Using .htaccess Files with Apache
Copyright © 2000 by Ken Coar. All rights reserved. Limited rights granted to Internet.Com.
One of the most common needs Webmasters have is to cause the Web server to handle all the documents in a particular directory, or tree of directories, in the same way -- such as requiring a password before granting access to any file in the directory, or allowing (or disallowing) directory listings. However, this need often extends to more than just the Webmaster; consider students on a departmental Web server at a university, or individual customers of an ISP, or clients of a Web-hosting company. This article describes how the Webmaster can extend permission to tailor Apache's behaviour to users, allowing them to have some control over how it handles their own sub-areas of its total Web-space.One of the most common needs Webmasters have is to cause the Web server to handle all the documents in a particular directory, or tree of directories, in the same way--such as requiring a password before granting access to any file in the directory, or allowing (or disallowing) directory listings.
This article shows how you can use per-directory configuration
.htaccess files, to customise
Apache behaviour -- or allow your users to do so for their own
Apache's configuration system addresses the need to group documents
by directory in a straightforward
manner. To apply controls to a particular directory tree, for
instance, you can use the
directive in the server's configuration files:
<Directory "C:/Program Files/Apache Group/Apache/htdocs"> AllowOverride None Options None </Directory>
This has the advantage of keeping control in the Webmaster's hands;
there's no need to worry about any of the server's users being able
to change the settings, since the server configuration files are
generally not modifiable by anyone except the admin. Unfortunately,
it has the disadvantages of
requiring a restart of Apache any time the config file is changed,
and that it can become truly burdensome to add all the
<Directory> containers that might be needed
for all the users that have special requirements.
An alternative method for supplying the desired granularity of Apache configuration -- down to the directory level -- is to use special partial config files in each directory with special requirements.
.htaccess file is simply a text file containing
Those directives apply to the documents in the directory where the
.htaccess file is located, and to all subdirectories
under it as well. Other
.htaccess files in subdirectories
may change or nullify the effects of those in parent directories; see
the section on merging for more information.
As text files, you can use whatever text editor you like to create or
make changes to
These files are called '
.htaccess files' because that's
what they're typically named. This naming scheme has its roots in
the NCSA Web server and the Unix file system; files whose names
begin with a dot are often considered to be 'hidden' and aren't
displayed in a normal directory listing. The NCSA developers
chose the name '
.htaccess' so that a control file
in a directory would have a fairly reasonable name ('ht' for
'hypertext') and not clutter up directory listings. Plus, there's
a long history of Unix utilities storing their preferences information
in such 'hidden' files.