5.11. Using .htaccess Files
We experimented with putting configuration directives in a file
called ... /htdocs/.htaccess
rather than in
httpd.conf. It worked, but how do you decide
whether to do things this way rather than the other?
The point of the .htaccess mechanism is that you
can change configuration directives without having to restart the
server. This is especially valuable on a site where a lot of people
are maintaining their own home pages but are not authorized to bring
the server down or, indeed, to modify its Config files. The drawback
to the .htaccess method is that the files are
parsed for each access to the server, rather than just once at
startup, so there is a substantial performance penalty.
The httpd.conf (from ...
/site.htaccess) file contains the following:
User webuser
Group webgroup
ServerName www.butterthlies.com
AccessFilename .myaccess
ServerAdmin sales@butterthlies.com
DocumentRoot /usr/www/site.htaccess/htdocs/customers
ErrorLog /usr/www/site.htaccess/logs/customers/error_log
TransferLog /usr/www/site.htaccess/logs/customers/access_log
ScriptAlias /cgi-bin /usr/www/cgi-bin
<VirtualHost sales.butterthlies.com>
ServerAdmin sales_mgr@butterthlies.com
DocumentRoot /usr/www/site.htaccess/htdocs/salesmen
ServerName sales.butterthlies.com
ErrorLog /usr/www/site.htaccess/logs/salesmen/error_log
TransferLog /usr/www/site.htaccess/logs/salesmen/access_log
ScriptAlias /cgi-bin /usr/www/cgi-bin
#<Directory /usr/www/site.htaccess/htdocs/salesmen>
#AuthType Basic
#AuthName darkness
#AuthUserFile /usr/www/ok_users/sales
#AuthGroupFile /usr/www/ok_users/groups
#require valid-user
#require group cleaners
#</Directory>
<Directory /usr/www/cgi-bin>
AuthType Basic
AuthName darkness
AuthUserFile /usr/www/ok_users/sales
AuthGroupFile /usr/www/ok_users/groups
#either flat files - above - or DBM below
#AuthDBMUserFile /usr/www/ok_dbm/sales
#AuthDBMGroupFile /usr/www/ok_dbm/groups
</Directory>
</VirtualHost>
Notice that the security part of the salespeople's section has
been commented out in ... /httpd.conf. The
following lines, which were part of it, are found in ...
/htdocs/salesmen/.myaccess:
AuthType Basic
AuthName darkness
AuthUserFile /usr/www/ok_users/sales
AuthGroupFile /usr/www/ok_users/groups
#require valid-user
require group cleaners
If you run the site with ./go and access
http://sales.butterthlies.com/, you are asked
for an ID and a password in the usual way. You had better be
daphne or sonia if you want
to get in, because only members of the group
cleaners are allowed. It has to be said, though,
that Netscape got into a tremendous muddle over passwords, and the
only reliable way to make sure that it was really doing what it
claimed was to exit and reload it before each test.
Now, if by way of playfulness, we rename ...
/htdocs/salesmen/.myaccess to
.noaccess and retry,
without restarting Apache, we should find that
password control has disappeared. This makes the point that Apache
parses this file each time the directory is accessed, not just at
startup.
If you decide to go this route, there are a number of things that can
be done to make the way smoother. For example, the name of the
control file can be changed (as we did earlier) with the
AccessFileName directive in the file
httpd.conf.
5.11.1. AccessFileName
AccessFileName filename, filename ...
Server config, virtual host
AccessFileName gives authority to the files
specified. Include the following line in
httpd.conf:
AccessFileName .myaccess1, myaccess2 ...
Restart Apache (since the AccessFileName has to be
read at startup) and then restart your browser to get rid of password
caching. When you reaccess the site, password control has reappeared.
You might expect that you could limit
AccessFileName to .myaccess
in some particular directory, but not elsewhere. You
can't -- it is global (well, more global than
per-directory). Try editing ... /conf/httpd.conf
to read:
<Directory /usr/www/site.htaccess/htdocs/salesmen>
AccessFileName .myaccess
</Directory>
Apache complains:
Syntax error on line 2 of /usr/www/conf/srm.conf: AccessFileName not allowed here
As we have said, this file is found and parsed on each access, and
this takes time. When a client requests access to a file
/usr/www/site.htaccess/htdocs/salesmen/index.html,
Apache searches for the following:
/.myaccess /usr/.myaccess /usr/www/.myaccess /usr/www/site.htaccess/.myaccess /usr/www/site.htaccess/htdocs/.myaccess /usr/www/site.htaccess/htdocs/salesmen/.myaccess
This multiple search also slows business down. You can turn multiple
searching off, and make a noticeable difference to Apache's
speed, with the following directive:
<Directory />
AllowOverride none
</Directory>
It is important to understand that "/" means the real,
root directory (because that is where Apache starts searching) and
not the URL.
 |  |  | | 5.10. Automatic User Information |  | 5.12. Overrides |
Copyright © 2001 O'Reilly & Associates. All rights reserved.
|
