DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 11.7 Minimizing the Performance Impact of .htaccess Files

Problem

You want per-directory configuration but want to avoid the performance hit of .htaccess files.

Solution

Turn on AllowOverride only in directories where it is required, and tell Apache not to waste time looking for .htaccess files elsewhere:

AllowOverride None

Then use <Directory> sections to selectively enable .htaccess files only where needed.

Discussion

.htaccess files cause a substantial reduction in Apache's performance, because it must check for a .htaccess in every directory along the path to the requested file to be assured of getting all of the relevant configuration overrides. This is necessary because Apache configuration directives apply not only to the directory in which they are set, but also to all subdirectories. Thus, we must check for .htaccess files in parent directories, as well as in the current directory, to find any directives that would trickle down the current directory.

For example, if, for some reason, you had AllowOverride All enabled for all directories and your DocumentRoot was /usr/local/apache/htdocs, then a request for the URL http://example.com/events/parties/christmas.html would result in the following files being looked for and, if found, opened and searched for configuration directives:

/.htaccess
/usr/.htaccess
/usr/local/.htaccess
/usr/local/apache/.htaccess
/usr/local/apache/htdocs/.htaccess
/usr/local/apache/htdocs/events/.htaccess
/usr/local/apache/htdocs/events/parties/.htaccess

Now, hopefully, you would never have AllowOverride All enabled for your entire filesystem, so this is a worst-case scenario. However, occasionally, when people do not adequately understand what this configuration directive does, they will enable this option for their entire filesystem and suffer poor performance as a result.

The recommended solution is by far the best way to solve this problem. The <Directory> directive is specifically for this situation, and .htaccess files should really only be used in the situation where configuration changes are needed and access to the main server configuration file is not readily available.

For example, if you have a .htaccess file in /usr/local/apache/htdocs/events containing the directive:

AddEncoding x-gzip tgz

You should instead simply replace this with the following in your main configuration file:

<Directory /usr/local/apache/htdocs/event>
    AddEncoding x-gzip tgz
</Directory>

Which is to say, anything that appears in a .htaccess can, instead, appear in a <Directory> section, referring to that same directory.

If you are compelled to permit .htaccess files somewhere on your web site, you should only permit them in the specific directory where they are needed. For example, if you particularly need to permit .htaccess files in the directory /www/htdocs/users/leopold/, then you should explicitly allow then for only this directory:

<Directory /www/htdocs/users/leopold>
    AllowOverride All
</Directory>

One final note about the AllowOverride directive: this directive lets you be very specific about what types of directives you permit in .htaccess files, and you should make an effort only to permit those directives that are actually needed. That is, rather than using the All argument, you should allow specific types of directives as needed. In particular, the Options argument to AllowOverride should be avoided, if possible, as it may enable users to turn on features that you have turned off for security reasons.

See Also

    [ Team LiB ] Previous Section Next Section