18.1.24 Avoid mod_access if you canThis is NOT the latest copy of this book; click here for the latest version.
Apache has a special module, known as mod_access, that allows you to place files called .htaccess in directories and have them specify authentication information required for that directory. While this is a nice and easy way to solve the issue of stopping unauthorised users access places they shouldn't, it's not very fast.
Mod_access works by looking for a .htaccess file in the directory requested by the user. If it finds it, it loads it and uses it. If not, it goes to the parent directory and looks there. If there's nothing there, it goes to the parent directory of the parent directory, then to the parent of the parent of the parent, etc, until it can go no further. If you don't actually use .htaccess files, all this checking is pointless - and it needs to be done every time a page is requested on your server.
The best way to get around this problem is just to disable mod_access outright, but if you simply have to have it then the only thing I can recommend is that you don't have too many subdirectories - if you have a maximum of two subdirectories, there are only two checks per request, but if you have six subdirectories (such as /html/newsite/images/gnome/highquality/zipped) then the workload is tripled!
|
Want to see this stuff in print? PHP in a Nutshell takes the core topics covered here, adds in thousands of edits from the editorial team and myself, and combines them to make an unbeatable reference for PHP programmers at all levels.
My latest book has hundreds more tips on how to use PHP, Apache, and MySQL, plus Perl, Python, shell scripts, performance tuning, and more!
|
