Apache Performance: Disable .htaccess

About 3 years ago I wrote a short blog entry about the very basic Apache configuration mistakes and oversights which developers and server admins of the then $500 million dollar Healthcare.gov website made. Most shocking, were elemental oversights, as if devs were not aware of common best practices. Which brings us to another Apache performance related entry.

A while back, I was searching the web for a performance article to forward to a VPS hosted client. One which discussed how WordPress Cache plugins which use Apache Mod_rewrite with .htaccess are almost always slower than plugins such as Hyper Cache which don’t use mod_rewrite at all. (Also see: Top 5 Recommended WordPress Cache Plugins) Surprisingly, that search took almost 30 mins, until finally I came across this detailed article. Their vs tests resulted in Hyper Cache as the winner over the immensely popular Wp Super Cache. Martin, also from Foliovision.com, raised a great point in the comments section of that post, when he said: “I wonder if WP Super Cache in the PHP mode is just as efficient”? That scenario brings us to the very point of this blog post…

Why you SHOULD disable .htaccess when possible

Disable htaccess

Well for two reasons really, performance and security. For the scope of this article we will focus on the unnecessary performance overhead of using .htaccess. Now this is not something new or some hidden tweak but it’s officially documented as the recommended best practice.

Here’s an excerpt from Apache docs:

In general, you should only use .htaccess files when you don’t have access to the main server configuration file. There is, for example, a common misconception that user authentication should always be done in .htaccess files, and, in more recent years, another misconception that mod_rewrite directives must go in .htaccess files. This is simply not the case. You can put user authentication configurations in the main server configuration, and this is, in fact, the preferred way to do things. Likewise, mod_rewrite directives work better, in many respects, in the main server configuration.

.htaccess files should be used in a case where the content providers need to make configuration changes to the server on a per-directory basis, but do not have root access on the server system. In the event that the server administrator is not willing to make frequent configuration changes, it might be desirable to permit individual users to make these changes in .htaccess files for themselves. This is particularly true, for example, in cases where ISPs are hosting multiple user sites on a single machine, and want their users to be able to alter their configuration.

However, in general, use of .htaccess files should be avoided when possible. Any configuration that you would consider putting in a .htaccess file, can just as effectively be made in a  section in your main server configuration file.

There are two main reasons to avoid the use of .htaccess files.

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, httpd will look in every directory for .htaccess files. Thus, permitting .htaccessfiles causes a performance hit, whether or not you actually even use them! Also, the .htaccess file is loaded every time a document is requested.

Further note that httpd must look for .htaccess files in all higher-level directories, in order to have a full complement of directives that it must apply. (See section on how directives are applied.) Thus, if a file is requested out of a directory /www/htdocs/example, httpd must look for the following files:

/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess

And so, for each file access out of that directory, there are 4 additional file-system accesses, even if none of those files are present. (Note that this would only be the case if.htaccess files were enabled for /, which is not usually the case.)

In the case of RewriteRule directives, in .htaccess context these regular expressions must be re-compiled with every request to the directory, whereas in main server configuration context they are compiled once and cached. Additionally, the rules themselves are more complicated, as one must work around the restrictions that come with per-directory context and mod_rewrite.

The takeaway from Apache Docs

Well its clear to see that the .htaccess feature is just another example of just how flexible Apache server is. Unfortunately its being used when it should be avoided in preference of using Apache’s main server config. You should only use .htaccess if you are on a shared hosting plan, don’t have root access to the web server or if you lack experience with modifying Apache’s config files. Using .htaccess files causes a performance hit, no matter the contents of your .htaccess file. In fact, it slows down Apache even if your .htaccess is empty and is reloaded on every request! Thus, the contents of .htaccess should be imported into your Apache server config file where it is compiled once. After which, you should disable use of .htaccess completely.

Related:  How to direct-install Debian SID rolling release using mini.iso (w/ screenshots)

Disabling .htaccess and using mod_rewrite within Apache config

The use of .htaccess files can be disabled completely by setting the AllowOverride directive to none:

AllowOverride None

Here’s an example of Apache config:

 
ServerName haydenjames.io
ServerAlias haydenjames.io www.haydenjames.io
DocumentRoot /var/www/root/

Options -Indexes FollowSymLinks

#disable htaccess starting at web root 
 
AllowOverride none 


#Import contents of wordpress .htaccess
 
# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress
 

If you are using WP Super Cache with mod_rewrite or even W3 Total Cache (compare top WP cache plugins here) you can also cut and paste the entire .htaccess contents into Apache’s config just like the above example for performance gains. As mentioned above, remember to disable .htaccess completely or Apache will still search for it on every request. Interested in increasing Apache’s performance further? Read on… Strip Down Apache to Improve Performance & Memory Efficiency.

Tags: , , ,

162 Shares
Tweet65
Share15
+117
Reddit65