAttribute, AuthLDAPSubGroupClass, AuthLDAPUrl
http://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html
mod_authz_core.so
AuthMerging, Require, <RequireAll>, <RequireAny>, <RequireNone>
http://httpd.apache.org/docs/2.4/mod/mod_authz_core.html
mod_authz_dbd.so
AuthzDBDLoginToReferer, AuthzDBDQuery, AuthzDBDRedirectQuery
http://httpd.apache.org/docs/2.4/mod/mod_authz_dbd.html
mod_authz_dbm.so
AuthDBMGroupFile, AuthzDBMType
http://httpd.apache.org/docs/2.4/mod/mod_authz_dbm.html
mod_authz_groupfile.so
AuthGroupFile
http://httpd.apache.org/docs/2.4/mod/mod_authz_groupfile.html
mod_ldap.so
LDAPReferralHopLimit, LDAPReferrals
http://httpd.apache.org/docs/2.4/mod/mod_ldap.html
mod_session.so
Session, SessionEnv, SessionHeader, SessionInclude, SessionMaxAge
http://httpd.apache.org/docs/2.4/mod/mod_session.html
mod_ssl.so
SSLCipherSuite, SSLProxyCipherSuite, SSLRenegBufferSize, SSLRequire, SSLRequireSSL, SSLUserName, SSLVerifyClient, SSLVerifyDepth
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
3) FileInfo
Allow the use of directives controlling document types and document metadata.
Manages the given directives provided by following modules.
core module
AcceptPathInfo, AddDefaultCharset, CGIMapExtension, DefaultType, EnableMMAP, EnableSendfile, ErrorDocument, FileETag, ForceType, ScriptInterpreterSource, SetHandler, SetInputFilter, SetOutputFilter
http://httpd.apache.org/docs/2.4/mod/core.html
mod_actions.so
Action
http://httpd.apache.org/docs/2.4/mod/mod_actions.html
mod_alias.so
Redirect, RedirectMatch, RedirectPermanent, RedirectTemp
http://httpd.apache.org/docs/2.4/mod/mod_alias.html
mod_charset_lite.so
CharsetDefault, CharsetOptions, CharsetSourceEnc
http://httpd.apache.org/docs/2.4/mod/mod_charset_lite.html
mod_env.so
PassEnv, SetEnv, UnsetEnv
http://httpd.apache.org/docs/2.4/mod/mod_env.html
mod_filter.so
AddOutputFilterByType
http://httpd.apache.org/docs/2.4/mod/mod_filter.html
mod_headers.so
Header, RequestHeader
http://httpd.apache.org/docs/2.4/mod/mod_headers.html
mod_isapi.so
ISAPIAppendLogToErrors, ISAPIAppendLogToQuery, ISAPIFakeAsync, ISAPILogNotSupported, ISAPIReadAheadBuffer
http://httpd.apache.org/docs/2.4/mod/mod_isapi.html
mod_mime.so
AddCharset, AddEncoding, AddHandler, AddInputFilter, AddLanguage, AddOutputFilter, AddType, DefaultLanguage, MultiviewsMatch, RemoveCharset, RemoveEncoding, RemoveHandler, RemoveInputFilter, RemoveLanguage, RemoveOutputFilter, RemoveType
http://httpd.apache.org/docs/2.4/mod/mod_mime.html
mod_negotiation.so
ForceLanguagePriority, LanguagePriority
http://httpd.apache.org/docs/2.4/mod/mod_negotiation.html
mod_rewrite.so
RewriteBase, RewriteCond, RewriteEngine, RewriteOptions, RewriteRule
http://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
mod_setenvif.so
SetEnvIf, SetEnvIfExpr, SetEnvIfNoCase, BrowserMatch, BrowserMatchNoCase
http://httpd.apache.org/docs/2.4/mod/mod_setenvif.html
mod_substitute.so
Substitute
http://httpd.apache.org/docs/2.4/mod/mod_substitute.html
mod_usertrack.so
CookieDomain, CookieExpires, CookieName, CookieStyle, CookieTracking
http://httpd.apache.org/docs/2.4/mod/mod_usertrack.html
4) Indexes
Allows the usage of directives controlling directory indexing.
