What is .htaccess
HTACCESS DEFINITION:
A .htaccess (hypertext access) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.
The original purpose of .htaccess – reflected in its name – was to allow per-directory access control, by for example requiring a password to access the content. Nowadays however, the .htaccess files can override many other configuration settings including content type and character set, CGI handlers, etc.
These files are placed inside the web tree, and are able to override a subset of the server’s global configuration for that directory, and all sub-directories
What is .htaccess?
Using .htaccess files lets you control the behavior of your site or a specific directory on your site. For example, if you place an .htaccess file in your root directory, it will affect your entire site (www.themoderneducation.com). If you place it in a /Colleges directory, it will only affect that directory (www.themoderneducation.com/Colleges).
Common usage :
Using an .htaccess file, you can:
Authorization, authentication
.htaccess files are often used to specify the security restrictions for the particular directory, hence the filename “access”. The .htaccess file is often accompanied by a .htpasswd file which stores valid usernames and their passwords.
Rewriting URLs
Servers often use .htaccess to rewrite long, overly comprehensive URLs to shorter and more memorable ones.
Blocking
Use allow/deny to block users by IP address or domain. Also, use to block bad bots, rippers and referrers. Often used to restrict access by Search Engine spiders
SSI
Enable server-side includes.
Directory listing
Control how the server will react when no specific web page is specified.
Customized error responses
Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
MIME types
Instruct the server how to treat different varying file types.
Cache Control
.htaccess files allow a server to control caching by web browsers and proxies to reduce bandwidth usage, server load, and perceived lag.
.htaccess files are a simple ASCII text file with the name .htaccess. It is not an extension like .html or .txt. The entire file name is .htaccess. For more information on how to set up .htaccess files, visit Apache’s website.
Advantages :
Immediate changes
Because .htaccess files are read on every request, changes made in these files take immediate effect – as opposed to the main configuration file which requires the server to be restarted for the new settings to take effect.
Non-privileged users
For servers with multiple users, it is often desirable to allow individual users the ability to alter their site configuration. The use of .htaccess files allows such individualization, and by unprivileged users – because the main server configuration files do not need to be changed
Disadvantages :
Controlling Apache using the main server configuration file httpd.conf is often preferred for security and performance reasons:
Performance loss
For each HTTP request, there are additional file-system accesses for parent directories when using .htaccess, to check for possibly existing .htaccess files in those parent directories which are allowed to hold .htaccess files. It is possible to programatically migrate directives from .htaccess to httpd.conf if this performance loss is a concern.
Security
Allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.