Apache HTTP Server Tutorial: .htaccess files

Available Languages: en | es | fr | ja | ko | pt-br

.htaccess files provide a way to make configuration changes on a per-directory basis.

.htaccess files
What they are/How to use them
When (not) to use .htaccess files
How directives are applied
Authentication example
Server Side Includes example
Rewrite Rules in .htaccess files
CGI example
Troubleshooting

.htaccess files

Related Modules	Related Directives
`core` `mod_authn_file` `mod_authz_groupfile` `mod_cgi` `mod_include` `mod_mime`	`AccessFileName` `AllowOverride` `Options` `AddHandler` `SetHandler` `AuthType` `AuthName` `AuthUserFile` `AuthGroupFile` `Require`

You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files slows down your Apache http server. Any directive that you can include in a .htaccess file is better set in a Directory block, as it will have the same effect with better performance.

What they are/How to use them

.htaccess files (or "distributed configuration files") provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.

Note:

If you want to call your .htaccess file something else, you can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .config then you can put the following in your server configuration file:

AccessFileName ".config"

In general, .htaccess files use the same syntax as the main configuration files. What you can put in these files is determined by the AllowOverride directive. This directive specifies, in categories, what directives will be honored if they are found in a .htaccess file. If a directive is permitted in a .htaccess file, the documentation for that directive will contain an Override section, specifying what value must be in AllowOverride in order for that directive to be permitted.

For example, if you look at the documentation for the AddDefaultCharset directive, you will find that it is permitted in .htaccess files. (See the Context line in the directive summary.) The Override line reads FileInfo. Thus, you must have at least AllowOverride FileInfo in order for this directive to be honored in .htaccess files.

Example:

Context:	server config, virtual host, directory, .htaccess
Override:	FileInfo

If you are unsure whether a particular directive is permitted in a .htaccess file, look at the documentation for that directive, and check the Context line for ".htaccess".

When (not) to use .htaccess files

In general, you should only use .htaccess files when you don't have access to the main server configuration file. There is, for example, a common misconception that user authentication should always be done in .htaccess files, and, in more recent years, another misconception that