Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Some basic questions about .htaccess files

0 views
Skip to first unread message

Peter Hanke

unread,
Dec 30, 2009, 3:19:15 PM12/30/09
to
I have read now a couple of .htaccess tutorials. But some questions are still unanswered:

1.) Is there only ONE .htaccess file for all instructions on a website or can be there more than 1 ?
If there are more possible: Do the .htaccess files in sub directories automatically
overwrite directions in "upper", more global .htaccess files or do I have to write
this explicitly?

2.) Assume I want to restrict the access of one certain sub-sub-directory.
Do I have to put the .htaccess file in this particular directory or do I have
to put it in the website base directory /html?

3.) As far as I know the instruction

Options +Indexes

Allows indexing and showing the folder content of all directory of a website.
Read: the user can type in his browser:

http://www.mydomain.com/sub/sub/folder

and gets as response a list of all files in this subsubfolder

Not lets say I want to deny such a listing for all directories except the following two:

/html/aaa/subfolder1
/html/bbb/ccc/subfolder2

What do I have to write now into the .htaccess file in

/html/.htaccess

in order to get this restrictions?

Thank you
Peter

unruh

unread,
Dec 30, 2009, 5:05:20 PM12/30/09
to
On 2009-12-30, Peter Hanke <pete...@andres.net> wrote:
> I have read now a couple of .htaccess tutorials. But some questions are still unanswered:

.htaccess is deprecated, and you can find that suddenly they do not work
anymore ( apache keeps changing their defaults).


>
> 1.) Is there only ONE .htaccess file for all instructions on a website or can be there more than 1 ?

Each directory you want to "protect" can have one.

> If there are more possible: Do the .htaccess files in sub directories automatically
> overwrite directions in "upper", more global .htaccess files or do I have to write
> this explicitly?
>
> 2.) Assume I want to restrict the access of one certain sub-sub-directory.
> Do I have to put the .htaccess file in this particular directory or do I have
> to put it in the website base directory /html?

In that subdirectory.

>
> 3.) As far as I know the instruction
>
> Options +Indexes
>
> Allows indexing and showing the folder content of all directory of a website.
> Read: the user can type in his browser:
>
> http://www.mydomain.com/sub/sub/folder
>
> and gets as response a list of all files in this subsubfolder
>
> Not lets say I want to deny such a listing for all directories except the following two:
>
> /html/aaa/subfolder1
> /html/bbb/ccc/subfolder2
>
> What do I have to write now into the .htaccess file in
>
> /html/.htaccess

You put it into the subfolders.

goarilla

unread,
Dec 31, 2009, 5:48:37 AM12/31/09
to
On Wed, 30 Dec 2009 22:05:20 +0000, unruh wrote:

> On 2009-12-30, Peter Hanke <pete...@andres.net> wrote:
>> I have read now a couple of .htaccess tutorials. But some questions are
>> still unanswered:
>
> .htaccess is deprecated, and you can find that suddenly they do not work
> anymore ( apache keeps changing their defaults).
>
>

out of curiosity what's its successor ?

Wanna-Be Sys Admin

unread,
Jan 1, 2010, 4:46:31 PM1/1/10
to
unruh wrote:

> .htaccess is deprecated, and you can find that suddenly they do not
> work anymore ( apache keeps changing their defaults).

The use (and the function) of .htaccess is in no way deprecated. If you
use some directive or flag, etc. that has been, that is really not an
indication to claim that .htaccess itself is deprecated. I've been
using .htaccess with Apache since it was first available and I've never
had anything break or cease to work and that's almost always without
any changes needed. Unless Apache 3.x comes out and does something
really odd, I don't think it's a problem, nor do I think anyone should
avoid using .htaccess. It's quite useful. I have to wonder what you've
been doing that ceased to work and what "defaults" have been changing?
--
Not really a wanna-be, but I don't know everything.

Wanna-Be Sys Admin

unread,
Jan 1, 2010, 4:53:55 PM1/1/10
to
Peter Hanke wrote:

> I have read now a couple of .htaccess tutorials. But some questions
> are still unanswered:

Just so you know, there's an Apache usenet group that's more appropriate
for this question.

> 1.) Is there only ONE .htaccess file for all instructions on a website
> or can be there more than 1 ?

There can be one, or more than one. It depends on what you need, but
one in the web root path can override or conflict with the one's in sub
directories of the web root, so be aware of that.

> If there are more possible: Do the .htaccess files in sub
> directories automatically overwrite directions in "upper", more
> global .htaccess files or do I have to write this explicitly?

