Apache htaccess for PHP web application deployment

By / /
  • 3.7 out of 5 Stars
Published in: Apache PHP
Web Server

1. Introduction

The following is a brief introduction to Apache's htaccess file for web application deployment, distribution, or implementation on shared hosting environments.

The Apache htaccess file is not new; however it seems to only be used by more advanced Apache users and web application developers. This article aims to to point one on the right path to learn about htaccess and Apache directives by outlining how I have used and have seen Apache's htaccess file used in the real world.

It is assumed the reader is familiar with Apache and has a basic understanding of Apache configuration. The latter part of the article assumes a basic familiarity with PHP configuration directives.

2. What is an Apache htaccess file?

The Apache webserver is powerful. There are many ways to configure Apache depending on your goals.

An htaccess file allows one to make Apache configuration changes on a per directory basis.

You can develop your site with custom configuration options and deploy it without problems on another similarly configured Apache server without the need to have direct access to the Apache configuration file (httpd.conf).

To create a htaccess file, simply create a file called ".htaccess" in directory accessible through Apache and thats it! And note, in unix like operating systems, files that begin with "." are hidden.

You can now enter directives directly into the file.

3. When should I use htaccess for deployment?

If you are deploying a web application on a dedicated server, htaccess may not be the best solution. You should customize your Apache configuration file for your specific application and centralize its configuration. making these easier to maintain, However; if you are writing applications for distribution, such as open source web applications, or are working on a shared hosting, or multiple application deployment environment, htaccess may be the best solution for you.

With Apache's htaccess file, you do not have to worry as much about your application breaking while moving to deployment environments. An example many PHP programmers may be familiar with are the PHP magic_quotes directives. These directives are what is responsible for slashes that magically seem to appear, or disappear. A knowledge of magic quotes, or lack of them, is very important as the lack of adding escape characters it is a security risk leading to many SQL injection attacks, the most common security hole is database applications. I will provide some links to SQL injection attack descriptions at the end of this article.

Other things that may be done with htaccess files are as follows:

  • Username/Password protection of site directories.
  • Disallowing the display of directory contents without an index page.
  • Modifying the file types that are allowed to be accessed through the web.
  • Setting configuration options for web scripting languages such as PHP (overwriting php.ini)
  • Specifying new file types and file type handling.
  • Adding new content types
  • Blocking specific address from accessing your server.
Online Press Release Service.

Many, many more useful things can be done with htaccess. It is recommended you take a browse through the Apache configuration directives, referenced below.

To use htaccess files, the server first must allow support for them.

The most common problem why htaccess files do not work is because the AllowOverride directive has not been set for document path directory. This option is only set in the the Apache configuration file (httpd.conf). If your htaccess file doesn't seem to work, contact your local administrator and ask her to setup htaccess permissions for your application directory or, if you are the local system administrator, set it up by doing the setting the following:

<Directory "/path/to/my/document/root">
AllowOverride All
</Directory>

Note: The AllowOverride directive has many options besides All. AllowOverride All just gives you full access to override all directives for the directory specified. If you are a system administrator, this behavior might not be what you desire. If that's the case I have provided a link to the Apache manual at the bottom of this article where you can find more information about the AllowOverride directive.

4. How can I override my PHP ini settings with htaccess?

After reading the above, you should have a better understanding of overwriting Apache configuration directives using htaccess.

Some PHP configuration options may be overwritten in the htaccess file, although not all of them.

You may find a link to the PHP configuration options at the end of this article. It also provides information on what options you can and can not modify.

You may override PHP ini settings in the htaccess files with the following directives:

note: to clear a value, set the value to "none".

php_value [configuration_option_name] [value]
(only valid with PHP_INI_ALL and PHP_INI_PERDIR directives)

php_flag [configuration_option_name] [on|off]
(only valid with PHP_INI_ALL and PHP_INI_PERDIR directives)

Directives which can not be modified through the htaccess file may be modified through the Apache configuration file (httpd.conf) with the following php admin directives:

php_admin_value [configuration_option_name] [value]

php_admin_flag [configuration_option_name] [on|off]

Here are some real world examples:
Disabling magic quotes (manual handling of escape characters):

php_flag magic_quotes_runtime off
php_flag magic_quotes_sybase off
php_flag magic_quotes_gpc off

Modifying the maximum file upload size:

php_value upload_max_filesize "16M"

Turning off error reporting:

php_flag display_errors off

5. Resources:

List of PHP configuration options:
http://www.php.net/manual/en/ini.php

Apache Manuals:
Apache 2.2 manual - http://httpd.apache.org/docs/2.2/
Apache 2.0 manual - http://httpd.apache.org/docs/2.0/
Apache 1.3 manual - http://httpd.apache.org/docs/1.3/

SQL Injection Information:
http://en.wikipedia.org/wiki/SQL_injection

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 2.5 License.

SEMrush

Rate This Article

How would you rate the quality of this content?
Currently rated: 3.7 out of 5 stars. 10 users have rated this article. Select your rating:
  • 3.7 out of 5 Stars
  • 1
  • 2
  • 3
  • 4
  • 5

About The Author

Nathan C. Dickerson is a new media enthusiast with an interest in web applications, collective intelligence, and multimedia. His latest web application is fluctu8.com, a podcast/rsscast/atomcast aggregator.

Related Articles

Web Server

How to Use Mod_rewrite For URL Rewriting in Apache

URL Rewriting is the process of manipulating an URL or a link, which is send to a web server in such a way that the link is dynamically modified at the server to include additional parameters and information along with a server initiated redirection. ..
Restricted Area

How to Restrict Access to a Directory Using Password Authentication

This article explains how to restrict access to directories with Basic HTTP Authentication. Basic HTTP Authentication (or Basic Access Authentication) is a simple security mechanism to restrict access to websites or some parts of them by requiring an username and password, which is managed by a visitor's web browser when making a request. ..
Web Server

Are You Ready for High Volume Traffic?

Many webmasters wish they got a lot of traffic to their site. A day may come and their website may be very popular in just one day. This could be a reason that unique article is published on their site, or just a simple change in search position results in major search engines. ..
Web Server

Mod_Rewrite For Newbies

This article is not a complete guide to Apache's mod_rewrite neither to .htaccess. Its purpose is to help you - the webmaster - to create "mod_rewritten" versions of your dynamic webpages even if you have limited technical knowledge. ..
Web Server

6 Tips To Secure Your Website

Most people on the internet are good, honest people. However, there are some people browsing the internet who derive fun from poking around websites and finding security holes. A few simple tips can help you secure your website in the basic ways. ..