[Pmwiki-users] more thoughts on .htaccess
Fri Dec 10 06:48:04 CST 2004
Neil Herber wrote:
> At 2004-12-07 09:12 PM +0100, Joachim Durchholz is rumored to have said:
>> Neil Herber wrote:
>>> I suggest that .htaccess be removed from the default install and that
>>> the page PmWiki/Security have an entry added that describes how to
>>> install and activate it on Apache or other servers that use
>>> .htaccess. (I think both Sambar and Xitami use .htaccess). I am more
>>> than willing to contribute such a page, but I would want someone like
>>> Jo Durchholz to check the Apache descriptions.
>> Can do, willing to do :-)
> I created a page here:
> which does *not* suggest removing .htaccess, but notes that with a
> default Apache 2 install, it won't work. It also offers suggestions of
> how to rectify the situation. Your corrections or comments are most
AllowOverride tells what kinds of directives in a .htaccess file will be
honored. I.e. "AllowOverride AuthConfig" will allow authentication
directives in .htaccess files and nothing else.
.htaccess files are read whenever anything in it may be relevant. I.e.
anything but "AllowOverride None" will make Apache read the .htaccess file.
Note that while I'm glad to offer any help that I can, I'm sceptical
that the entire issue is worth an entry in the cookbook or even
discussing it in this list. Easy-to-do optimizations like this one tend
to pop up over and over, and because it's so so simple, almost nobody
does a realistic effort-to-effect assessment (both for the implementers
and for the documenters).
Points in particular:
It's another tweak that needs to be documented fully or not at all - and
documenting it well enough that it's usable and so that installers get a
full idea of what they're doing requires some work.
It does give a speedup, and it reduces I/O load on the server, since
those .htaccess accesses require two additional disk hits (one for the
directory, one for the file itself).
It's a rather dubious change though - if the directory is accessed
repeatedly, it's quite likely that disk caching will still have the
directory and file data in RAM, so the effect is even smaller. On the
other hand, if the directories contain hundreds of files, scanning the
directory for a given file may require reading two, three, or a dozen
directory blocks - except if you're using ReiserFS which stores
directories in a tree structure and doesn't need more than two or three
disk accesses to find a file.
Disk caching aside, there's the question of how much time a disk access
actually incurs. Today's hard disks have a latency of some 15 ms...
which is an order of magnitude less than typical networking latencies in
the order of 100-300 ms.
It reduces administrative flexibility. I can't easily do a multi-domain
web server on my machine, as I constantly have to reconfigure httpd.conf
to adapt to the various web sites' needs. With .htaccess, I can make the
subsite adminstrators responsible for their own stuff without having to
bother with it.
So I see some minimal gain vs. two small-to-medium downsides - and, in
summary, not worth the effort even though the effort isn't large.
More information about the pmwiki-users