You sometimes need to keep conflicts and overriding in mind, depending
on what it's doing. You could create a looping effect, depending, too.
With a little consideration, it shouldn't be an issue.

> 2.) Assume I want to restrict the access of one certain
> sub-sub-directory. Do I have to put the .htaccess file in this
> particular directory or do I have to put it in the website base
> directory /html?

As long as it's in the path, either the parent web root directory, or
account path can work, or within the directory itself. It doesn't have
to go anywhere else, but sometimes it can be advantageous to set it up
to not create conflicts in a sub directory, again depending on what
you're doing and how you're doing it.

> 3.) As far as I know the instruction
>
> Options +Indexes
>
> Allows indexing and showing the folder content of all directory of a
> website. Read: the user can type in his browser:
>
> http://www.mydomain.com/sub/sub/folder
>
> and gets as response a list of all files in this subsubfolder

Just as a note, I usually use permissions to hide or unhide file listing
(in addition to possibly using this option to enable/disable). In
other words, if it fails to work how you want, be sure to consider
permissions play a role, still.

> Not lets say I want to deny such a listing for all directories except
> the following two:
>
> /html/aaa/subfolder1
> /html/bbb/ccc/subfolder2
>
> What do I have to write now into the .htaccess file in
>
> /html/.htaccess
>
> in order to get this restrictions?
>

Well, off the top of my head, you can either disable file listing as a
general rule in the primary .htaccess file ( being /html/.htaccess ),
and then add the directive to allow it by creating an .htaccess file
in ./aaa/subfolder1/.htaccess and ./bbb/ccc/subfolder2/.htaccess, or
better would be that you could add a <Directory...> block check to then
enable listing if the director{y,ies} matches. That would be cleaner.

Joe Pfeiffer

unread,
Jan 1, 2010, 7:47:23 PM1/1/10
to

Though Apache does point out that they should only be used if you don't
have access to the server configuration files, as they can reduce
performance. That's not quite "deprecated", but they are a second-best
choice for use when the best choice isn't possible.
--
As we enjoy great advantages from the inventions of others, we should
be glad of an opportunity to serve others by any invention of ours;
and this we should do freely and generously. (Benjamin Franklin)

Wanna-Be Sys Admin

unread,
Jan 1, 2010, 8:18:12 PM1/1/10
to
Joe Pfeiffer wrote:

> Wanna-Be Sys Admin <sysa...@example.com> writes:
>
>> unruh wrote:
>>
>>> .htaccess is deprecated, and you can find that suddenly they do not
>>> work anymore ( apache keeps changing their defaults).
>>
>> The use (and the function) of .htaccess is in no way deprecated. If
>> you use some directive or flag, etc. that has been, that is really
>> not an
>> indication to claim that .htaccess itself is deprecated. I've been
>> using .htaccess with Apache since it was first available and I've
>> never had anything break or cease to work and that's almost always
>> without
>> any changes needed. Unless Apache 3.x comes out and does something
>> really odd, I don't think it's a problem, nor do I think anyone
>> should
>> avoid using .htaccess. It's quite useful. I have to wonder what
>> you've been doing that ceased to work and what "defaults" have been
>> changing?
>
> Though Apache does point out that they should only be used if you
> don't have access to the server configuration files, as they can
> reduce
> performance. That's not quite "deprecated", but they are a
> second-best choice for use when the best choice isn't possible.

That's a valid point, but most users don't usually have that access, so
they can be very useful. Also, it prevents a mistake from taking the
web service down with it/preventing it from starting/restarting and
only affects the site in question (and the directories in the path),
and doesn't require the config to be re-read. But, I agree otherwise,
I just don't think that people claiming it's deprecated is even
remotely valid. Not to mention, if Apache changes how a directive's
syntax is supposed to be, or drops it altogether, you have bigger
problems if it's in the general config.

But, I suppose this is a good time to mention included vhosts, and
possibly allowing user's to modify fields there, so it's in a more
efficient format for Apache, but still in control of the user and so it
won't take down (or affect, if implmented properly) the rest of the
sites on the server. Well, either that or breaking out something like
a proxy module and having each account have its own Apache
implementation, but I think that, for the most part, if used wisely
with user control on a shared user environment, that .htaccess offers
the more flexible, stable and safest option. Not anything we don't
know about, but for the OP's benefit, I had to respond to the claim
that it's deprecated or imposes some issues that are proof that it's
best left unused.

0 new messages