No subject

Thu Jun 16 07:37:48 EDT 2016

is Location. In particular, .htaccess should only be used in certain
instances per the Apache 2 docs:

When (not) to use .htaccess files

In general, you should never use .htaccess files unless you don't have
access to the main server configuration file. There is, for example, a
prevailing misconception that user authentication should always be done
in .htaccess files. This is simply not the case. You can put user
authentication configurations in the main server configuration, and
this is, in fact, the preferred way to do things.

.htaccess files should be used in a case where the content providers
need to make configuration changes to the server on a per-directory
basis, but do not have root access on the server system. In the event
that the server administrator is not willing to make frequent
configuration changes, it might be desirable to permit individual users
to make these changes in .htaccess files for themselves. This is
particularly true, for example, in cases where ISPs are hosting
multiple user sites on a single machine, and want their users to be
able to alter their configuration.

However, in general, use of .htaccess files should be avoided when
possible. Any configuration that you would consider putting in a
.htaccess file, can just as effectively be made in a <Directory>
section in your main server configuration file.

There are two main reasons to avoid the use of .htaccess files.

The first of these is performance. When AllowOverride is set to allow
the use of .htaccess files, Apache will look in every directory for
.htaccess files. Thus, permitting .htaccess files causes a performance
hit, whether or not you actually even use them! Also, the .htaccess
file is loaded every time a document is requested.

And extracting some of the advice for Location:

When to use <Location>

Use <Location> to apply directives to content that lives outside the
filesystem. For content that lives in the filesystem, use <Directory>
and <Files>. An exception is <Location />, which is an easy way to
apply a configuration to the entire server.


The <Location> functionality is especially useful when combined with
the SetHandler directive. For example, to enable status requests, but
allow them only from browsers at, you might use:

  <Location /status>

    SetHandler server-status
    Order Deny,Allow
    Deny from all
    Allow from


I think the starting point in fixing the mod_python docs is to nail
down the tags that should be used. In particular, I don't understand
why the docs suggest using .htaccess tags -- that seems to a choice
that should be used in only very specialized cases. 

Roger Haase

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Moin-user mailing list