ChrisDevBox

In order to make Apache .htaccess work on your servers you also need to add the AllowOverride directive inside

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, Apache will look in every directory for .htaccess files. Thus, permitting .htaccess files causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.

If you are running a big site and you are concern about performance then you should start by removing .htaccess files and moving them to your config director.

Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d).

The second consideration is one of security. You are permitting users to modify server configuration, which may result in changes over which you have no control. Carefully consider whether you want to give your users this privilege. Note also that giving users less privileges than they need will lead to additional technical support requests. Make sure you clearly tell your users what level of privileges you have given them. Specifying exactly what you have set AllowOverride to, and pointing them to the relevant documentation, will save yourself a lot of confusion later.

You can find all this info at the Apache website as well.  Is worth reading it.

This entry was posted on Thursday, June 26th, 2008 at 9:20 am and is filed under Apache, Performance, Security.