Avoid mod_access if you can

Apache has a special module, known as mod_access, that allows you to place files called .htaccess in directories and have them specify authentication information required for that directory. While this is a nice and easy way to solve the issue of stopping unauthorised users access places they shouldn't, it's not very fast.

Mod_access works by looking for a .htaccess file in the directory requested by the user. If it finds it, it loads it and uses it. If not, it goes to the parent directory and looks there. If there's nothing there, it goes to the parent directory of the parent directory, then to the parent of the parent of the parent, etc, until it can go no further. If you don't actually use .htaccess files, all this checking is pointless - and it needs to be done every time a page is requested on your server.

The best way to get around this problem is just to disable mod_access outright, but if you simply have to have it then the only thing I can recommend is that you don't have too many subdirectories - if you have a maximum of two subdirectories, there are only two checks per request, but if you have six subdirectories (such as /html/newsite/images/gnome/highquality/zipped) then the workload is tripled!


Want to learn PHP 7?

Hacking with PHP has been fully updated for PHP 7, and is now available as a downloadable PDF. Get over 1200 pages of hands-on PHP learning today!

If this was helpful, please take a moment to tell others about Hacking with PHP by tweeting about it!

Next chapter: Make sure you optimize Apache >>

Previous chapter: Ignore the myths

Jump to:


Home: Table of Contents

Copyright ©2015 Paul Hudson. Follow me: @twostraws.