Htaccess Files: The Silent (Performance) Killer

Published on April 3, 2013 by Filip Van Tittelboom

Htaccess files are convenient. They let you change settings without restarting Apache. It gives non-root users the ability to configure certain server settings. You don’t have to bother your friendly system administrator for a small tune. Best of all: changes are effective immediately.

A lot of mainstream CMS and frameworks come with pre-packaged htaccess files and they assume AllowOverride All. Boosting memory, redirecting and making sure harmful options are disabled.

There are drawbacks. For starters, you never change an untested setting in a production environment, right? Right. The ease of htaccess files can be tempting though. I’ve seen a lot of production sites go down thanks to a last minute untested change in a htaccess file. A quick vi-edit and bam: a 500 error or some endless redirect loop. It’s not the end of the world and perhaps, in this case, it doesn’t outway the advantages.

The major drawback, however, is performance. The reason why htaccess files have an immediate effect is because Apache checks every directory in the webroot for the existence of those files. If found, Apache reads and parses them on the fly. Oh and by the way: this happens for every request. Even if you don’t have htaccess files, Apache will still check every directory.

I’ve seen htaccess files as big as 12 KB. You can imagine the overhead on sites with a lot of requests. So avoid using htaccess files. AllowOverride None disables htaccess all together. By placing the settings in a ‘Directory’ block of your vhost, the configuration will be loaded once by Apache resulting in less of a performance hit.

Comments on this article

Top of page


Cloud services & management for: