

The Definitive Guide to htaccess Techniques: Do’s and Don’ts  - edw519
http://www.noupe.com/php/htaccess-techniques.html

======
olefoo
The very title of this blog post tells me that it is bad advice.

What you should do is disable .htaccess and put all configuration in the
VirtualHost configuration file.

Why?

Because when you have AllowOverride ON the webserver has to look for the
.htaccess file and parse it if it exists for each and every request.

So if you lard up your .htaccess with 300 lines of rewrite rules and document
handlers and so on, that has to be parsed for every page the server hands out.
Which is one of the reasons some ignorant people think apache is slow.

~~~
Hexstream
I'm guessing having configuration centralized is also easier to manage and a
bit more secure.

As for performance, doesn't/couldn't Apache parse and cache a .htaccess file
just once, and then only check the timestamp on subsequent requests?

~~~
olefoo
It still has to stat the file every time. And it's worse than you think. A
path with four elements like <http://example.com/one/two/three/four/thing.php>
requires that 5 directories be checked for an .htaccess file. Which means
apache has to keep track of if there was .htaccess file in that directory the
last time it looked for 5 directories, and for each of those whether the
timestamp or the size has changed. I'd have to look at the code to see if it
caches information about override files but I don't think it does.

------
profquail
Some great tips, possibly with the exception of #9 ("Restrict file upload
limits for PHP"). I think you'd be better off putting those settings in your
php.ini file, just to promote separation of concerns.

