.htaccess

IN the Apache web server, .htaccess (hypertext access) is the default name of directory-level configuration files. A .htaccess file is placed in a particular directory, and the directives in the .htaccess file apply to that directory, and all subdirectories thereof. It provides the ability to customize configuration for requests to the particular directory. The file name starts with a dot because dot-files are by convention hidden files on Unix-like operating systems.


* Authorization, authentication: .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and their passwords.
* Customized error responses: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
* Rewriting URLs: Servers often use .htaccess to rewrite "ugly" URLs to shorter and prettier ones.
* Cache Control: .htaccess files allow a server to control User agent caching used by web browsers to reduce bandwidth usage, server load, and perceived lag.





When .htaccess files should be used

For servers with multiple users, as is common in shared web hosting plans, it is often desirable to allow individual users the ability to alter their site configuration. In general, .htaccess files should be used by users who do not have access to the main server configuration files.






When .htaccess files should not be used

To control Apache, using the main server configuration file httpd.conf[2] is preferred for security and performance reasons.[3]

1. Performance loss - for each HTTP request there are additional file-system accesses for every parent directory when using .htaccess
2. Security - allowing individual users to modify the configuration of a server can cause security concerns if not set up properly.