Webmaster tips » Apache

Jul 28, 2006
Nathan C. Dickerson

Apache htaccess for PHP web application deployment

Average rating:
  • 4 out of 5 Stars
Rate this article

1. Introduction

The following is a brief introduction to Apache's htaccess file for web application deployment, distribution, or implementation on shared hosting environments.

The Apache htaccess file is not new; however it seems to only be used by more advanced Apache users and web application developers. This article aims to to point one on the right path to learn about htaccess and Apache directives by outlining how I have used and have seen Apache's htaccess file used in the real world.

It is assumed the reader is familiar with Apache and has a basic understanding of Apache configuration. The latter part of the article assumes a basic familiarity with PHP configuration directives.

2. What is an Apache htaccess file?

The Apache webserver is powerful. There are many ways to configure Apache depending on your goals.

An htaccess file allows one to make Apache configuration changes on a per directory basis.

You can develop your site with custom configuration options and deploy it without problems on another similarly configured Apache server without the need to have direct access to the Apache configuration file (httpd.conf).

To create a htaccess file, simply create a file called ".htaccess“ in directory accessible through Apache and thats it! And note, in unix like operating systems, files that begin with ”." are hidden.

You can now enter directives directly into the file.

3. When should I use htaccess for deployment?

If you are deploying a web application on a dedicated server, htaccess may not be the best solution. You should customize your Apache configuration file for your specific application and centralize its configuration. making these easier to maintain, However; if you are writing applications for distribution, such as open source web applications, or are working on a shared hosting, or multiple application deployment environment, htaccess may be the best solution for you.

With Apache's htaccess file, you do not have to worry as much about your application breaking while moving to deployment environments. An example many PHP programmers may be familiar with are the PHP magic_quotes directives. These directives are what is responsible for slashes that magically seem to appear, or disappear. A knowledge of magic quotes, or lack of them, is very important as the lack of adding escape characters it is a security risk leading to many SQL injection attacks, the most common security hole is database applications. I will provide some links to SQL injection attack descriptions at the end of this article.

Other things that may be done with htaccess files are as follows:

  • Username/Password protection of site directories.
  • Disallowing the display of directory contents without an index page.
  • Modifying the file types that are allowed to be accessed through the web.
  • Setting configuration options for web scripting languages such as PHP (overwriting php.ini)
  • Specifying new file types and file type handling.
  • Adding new content types
  • Blocking specific address from accessing your server.

Many, many more useful things can be done with htaccess. It is recommended you take a browse through the Apache configuration directives, referenced below.

To use htaccess files, the server first must allow support for them.

The most common problem why htaccess files do not work is because the AllowOverride directive has not been set for document path directory. This option is only set in the the Apache configuration file (httpd.conf). If your htaccess file doesn't seem to work, contact your local administrator and ask her to setup htaccess permissions for your application directory or, if you are the local system administrator, set it up by doing the setting the following: <Directory “/path/to/my/document/root”>

AllowOverride All

</Directory> Note: The AllowOverride directive has many options besides All. AllowOverride All just gives you full access to override all directives for the directory specified. If you are a system administrator, this behavior might not be what you desire. If that's the case I have provided a link to the Apache manual at the bottom of this article where you can find more information about the AllowOverride directive.

4. How can I override my PHP ini settings with htaccess?

After reading the above, you should have a better understanding of overwriting Apache configuration directives using htaccess.

Some PHP configuration options may be overwritten in the htaccess file, although not all of them.

You may find a link to the PHP configuration options at the end of this article. It also provides information on what options you can and can not modify.

You may override PHP ini settings in the htaccess files with the following directives:

note: to clear a value, set the value to "none". php_value [configuration_option_name] [value]

(only valid with PHP_INI_ALL and PHP_INI_PERDIR directives)

php_flag [configuration_option_name] [on|off]

(only valid with PHP_INI_ALL and PHP_INI_PERDIR directives) Directives which can not be modified through the htaccess file may be modified through the Apache configuration file (httpd.conf) with the following php admin directives: php_admin_value [configuration_option_name] [value]

php_admin_flag [configuration_option_name] [on|off] Here are some real world examples:

Disabling magic quotes (manual handling of escape characters): php_flag magic_quotes_runtime off

php_flag magic_quotes_sybase off

php_flag magic_quotes_gpc off Modifying the maximum file upload size: php_value upload_max_filesize "16M" Turning off error reporting: php_flag display_errors off

5. Conclusion

Well, you should now have a better understanding of using htaccess files for application deployment. Thanks for reading and if you have any questions or comments, feel free to contact me at

Print! Print this article   Bookmark:

About The Author
Nathan C. Dickerson is a new media enthusiast with an interest in web applications, collective intelligence, and multimedia. His latest web application is fluctu8.com, a podcast/rsscast/atomcast aggregator.
Rate This Article
How would you rate the quality of this content? Currently rated: 4 out of 5 stars. 9 people have rated this article.
Use your mouse pointer to select as many stars as you want, and press the left mouse button to vote.
  • 4 out of 5 Stars
  • 1
  • 2
  • 3
  • 4
  • 5
Other Apache Articles
Rating: 5 stars
Mod_Rewrite For Newbies by Bobby Handzhiev (Jan 24, 2007)
This article is not a complete guide to Apache's mod_rewrite neither to .htaccess. Its purpose is to help you - the webmaster - to create "mod_rewritten" versions of your dynamic webpages even if you have limited technical knowledge...
Rating: 3.4 stars
Are You Ready for High Volume Traffic? by Nick Krotov (Jan 24, 2007)
Many webmasters wish they got a lot of traffic to their site. A day may come and their website may be very popular in just one day. This could be a reason that unique article is published on their site, or just a simple change in search position results in major search engines...
Rating: 4.2 stars
6 Tips To Secure Your Website by David Risley (Jul 2, 2006)
Most people on the internet are good, honest people. However, there are some people browsing the internet who derive fun from poking around websites and finding security holes. A few simple tips can help you secure your website in the basic ways...
Rating: 4.5 stars
301 Redirect - The SEO way to rename or move files or folders by Andrei Smith (Jan 18, 2006)
In this article I will discuss page redirection techniques, what works and what to avoid. What is page redirection and why would you want to use it? Let's say you rename a page on your website, for whatever reason...
Rating: 5 stars
Creating Custom Error Pages with .htaccess by Eric Reif (Jan 13, 2006)
Have you ever noticed that some people have really nice error pages when a page doesn't exist on their site? Wouldn't it be nice if you could make your error page match the rest of your site? Don't fret; you can do it! All you'll need to do is use a handly little file called ...