Manages the given directives provided by following modules.
mod_autoindex.so
AddAlt, AddAltByEncoding, AddAltByType, AddDescription, AddIcon, AddIconByEncoding, AddIconByType, DefaultIcon, HeaderName, IndexHeadInsert, IndexIgnore, IndexIgnoreReset, IndexOptions, IndexOrderDefault, IndexStyleSheet, ReadmeName
http://httpd.apache.org/docs/2.4/mod/mod_autoindex.html
mod_cern_meta.so
MetaDir, MetaFiles, MetaSuffix
http://httpd.apache.org/docs/2.4/mod/mod_cern_meta.html
mod_dir.so
DirectoryCheckHandler, DirectoryIndex, DirectoryIndexRedirect, DirectorySlash, FallbackResource
http://httpd.apache.org/docs/2.4/mod/mod_dir.html
mod_expires.so
ExpiresActive, ExpiresByType, ExpiresDefault
http://httpd.apache.org/docs/2.4/mod/mod_expires.html
mod_imagemap.so
ImapBase, ImapDefault, ImapMenu
http://httpd.apache.org/docs/2.4/mod/mod_imagemap.html
5) Limit
Allows the usage of the directives controlling host access.
Manages the given directives provided by following modules.
core module
<Limit>, <LimitExcept>
http://httpd.apache.org/docs/2.4/mod/core.html
mod_access_compat.so
Allow, Deny, Order
http://httpd.apache.org/docs/2.4/mod/mod_access_compat.html
6) Nonfatal
SYNTAX: Nonfatal=[Override|Unknown|All]
Allows to treat syntax errors in .htaccess files as non-fatal. So, instead of causing an Internal Server Error, disallowed or unrecognised directives will be ignored and a warning logged.
NOTE:
• A syntax error in a valid directive will still cause an internal server error.
• Nonfatal errors may have security implications. For example, if AllowOverride disallows AuthConfig, users’ configuration designed to restrict access to a site will be disabled.
7) Options
SYNTAX: Options[=Option,...]
Allows the usage of the directives controlling specific directory features.
NOTE: When directives for Options are placed inside .htaccess files, they must be space separated values. A ‘+’ or ‘-’ sign can be used in front of values. Mixing directives with signs and without signs is not valid syntax, and will be rejected during server startup by the syntax check with an abort.
example: Options Indexes MultiViews
example: Options +Indexes +MultiViews
example: Options +Indexes -MultiViews
Manages the given directives provided by following modules.
core module
ContentDigest, Options
http://httpd.apache.org/docs/2.4/mod/core.html
mod_include.so
XBitHack
http://httpd.apache.org/docs/2.4/mod/mod_include.html
mod_speling.so
CheckCaseOnly, CheckSpelling
http://httpd.apache.org/docs/2.4/mod/mod_speling.html
mod_ssl.so
SSLOptions, SSLProxyProtocol
http://httpd.apache.org/docs/2.4/mod/mod_ssl.html
mod_reflector.so
ReflectorHeader
http://httpd.apache.org/docs/2.4/mod/mod_reflector.html
8) None
Causes any directive with .htaccess context to be ignored.
To know if a certain Directive has .htaccess context, visit Apache HTTP Server‘s Directive Quick Reference at http://httpd.apache.org/docs/2.4/mod/quickreference.html
AllowOverrideList
SYNTAX: AllowOverrideList None|directive [directive-type] …
CONTEXT: directory
This value is not set by default.
Defines the individual directives that can be defined in a configuration file.
AllowOverrideList directive supports the following options.
1) (List of directives)
2) None
http://httpd.apache.org/docs/2.4/mod/core.html#allowoverridelist
1) (List of directives)
AllowOverrideList accepts an individual directive or a list of directives that are accepted in an .htaccess file.
EXAMPLE: To allow the usage of directives provided by module mod_rewrite.so, we can use the following values with AllowOverrideList.
AllowOverrideList RewriteBase RewriteCond RewriteEngine RewriteOptions RewriteRule
2) None
Causes any directive with .htaccess context to be ignored.
To know if a certain Directive has .htaccess context, visit Apache HTTP Server‘s Directive Quick Reference at http://httpd.apache.org/docs/2.4/mod/quickreference.html
You may go back to the section, Installing Apache HTTP Server.